From d475dae77313e8f0ee11146ce824d019351cbc5f Mon Sep 17 00:00:00 2001 From: Jesse Weaver Date: Fri, 8 Jul 2016 16:01:19 -0600 Subject: [PATCH] Bug 16818: External auth redirect broken under Plack Test plan: 0) Have either CAS or Shibboleth authentication enabled under Plack. 1) Hover over the authentication link on the staff client or OPAC, and notice that it has either '.../opac/...' or '.../intranet/...' instead of '.../cgi-bin/koha/...'. (This will be a complete dealbreaker for CAS authentication.) 2) Apply patch. 3) Check links again; they should now have the correct paths. Signed-off-by: Matthias Meusburger Signed-off-by: Jonathan Druart Did not test CAS or Shibboleth, but no regression found. Signed-off-by: Brendan Gallagher --- C4/Auth.pm | 24 +++--------------------- C4/Auth_with_cas.pm | 3 ++- C4/Auth_with_shibboleth.pm | 3 ++- Koha/AuthUtils.pm | 22 +++++++++++++++++++++- 4 files changed, 28 insertions(+), 24 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 985bd393f3..582eefc621 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -32,7 +32,7 @@ use C4::Languages; use C4::Branch; # GetBranches use C4::Search::History; use Koha; -use Koha::AuthUtils qw(hash_password); +use Koha::AuthUtils qw(get_script_name hash_password); use Koha::LibraryCategories; use Koha::Libraries; use POSIX qw/strftime/; @@ -194,7 +194,7 @@ sub get_template_and_user { $template->param( loginprompt => 1, - script_name => _get_script_name(), + script_name => get_script_name(), ); print $in->{query}->header( { type => 'text/html', @@ -1211,7 +1211,7 @@ sub checkauth { opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"), login => 1, INPUTS => \@inputs, - script_name => _get_script_name(), + script_name => get_script_name(), casAuthentication => C4::Context->preference("casAuthentication"), shibbolethAuthentication => $shib, SessionRestrictionByIP => C4::Context->preference("SessionRestrictionByIP"), @@ -2050,24 +2050,6 @@ sub getborrowernumber { return 0; } -=head2 _get_script_name - -This returns the correct script name, for use in redirecting back to the correct page after showing -the login screen. It depends on details of the package Plack configuration, and should not be used -outside this context. - -=cut - -sub _get_script_name { - # This is the method about.pl uses to detect Plack; now that two places use it, it MUST be - # right. - if ( ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) && $ENV{SCRIPT_NAME} =~ m,^/(intranet|opac)(.*), ) { - return '/cgi-bin/koha' . $2; - } else { - return $ENV{SCRIPT_NAME}; - } -} - END { } # module clean-up code here (global destructor) 1; __END__ diff --git a/C4/Auth_with_cas.pm b/C4/Auth_with_cas.pm index c9174dae50..4dccdd11ab 100644 --- a/C4/Auth_with_cas.pm +++ b/C4/Auth_with_cas.pm @@ -22,6 +22,7 @@ use warnings; use C4::Debug; use C4::Context; +use Koha::AuthUtils qw(get_script_name); use Authen::CAS::Client; use CGI qw ( -utf8 ); use FindBin; @@ -203,7 +204,7 @@ sub _url_with_get_params { my $type = shift; my $uri_base_part = ($type eq 'opac') ? - C4::Context->preference('OPACBaseURL') . $query->script_name(): + C4::Context->preference('OPACBaseURL') . get_script_name() : C4::Context->preference('staffClientBaseURL'); my $uri_params_part = ''; diff --git a/C4/Auth_with_shibboleth.pm b/C4/Auth_with_shibboleth.pm index 7f0db831d5..cde0ede08b 100644 --- a/C4/Auth_with_shibboleth.pm +++ b/C4/Auth_with_shibboleth.pm @@ -21,6 +21,7 @@ use Modern::Perl; use C4::Debug; use C4::Context; +use Koha::AuthUtils qw(get_script_name); use Koha::Database; use Carp; use CGI; @@ -57,7 +58,7 @@ sub logout_shib { sub login_shib_url { my ($query) = @_; - my $param = _get_uri() . $query->script_name(); + my $param = _get_uri() . get_script_name(); if ( $query->query_string() ) { $param = $param . '%3F' . $query->query_string(); } diff --git a/Koha/AuthUtils.pm b/Koha/AuthUtils.pm index 0bec1ba1ea..a8b391d0d5 100644 --- a/Koha/AuthUtils.pm +++ b/Koha/AuthUtils.pm @@ -21,10 +21,11 @@ use Modern::Perl; use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); use Encode qw( encode is_utf8 ); use Fcntl qw/O_RDONLY/; # O_RDONLY is used in generate_salt +use List::MoreUtils qw/ any /; use base 'Exporter'; -our @EXPORT_OK = qw(hash_password); +our @EXPORT_OK = qw(hash_password get_script_name); =head1 NAME @@ -132,6 +133,25 @@ sub generate_salt { close SOURCE; return $string; } + +=head2 get_script_name + +This returns the correct script name, for use in redirecting back to the correct page after showing +the login screen. It depends on details of the package Plack configuration, and should not be used +outside this context. + +=cut + +sub get_script_name { + # This is the method about.pl uses to detect Plack; now that two places use it, it MUST be + # right. + if ( ( any { /(^psgi\.|^plack\.)/i } keys %ENV ) && $ENV{SCRIPT_NAME} =~ m,^/(intranet|opac)(.*), ) { + return '/cgi-bin/koha' . $2; + } else { + return $ENV{SCRIPT_NAME}; + } +} + 1; __END__ -- 2.39.5