From 36a01ea3475b4e0a9967490a2196e71667190ff4 Mon Sep 17 00:00:00 2001 From: Henri-Damien LAURENT Date: Mon, 23 Nov 2009 16:26:35 +0100 Subject: [PATCH] Second CAS version : CAS and non-CAS login can coexist Conflicts solved : C4/Auth.pm opac/opac-main.pl --- C4/Auth.pm | 25 ++++++++----- C4/Auth_with_cas.pm | 35 +++++++++++-------- .../0005-Add_CAS_Configuration.pl | 8 +++++ .../data/mysql/en/mandatory/sysprefs.sql | 3 ++ .../unimarc_standard_systemprefs.sql | 3 ++ .../opac-tmpl/prog/en/modules/opac-auth.tmpl | 15 ++++++++ .../opac-tmpl/prog/en/modules/opac-main.tmpl | 2 ++ opac/opac-main.pl | 8 ++++- 8 files changed, 75 insertions(+), 24 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/0005-Add_CAS_Configuration.pl diff --git a/C4/Auth.pm b/C4/Auth.pm index 93acc83927..c594cc9cb6 100755 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -37,7 +37,7 @@ use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $cas BEGIN { $VERSION = 3.02; # set version for version checking - $debug = $ENV{DEBUG} || 1 ; # Changed + $debug = $ENV{DEBUG}; @ISA = qw(Exporter); @EXPORT = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions); @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &get_all_subpermissions &get_user_subpermissions); @@ -51,7 +51,7 @@ BEGIN { } if ($cas) { require C4::Auth_with_cas; # no import - import C4::Auth_with_cas qw(checkpw_cas login_cas logout_cas); + import C4::Auth_with_cas qw(checkpw_cas login_cas logout_cas login_cas_url); } } @@ -684,16 +684,15 @@ sub checkauth { my $sessionID = $session->id; C4::Context->_new_userenv($sessionID); $cookie = $query->cookie(CGISESSID => $sessionID); - if ($cas && !$query->param('ticket')) { - login_cas($query); - } - if ($cas || ($userid = $query->param('userid')) ) { + $userid = $query->param('userid'); + if ($cas || $userid) { my $password = $query->param('password'); my ($return, $cardnumber); - if ($cas) { + if ($cas && $query->param('ticket')) { my $retuserid; ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query ); $userid = $retuserid; + $info{'invalidCasLogin'} = 1 unless ($return); } else { ( $return, $cardnumber ) = checkpw( $dbh, $userid, $password, $query ); } @@ -892,6 +891,7 @@ sub checkauth { $template->param( login => 1, INPUTS => \@inputs, + casAuthentication => C4::Context->preference("casAuthentication"), suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), LibraryName => C4::Context->preference("LibraryName"), @@ -925,6 +925,13 @@ sub checkauth { ); $template->param( loginprompt => 1 ) unless $info{'nopermission'}; + if ($cas) { + $template->param( + casServerUrl => login_cas_url(), + invalidCasLogin => $info{'invalidCasLogin'} + ); + } + my $self_url = $query->url( -absolute => 1 ); $template->param( url => $self_url, @@ -1067,7 +1074,7 @@ sub check_api_auth { return ("failed", undef, undef); } my ($return, $cardnumber); - if ($cas) { + if ($cas && $query->param('ticket')) { my $retuserid; ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query ); $userid = $retuserid; @@ -1327,7 +1334,7 @@ sub checkpw { ($retval) and return ($retval,$retcard); } - if ($cas) { + if ($cas && $query->param('ticket')) { $debug and print STDERR "## checkpw - checking CAS\n"; # In case of a CAS authentication, we use the ticket instead of the password my $ticket = $query->param('ticket'); diff --git a/C4/Auth_with_cas.pm b/C4/Auth_with_cas.pm index 8298dc7361..d34d63e39f 100644 --- a/C4/Auth_with_cas.pm +++ b/C4/Auth_with_cas.pm @@ -32,21 +32,21 @@ BEGIN { require Exporter; $VERSION = 3.03; # set the version for version checking @ISA = qw(Exporter); - @EXPORT = qw( checkpw_cas login_cas logout_cas ); + @EXPORT = qw(checkpw_cas login_cas logout_cas login_cas_url); } my $context = C4::Context->new() or die 'C4::Context->new failed'; my $casserver = C4::Context->preference('casServerUrl'); +# Logout from CAS sub logout_cas { my ($query) = @_; my $cas = Authen::CAS::Client->new($casserver); - warn $cas->logout_url(); - print $query->redirect($cas->logout_url()); - + print $query->redirect($cas->logout_url(url => %ENV->{'SCRIPT_URI'})); } +# Login to CAS sub login_cas { my ($query) = @_; my $cas = Authen::CAS::Client->new($casserver); @@ -54,45 +54,52 @@ sub login_cas { print $query->redirect($cas->login_url(%ENV->{'SCRIPT_URI'})); } +# Returns CAS login URL with callback to the requesting URL +sub login_cas_url { + my $cas = Authen::CAS::Client->new($casserver); + return $cas->login_url(%ENV->{'SCRIPT_URI'}); +} + +# Checks for password correctness +# In our case : is there a ticket, is it valid and does it match one of our users ? sub checkpw_cas { warn "checkpw_cas"; my ($dbh, $ticket, $query) = @_; my $retnumber; my $cas = Authen::CAS::Client->new($casserver); + # If we got a ticket if ($ticket) { warn "Got ticket : $ticket"; + + # We try to validate it my $val = $cas->service_validate(%ENV->{'SCRIPT_URI'}, $ticket); + + # If it's valid if( $val->is_success() ) { my $userid = $val->user(); warn "User authenticated as: $userid"; + # Does it match one of our users ? my $sth = $dbh->prepare("select cardnumber from borrowers where userid=?"); $sth->execute($userid); if ( $sth->rows ) { $retnumber = $sth->fetchrow; + return (1, $retnumber, $userid); } my $sth = $dbh->prepare("select userid from borrowers where cardnumber=?"); $sth->execute($userid); if ( $sth->rows ) { $retnumber = $sth->fetchrow; + return (1, $retnumber, $userid); } - return (1, $retnumber, $userid); } else { - warn "Invalid session ticket"; + warn "Invalid session ticket : $ticket"; return 0; } - - } else { - warn ("Don't have any ticket, let's go get one from the CAS server!"); - my $url = $cas->login_url(%ENV->{'SCRIPT_URI'}); - print $query->redirect($url); } - - warn "We should not reach this point"; return 0; - #return(1, $retnumber); } 1; diff --git a/installer/data/mysql/atomicupdate/0005-Add_CAS_Configuration.pl b/installer/data/mysql/atomicupdate/0005-Add_CAS_Configuration.pl new file mode 100644 index 0000000000..f12c5e4d00 --- /dev/null +++ b/installer/data/mysql/atomicupdate/0005-Add_CAS_Configuration.pl @@ -0,0 +1,8 @@ +#! /usr/bin/perl +use strict; +use warnings; +use C4::Context; +my $dbh=C4::Context->dbh; + +$dbh->do("INSERT INTO `systempreferences` (`variable`, `value`, `options`, `explanation`, `type`) VALUES ('casAuthentication', '1', '', 'Enable or disable CAS authentication', 'YesNo'), ('casLogout', '1', '', 'Does a logout from Koha should also log out of CAS ?', 'YesNo'), ('casServerUrl', 'https://localhost:8443/cas', '', 'URL of the cas server', 'Free')"); +print "Upgrade done (added CAS authentication system preferences)\n"; diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql index e8b714c4f1..e9df35e21f 100644 --- a/installer/data/mysql/en/mandatory/sysprefs.sql +++ b/installer/data/mysql/en/mandatory/sysprefs.sql @@ -22,6 +22,9 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('BorrowerMandatoryField','zipcode|surname|cardnumber','Choose the mandatory fields for a patron\'s account',NULL,'free'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('borrowerRelationship','father|mother','Define valid relationships between a guarantor & a guarantee (separated by | or ,)','','free'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('BorrowersLog',1,'If ON, log edit/create/delete actions on patron data',NULL,'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('casAuthentication', '0', 'Enable or disable CAS authentication', '', 'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('casLogout', '0', 'Does a logout from Koha should also log the user out of CAS?', '', 'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('casServerUrl', 'https://localhost:8443/cas', 'URL of the cas server', '', 'Free'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CataloguingLog',1,'If