koha: fixup logout and add some exception handling on error

a54fed60 · Benjamin Rokseth · 23d57dd7 · a54fed60 · a54fed60 · a54fed60
Commit a54fed60 authored Dec 21, 2018 by Benjamin Rokseth
--- a/koha/Deichman/Auth.pm
+++ b/koha/Deichman/Auth.pm
@@ -53,21 +53,20 @@ sub Auth {
    $req     or Deichman::Exception::Auth::InvalidQuery->throw();

    if ($req->param("logout.x") ) {
-        warn "LOGOUT";
-        $session->clear() and return;
+        $self->LogOut();
    }
    # validate session
    my $auth = $session->get("auth");
    if ($auth) {
        warn "GOT AUTH SESSION";
        $session->put(auth => $auth);
-        use Data::Dumper; warn Dumper($session);
+        #use Data::Dumper; warn Dumper($session);
        return;
    } else {
        warn "NO AUTH SESSION";
        # Run all auth methods
        my $auth = $self->checkAuthMethods();
-        $auth or return;
+        $auth or Deichman::Exception::Auth::InvalidSession->throw();
        $session->put(auth => $auth);
    }
    # decorate session with library, etc.
@@ -96,10 +95,17 @@ sub Auth {
        C4::Context::set_shelves_userenv( "pub", $session->param("pubshelves") );
        C4::Context::set_shelves_userenv( "tot", $session->param("totshelves") );
    }
-    # What is Auth supposed to return?
+    # Should Auth return something?
    return;
 }

+sub LogOut {
+    my ($self) = @_;
+    warn "LOGOUT CALLED";
+    $self->{session}->clear();
+    return $self;
+}
+
 # Try various Auth methods in given sequence
 sub checkAuthMethods {
    my ($self) = @_;
@@ -165,14 +171,13 @@ sub templateAndPermissions {
    my $userid = $self->{session}->param("userid")     || $auth->{user}->{userid};     # session param overrides stored userid
    my $flags = $in->{flagsrequired};

-    use Data::Dumper; warn Dumper($auth);
+    #use Data::Dumper; warn Dumper($auth);
    my $info = {};

-    # no session - present login page (admins have 'id' set, not 'userid' - TODO fix)
-    if (not $userid and not $self->{session}->param("id") and !$in->{authnotrequired}) {
-        my $auth_template = "auth.tt";
-        my $template = C4::Templates::gettemplate( $auth_template, $in->{type}, $self);
-        $template->param( loginprompt => 1 ) unless $in->{authnotrequired};
+    # no session - present login page
+    if (not $userid) {
+        my $template = C4::Templates::gettemplate( "auth.tt", $in->{type}, $self);
+        $template->param( loginprompt => 1, error => $self->{session}->get("error") );
        return $template;
    }


--- a/koha/Deichman/Plack/Middleware/Session.pm
+++ b/koha/Deichman/Plack/Middleware/Session.pm
@@ -13,6 +13,8 @@ use Plack::Request;
 use Plack::Util;
 use Data::Dumper;

+use Try::Tiny;
+use Deichman::Exception;
 use Deichman::Auth::Session::DB;
 use Deichman::Auth;

@@ -73,12 +75,11 @@ sub call {
    # TODO ip security
    # Create koha.session
    local $auth = Deichman::Auth->new($session, $req);
-    my $out = $auth->Auth();

-    if (ref $out) { # auth returns a special response
-        eval { $out = $out->finalize(); };
-        return $out;
-    }
+    # if (ref $out) { # auth returns a special response
+    #     eval { $out = $out->finalize(); };
+    #     return $out;
+    # }

    # OVERRIDE session and userenv methods
    no warnings;
@@ -94,13 +95,12 @@ sub call {
    local *{C4::Auth::_get_session} = sub { $session };
    local *{C4::Auth::_check_cookie_auth} = sub {
        if (my $auth = $session->param("auth")) {
-            #$auth->{user}->{userid} and return ok => undef => 1;
            $auth->{user}->{userid} and return ok => $session;
        }
        return "failed";
    };

-    # TODO override all context methods=
+    # TODO override all context methods?
    local *{C4::Context::userenv} = sub { $session };
    #local *{C4::Context::set_userenv} = sub { };
    #local *{C4::Context::_new_userenv} = sub { };
@@ -112,15 +112,30 @@ sub call {
    use warnings;

    my $t0 = Time::HiRes::time();
-    $out = eval { $self->app->($env); } || do {
+
+    try {
+        # ->Auth returns nothing for now
+        $auth->Auth();
+    } catch {
+        if ($_->isa("Deichman::Exception::Auth::InvalidSession")) {
+            $session->put( error => "INVALID_USERNAME_OR_PASSWORD" );
+        } else {
+            $session->put( error => "NOPERMISSION" );
+        }
+    };
+
+    # Prepare CGI Mock output from $env
+    my $out = eval { $self->app->($env); } || do {
        my $error = "$@";
        warn $error;
        my $res = $req->new_response(500);
        $res->body($error);
        $res->finalize();
    };
+
    my $dt = Time::HiRes::time() - $t0;

+    # log timing
    printf STDERR "%s [%d] [%s %s] %s %.2f %s\n",
        scalar(gmtime),
        $$,
@@ -136,6 +151,7 @@ sub call {
            value => $session->id,
            # secure?
        );
+        # TODO, replace Set-Cookie when done fixing CGISESSID
        Plack::Util::header_push($res->[1], "Set-Cookie", $cookie);
    });
 }

