Commit a54fed60 authored by Benjamin Rokseth's avatar Benjamin Rokseth
Browse files

koha: fixup logout and add some exception handling on error

parent 23d57dd7
......@@ -53,21 +53,20 @@ sub Auth {
$req or Deichman::Exception::Auth::InvalidQuery->throw();
if ($req->param("logout.x") ) {
warn "LOGOUT";
$session->clear() and return;
$self->LogOut();
}
# validate session
my $auth = $session->get("auth");
if ($auth) {
warn "GOT AUTH SESSION";
$session->put(auth => $auth);
use Data::Dumper; warn Dumper($session);
#use Data::Dumper; warn Dumper($session);
return;
} else {
warn "NO AUTH SESSION";
# Run all auth methods
my $auth = $self->checkAuthMethods();
$auth or return;
$auth or Deichman::Exception::Auth::InvalidSession->throw();
$session->put(auth => $auth);
}
# decorate session with library, etc.
......@@ -96,10 +95,17 @@ sub Auth {
C4::Context::set_shelves_userenv( "pub", $session->param("pubshelves") );
C4::Context::set_shelves_userenv( "tot", $session->param("totshelves") );
}
# What is Auth supposed to return?
# Should Auth return something?
return;
}
sub LogOut {
my ($self) = @_;
warn "LOGOUT CALLED";
$self->{session}->clear();
return $self;
}
# Try various Auth methods in given sequence
sub checkAuthMethods {
my ($self) = @_;
......@@ -165,14 +171,13 @@ sub templateAndPermissions {
my $userid = $self->{session}->param("userid") || $auth->{user}->{userid}; # session param overrides stored userid
my $flags = $in->{flagsrequired};
use Data::Dumper; warn Dumper($auth);
#use Data::Dumper; warn Dumper($auth);
my $info = {};
# no session - present login page (admins have 'id' set, not 'userid' - TODO fix)
if (not $userid and not $self->{session}->param("id") and !$in->{authnotrequired}) {
my $auth_template = "auth.tt";
my $template = C4::Templates::gettemplate( $auth_template, $in->{type}, $self);
$template->param( loginprompt => 1 ) unless $in->{authnotrequired};
# no session - present login page
if (not $userid) {
my $template = C4::Templates::gettemplate( "auth.tt", $in->{type}, $self);
$template->param( loginprompt => 1, error => $self->{session}->get("error") );
return $template;
}
......
......@@ -13,6 +13,8 @@ use Plack::Request;
use Plack::Util;
use Data::Dumper;
use Try::Tiny;
use Deichman::Exception;
use Deichman::Auth::Session::DB;
use Deichman::Auth;
......@@ -73,12 +75,11 @@ sub call {
# TODO ip security
# Create koha.session
local $auth = Deichman::Auth->new($session, $req);
my $out = $auth->Auth();
if (ref $out) { # auth returns a special response
eval { $out = $out->finalize(); };
return $out;
}
# if (ref $out) { # auth returns a special response
# eval { $out = $out->finalize(); };
# return $out;
# }
# OVERRIDE session and userenv methods
no warnings;
......@@ -94,13 +95,12 @@ sub call {
local *{C4::Auth::_get_session} = sub { $session };
local *{C4::Auth::_check_cookie_auth} = sub {
if (my $auth = $session->param("auth")) {
#$auth->{user}->{userid} and return ok => undef => 1;
$auth->{user}->{userid} and return ok => $session;
}
return "failed";
};
# TODO override all context methods=
# TODO override all context methods?
local *{C4::Context::userenv} = sub { $session };
#local *{C4::Context::set_userenv} = sub { };
#local *{C4::Context::_new_userenv} = sub { };
......@@ -112,15 +112,30 @@ sub call {
use warnings;
my $t0 = Time::HiRes::time();
$out = eval { $self->app->($env); } || do {
try {
# ->Auth returns nothing for now
$auth->Auth();
} catch {
if ($_->isa("Deichman::Exception::Auth::InvalidSession")) {
$session->put( error => "INVALID_USERNAME_OR_PASSWORD" );
} else {
$session->put( error => "NOPERMISSION" );
}
};
# Prepare CGI Mock output from $env
my $out = eval { $self->app->($env); } || do {
my $error = "$@";
warn $error;
my $res = $req->new_response(500);
$res->body($error);
$res->finalize();
};
my $dt = Time::HiRes::time() - $t0;
# log timing
printf STDERR "%s [%d] [%s %s] %s %.2f %s\n",
scalar(gmtime),
$$,
......@@ -136,6 +151,7 @@ sub call {
value => $session->id,
# secure?
);
# TODO, replace Set-Cookie when done fixing CGISESSID
Plack::Util::header_push($res->[1], "Set-Cookie", $cookie);
});
}
......
