From 958b5a097c6312400ebddb494aadfc871c847f8d Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Fri, 23 Nov 2007 14:44:50 -0600 Subject: [PATCH] new C4::Auth::get_session for single place to get CGI::Session object Refactoring to provide single place to get CGI::Session ojbject; fixes bug for DB storage method other than 'mysql'. This refactoring is also part of the patch series for handling large input files for staging and processing MARC records. Signed-off-by: Joshua Ferraro --- C4/Auth.pm | 84 ++++++++++++++++------------------- circ/circulation.pl | 6 +-- opac/opac-logout.pl | 12 +---- tools/upload-file-progress.pl | 5 +-- tools/upload-file.pl | 5 +-- 5 files changed, 47 insertions(+), 65 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index cd775c4f7a..f35dbb87e2 100755 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -89,6 +89,7 @@ C4::Auth - Authenticates Koha users ); @EXPORT_OK = qw( &check_api_auth + &get_session ); =item get_template_and_user @@ -412,18 +413,7 @@ sub checkauth { $loggedin = 1; } elsif ( $sessionID = $query->cookie("CGISESSID")) { - my $storage_method = C4::Context->preference('SessionStorage'); - my $session; - if ($storage_method eq 'mysql'){ - $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); - } - elsif ($storage_method eq 'Pg') { - $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh}); - } - else { - # catch all defaults to tmp should work on all systems - $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); - } + my $session = get_session($sessionID); C4::Context->_new_userenv($sessionID); if ($session){ C4::Context::set_userenv( @@ -504,18 +494,7 @@ sub checkauth { } } unless ($userid) { - my $storage_method = C4::Context->preference('SessionStorage'); - my $session; - if ($storage_method eq 'mysql'){ - $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); - } - elsif ($storage_method eq 'Pg') { - $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh}); - } - else { - # catch all defaults to tmp should work on all systems - $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); - } + my $session = get_session(""); my $sessionID; if ($session) { @@ -828,18 +807,7 @@ sub check_api_auth { $sessionID = $query->cookie("CGISESSID"); } if ($sessionID) { - my $storage_method = C4::Context->preference('SessionStorage'); - my $session; - if ($storage_method eq 'mysql'){ - $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); - } - elsif ($storage_method eq 'Pg') { - $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh}); - } - else { - # catch all defaults to tmp should work on all systems - $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); - } + my $session = get_session($sessionID); C4::Context->_new_userenv($sessionID); if ($session) { C4::Context::set_userenv( @@ -894,16 +862,7 @@ sub check_api_auth { } my ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password ); if ($return and haspermission( $dbh, $userid, $flagsrequired)) { - my $storage_method = C4::Context->preference('SessionStorage'); - my $session; - if ($storage_method eq 'mysql'){ - $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); - } elsif ($storage_method eq 'Pg') { - $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh}); - } else { - # catch all defaults to tmp should work on all systems - $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); - } + my $session = get_session(""); return ("failed", undef, undef) unless $session; my $sessionID = $session->id; @@ -1004,6 +963,39 @@ sub check_api_auth { } } +=item get_session + + use CGI::Session; + my $session = get_session($sessionID); + +Given a session ID, retrieve the CGI::Session object used to store +the session's state. The session object can be used to store +data that needs to be accessed by different scripts during a +user's session. + +If the C<$sessionID> parameter is an empty string, a new session +will be created. + +=cut + +sub get_session { + my $sessionID = shift; + my $storage_method = C4::Context->preference('SessionStorage'); + my $dbh = C4::Context->dbh; + my $session; + if ($storage_method eq 'mysql'){ + $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); + } + elsif ($storage_method eq 'Pg') { + $session = new CGI::Session("driver:PostgreSQL", $sessionID, {Handle=>$dbh}); + } + else { + # catch all defaults to tmp should work on all systems + $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); + } + return $session; +} + sub checkpw { my ( $dbh, $userid, $password ) = @_; diff --git a/circ/circulation.pl b/circ/circulation.pl index db987ae4ac..fd66189307 100755 --- a/circ/circulation.pl +++ b/circ/circulation.pl @@ -26,7 +26,7 @@ use strict; use CGI; use C4::Output; use C4::Print; -use C4::Auth; +use C4::Auth qw/:DEFAULT get_session/; use C4::Date; use C4::Branch; # GetBranches use C4::Koha; # GetPrinter @@ -59,7 +59,7 @@ if ($branch){ # update our session so the userenv is updated my $dbh=C4::Context->dbh; my $sessionID = $query->cookie("CGISESSID") ; - my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); + my $session = get_session($sessionID); $session->param('branch',$branch); my $branchname = GetBranchName($branch); $session->param('branchname',$branchname); @@ -70,7 +70,7 @@ if ($printer){ # update our session so the userenv is updated my $dbh=C4::Context->dbh; my $sessionID = $query->cookie("CGISESSID") ; - my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); + my $session = get_session($sessionID); $session->param('branchprinter',$printer); } diff --git a/opac/opac-logout.pl b/opac/opac-logout.pl index 5e7d8b5f3e..a64af0b88c 100755 --- a/opac/opac-logout.pl +++ b/opac/opac-logout.pl @@ -17,6 +17,7 @@ use CGI; use C4::Context; +use C4::Auth qw/:DEFAULT get_session/; use C4::Output; use HTML::Template; use CGI::Session; @@ -60,17 +61,8 @@ foreach (keys %$sessions) { } my $dbh = C4::Context->dbh; - # Check that this is the ip that created the session before deleting it - - if ($storage_method eq 'mysql'){ - $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); - } - else { - # catch all defaults to tmp should work on all systems - $session = new CGI::Session("driver:File", $sessionID, {Directory=>'/tmp'}); - } - +my $session = get_session($sessionID); $session->flush; $session->delete; my $sth=$dbh->prepare("delete from sessions where sessionID=?"); diff --git a/tools/upload-file-progress.pl b/tools/upload-file-progress.pl index dd2479b707..74ddc2bfa5 100755 --- a/tools/upload-file-progress.pl +++ b/tools/upload-file-progress.pl @@ -24,6 +24,7 @@ use IO::File; use CGI; use CGI::Session; use C4::Context; +use C4::Auth qw/get_session/; use CGI::Cookie; # need to check cookies before # having CGI parse the POST request use Digest::MD5; @@ -31,9 +32,7 @@ use Digest::MD5; my %cookies = fetch CGI::Cookie; my $sessionID = $cookies{'CGISESSID'}->value; -my $dbh = C4::Context->dbh; -# FIXME get correct session -- not just mysql -my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); +my $session = get_session($sessionID); # FIXME - add authentication based on cookie diff --git a/tools/upload-file.pl b/tools/upload-file.pl index 21340d12a4..4b581146a2 100755 --- a/tools/upload-file.pl +++ b/tools/upload-file.pl @@ -24,6 +24,7 @@ use IO::File; use CGI; use CGI::Session; use C4::Context; +use C4::Auth qw/get_session/; use CGI::Cookie; # need to check cookies before # having CGI parse the POST request use Digest::MD5; @@ -31,9 +32,7 @@ use Digest::MD5; my %cookies = fetch CGI::Cookie; my $sessionID = $cookies{'CGISESSID'}->value; -my $dbh = C4::Context->dbh; -# FIXME get correct session -- not just mysql -my $session = new CGI::Session("driver:MySQL", $sessionID, {Handle=>$dbh}); +my $session = get_session($sessionID); # upload-file.pl must authenticate the user # before processing the POST request, -- 2.39.5