--- a/koha/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
+++ b/koha/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt
@@ -2,12 +2,12 @@
 [% USE Branches %]
 [% SET footerjs = 1 %]
 [% INCLUDE 'doc-head-open.inc' %]
-<title>Koha &rsaquo; 
-    [% IF ( nopermission ) %]Access denied[% END %]
+<title>Koha &rsaquo;
+    [% IF ( error == "NOPERMISSION" ) %]Access denied[% END %]
    [% IF ( timed_out ) %]Session timed out[% END %]
    [% IF ( different_ip ) %]IP address change[% END %]
    [% IF too_many_login_attempts %]This account has been locked.
-    [% ELSIF invalid_username_or_password %]Invalid username or password[% END %]
+    [% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]Invalid username or password[% END %]
    [% IF ( loginprompt ) %]Log in to Koha[% END %]
 </title>
 [% INCLUDE 'doc-head-close.inc' %]
@@ -18,8 +18,8 @@
   <div id="bd">

 <div id="login">
-<h1><a href="http://koha-community.org">Koha</a></h1>
-[% IF ( nopermission ) %]
+<h1><a href="/">Koha</a></h1>
+[% IF ( error == "NOPERMISSION" ) %]
 <div id="login_error">
    <strong>Error:</strong>
    You do not have permission to access this page.
@@ -44,12 +44,13 @@
    [% IF Koha.Preference('OpacResetPassword') && Koha.Preference('OpacBaseURL') %]
        <a href="[% Koha.Preference('OpacBaseURL') %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
    [% END %]
-[% ELSIF invalid_username_or_password %]
+[% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]
 <div id="login_error"><strong>Error: </strong>Invalid username or password</div>
 [% END %]

 <!-- login prompt time-->
-<form action="[% script_name %]" method="post" name="loginform" id="loginform">
+<!--<form action="[% script_name %]" method="post" name="loginform" id="loginform">-->
+<form action="/cgi-bin/koha/mainpage.pl" method="post" name="loginform" id="loginform">
    <input type="hidden" name="koha_login_context" value="intranet" />
 [% FOREACH INPUT IN INPUTS %]
    <input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
@@ -98,7 +99,7 @@
 [% END %]
 [% END %]

-[% IF ( nopermission ) %]
+[% IF ( error == "NOPERMISSION" ) %]
    <p><a href="javascript:window.history.back()">[Previous page]</a>
    <a href="/">[Main page]</a></p>
 [% END %]

--- a/koha/koha-tmpl/intranet-tmpl/prog/nb-NO/modules/auth.tt
+++ b/koha/koha-tmpl/intranet-tmpl/prog/nb-NO/modules/auth.tt
@@ -3,12 +3,12 @@
 [% SET footerjs = 1 %]
 [% INCLUDE 'doc-head-open.inc' %]
 <title>Koha &rsaquo; 
- [% IF ( nopermission ) %]Access denied[% END %]
- [% IF ( timed_out ) %]Session timed out[% END %]
- [% IF ( different_ip ) %]IP address change[% END %]
- [% IF too_many_login_attempts %]This account has been locked.
- [% ELSIF invalid_username_or_password %]Invalid username or password[% END %]
- [% IF ( loginprompt ) %]Log in to Koha[% END %]
+    [% IF ( error == "NOPERMISSION" ) %]Access denied[% END %]
+    [% IF ( timed_out ) %]Session timed out[% END %]
+    [% IF ( different_ip ) %]IP address change[% END %]
+    [% IF too_many_login_attempts %]This account has been locked.
+    [% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]Invalid username or password[% END %]
+    [% IF ( loginprompt ) %]Log in to Koha[% END %]
 </title>
 [% INCLUDE 'doc-head-close.inc' %]
 </head>
@@ -18,8 +18,8 @@
 <div id="bd">

 <div id="login">
-<h1><a href="http://koha-community.org">Koha</a></h1>
-[% IF ( nopermission ) %]
+<h1><a href="/">Koha</a></h1>
+[% IF ( error == "NOPERMISSION" ) %]
 <div id="login_error">
 <strong>Feil:</strong>
 Du har ikke tillatelse til å se denne siden. </div>
@@ -43,12 +43,13 @@
 [% IF Koha.Preference('OpacResetPassword') && Koha.Preference('OpacBaseURL') %]
 <a href="[% Koha.Preference('OpacBaseURL') %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
 [% END %]
-[% ELSIF invalid_username_or_password %]
+[% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]
 <div id="login_error"><strong>Feil: </strong>Ugyldig brukernavn eller passord</div>
 [% END %]

 <!-- login prompt time-->
-<form action="[% script_name %]" method="post" name="loginform" id="loginform">
+<!--<form action="[% script_name %]" method="post" name="loginform" id="loginform">-->
+<form action="/cgi-bin/koha/mainpage.pl" method="post" name="loginform" id="loginform">
 <input type="hidden" name="koha_login_context" value="intranet" />
 [% FOREACH INPUT IN INPUTS %]
 <input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
@@ -97,7 +98,7 @@
 [% END %]
 [% END %]

-[% IF ( nopermission ) %]
+[% IF ( error == "NOPERMISSION" ) %]
 <p><a href="javascript:window.history.back()">[Forrige side]</a>
 <a href="/">[Hovedside]</a></p>
 [% END %]