From 1a53b49980e913c55c6f2021d21b6aa99ac8cefd Mon Sep 17 00:00:00 2001 From: Mark Tompsett Date: Mon, 20 Feb 2017 01:37:49 -0500 Subject: [PATCH] Bug 18144: Restore pieces of C4/Auth to make Google OpenID Connect work By restoring some pieces of logic, with the name changed from $persona to $emailaddress, the openid will work again for OPAC logins. See https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10988#c68 for an excellent test plan. Signed-off-by: Josef Moravec Signed-off-by: Jonathan Druart Did not test it, but trust in author and signoffer Signed-off-by: Kyle M Hall --- C4/Auth.pm | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 8652aad66a..a139bcedd9 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -748,6 +748,7 @@ sub checkauth { my $authnotrequired = shift; my $flagsrequired = shift; my $type = shift; + my $emailaddress = shift; $type = 'opac' unless $type; my $dbh = C4::Context->dbh; @@ -788,6 +789,9 @@ sub checkauth { ); $loggedin = 1; } + elsif ( $emailaddress) { + # the Google OpenID Connect passes an email address + } elsif ( $sessionID = $query->cookie("CGISESSID") ) { # assignment, not comparison my $session = get_session($sessionID); @@ -924,7 +928,8 @@ sub checkauth { if ( ( $cas && $query->param('ticket') ) || $q_userid || ( $shib && $shib_login ) - || $pki_field ne 'None' ) + || $pki_field ne 'None' + || $emailaddress ) { my $password = $query->param('password'); my $shibSuccess = 0; @@ -952,6 +957,26 @@ sub checkauth { $info{'invalidCasLogin'} = 1 unless ($return); } + elsif ( $emailaddress ) { + my $value = $emailaddress; + + # If we're looking up the email, there's a chance that the person + # doesn't have a userid. So if there is none, we pass along the + # borrower number, and the bits of code that need to know the user + # ID will have to be smart enough to handle that. + require C4::Members; + my @users_info = C4::Members::GetBorrowersWithEmail($value); + if (@users_info) { + + # First the userid, then the borrowernum + $value = $users_info[0][1] || $users_info[0][0]; + } else { + undef $value; + } + $return = $value ? 1 : 0; + $userid = $value; + } + elsif ( ( $pki_field eq 'Common Name' && $ENV{'SSL_CLIENT_S_DN_CN'} ) || ( $pki_field eq 'emailAddress' -- 2.39.5