ON, log edit/create/delete actions on bibliographic data. WARNING: this feature is very resource consuming.',NULL,'YesNo'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('checkdigit','none','If ON, enable checks on patron cardnumber: none or \"Katipo\" style checks','none|katipo','Choice'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('delimiter',';','Define the default separator character for exporting reports',';|tabulation|,|/|\\|#|\|','Choice'); diff --git a/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql b/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql index ecba80411a..528cea1911 100644 --- a/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql +++ b/installer/data/mysql/fr-FR/1-Obligatoire/unimarc_standard_systemprefs.sql @@ -24,6 +24,9 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('borrowerRelationship', '', 'Liste les relations entre les garants et leurs garantis (separées par | ou ,)', 'Père|Mère|grand-parent|Tuteur légal|Autre\r\n', 'free'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('BorrowersLog', '0', 'Activer ce paramètre pour enregistrer les actions sur les lecteurs', '', 'YesNo'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('BorrowersTitles', '', 'Liste les titres de politesse (séparés par | ou ,)', 'M|Mme|Mlle', 'free'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('casAuthentication', '0', 'Active ou désactive l''authentification par CAS', '', 'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('casLogout', '0', 'Est-ce qu''une déconnexion de Koha doit aussi provoquer la déconnexion de l''utilisateur de CAS ?', '', 'YesNo'); +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('casServerUrl', 'https://localhost:8443/cas', 'L''URL du serveur CAS', '', 'Free'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('CataloguingLog', '0', 'Activer ce paramètre pour enregistrer les actions sur le catalogage', '', 'YesNo'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('checkdigit','none','Active la vérification des cartes adhérents sur aucun ou selon la méthode \"Katipo\"','none|katipo','Choice'); INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('dateformat', 'us', 'Ce paramètre définit le format d''affichage des dates (us mm/jj/aaaa, metric jj/mm/aaaa, ISO aaaa/mm/jj)', 'metric|us|iso', 'Choice'); diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl index 274a1acab6..f8fca578b7 100644 --- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl +++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tmpl @@ -39,6 +39,21 @@

You entered an incorrect username or password. Please try again! And remember, usernames and passwords are case sensitive.

+ +

Cas Login

+ + + +

Sorry, the CAS login failed.

+ + +

If you have a CAS account, please ">click here to login.

+ +

Local Login

+

If you do not have a CAS account, but a local account, you can still log in :

+ + +
" name="auth" id="auth" method="post">
diff --git a/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl b/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl index de35833281..82b2af5f49 100644 --- a/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl +++ b/koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tmpl @@ -41,6 +41,7 @@ +
@@ -57,6 +58,7 @@
+ diff --git a/opac/opac-main.pl b/opac/opac-main.pl index 721efcc767..f218a006e2 100755 --- a/opac/opac-main.pl +++ b/opac/opac-main.pl @@ -41,7 +41,13 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( } ); -my $borrower = GetMember( 'borrowernumber'=> $borrowernumber ); +my $casAuthentication = C4::Context->preference('casAuthentication'); +$template->param( + casAuthentication => $casAuthentication, +); + + +my $borrower = GetMember( borrowernumber=>$borrowernumber ); $template->param( textmessaging => $borrower->{textmessaging}, ) if (ref($borrower) eq "HASH"); -- 2.39.5