......@@ -2,12 +2,12 @@
[% USE Branches %]
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo;
[% IF ( nopermission ) %]Access denied[% END %]
<title>Koha &rsaquo;
[% IF ( error == "NOPERMISSION" ) %]Access denied[% END %]
[% IF ( timed_out ) %]Session timed out[% END %]
[% IF ( different_ip ) %]IP address change[% END %]
[% IF too_many_login_attempts %]This account has been locked.
[% ELSIF invalid_username_or_password %]Invalid username or password[% END %]
[% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]Invalid username or password[% END %]
[% IF ( loginprompt ) %]Log in to Koha[% END %]
</title>
[% INCLUDE 'doc-head-close.inc' %]
......@@ -18,8 +18,8 @@
<div id="bd">
<div id="login">
<h1><a href="http://koha-community.org">Koha</a></h1>
[% IF ( nopermission ) %]
<h1><a href="/">Koha</a></h1>
[% IF ( error == "NOPERMISSION" ) %]
<div id="login_error">
<strong>Error:</strong>
You do not have permission to access this page.
......@@ -44,12 +44,13 @@
[% IF Koha.Preference('OpacResetPassword') && Koha.Preference('OpacBaseURL') %]
<a href="[% Koha.Preference('OpacBaseURL') %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
[% END %]
[% ELSIF invalid_username_or_password %]
[% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]
<div id="login_error"><strong>Error: </strong>Invalid username or password</div>
[% END %]
<!-- login prompt time-->
<form action="[% script_name %]" method="post" name="loginform" id="loginform">
<!--<form action="[% script_name %]" method="post" name="loginform" id="loginform">-->
<form action="/cgi-bin/koha/mainpage.pl" method="post" name="loginform" id="loginform">
<input type="hidden" name="koha_login_context" value="intranet" />
[% FOREACH INPUT IN INPUTS %]
<input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
......@@ -98,7 +99,7 @@
[% END %]
[% END %]
[% IF ( nopermission ) %]
[% IF ( error == "NOPERMISSION" ) %]
<p><a href="javascript:window.history.back()">[Previous page]</a>
<a href="/">[Main page]</a></p>
[% END %]
......
......@@ -3,12 +3,12 @@
[% SET footerjs = 1 %]
[% INCLUDE 'doc-head-open.inc' %]
<title>Koha &rsaquo;
[% IF ( nopermission ) %]Access denied[% END %]
[% IF ( timed_out ) %]Session timed out[% END %]
[% IF ( different_ip ) %]IP address change[% END %]
[% IF too_many_login_attempts %]This account has been locked.
[% ELSIF invalid_username_or_password %]Invalid username or password[% END %]
[% IF ( loginprompt ) %]Log in to Koha[% END %]
[% IF ( error == "NOPERMISSION" ) %]Access denied[% END %]
[% IF ( timed_out ) %]Session timed out[% END %]
[% IF ( different_ip ) %]IP address change[% END %]
[% IF too_many_login_attempts %]This account has been locked.
[% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]Invalid username or password[% END %]
[% IF ( loginprompt ) %]Log in to Koha[% END %]
</title>
[% INCLUDE 'doc-head-close.inc' %]
</head>
......@@ -18,8 +18,8 @@
<div id="bd">
<div id="login">
<h1><a href="http://koha-community.org">Koha</a></h1>
[% IF ( nopermission ) %]
<h1><a href="/">Koha</a></h1>
[% IF ( error == "NOPERMISSION" ) %]
<div id="login_error">
<strong>Feil:</strong>
Du har ikke tillatelse til å se denne siden. </div>
......@@ -43,12 +43,13 @@
[% IF Koha.Preference('OpacResetPassword') && Koha.Preference('OpacBaseURL') %]
<a href="[% Koha.Preference('OpacBaseURL') %]/cgi-bin/koha/opac-password-recovery.pl">You must reset your password</a>.
[% END %]
[% ELSIF invalid_username_or_password %]
[% ELSIF error == "INVALID_USERNAME_OR_PASSWORD" %]
<div id="login_error"><strong>Feil: </strong>Ugyldig brukernavn eller passord</div>
[% END %]
<!-- login prompt time-->
<form action="[% script_name %]" method="post" name="loginform" id="loginform">
<!--<form action="[% script_name %]" method="post" name="loginform" id="loginform">-->
<form action="/cgi-bin/koha/mainpage.pl" method="post" name="loginform" id="loginform">
<input type="hidden" name="koha_login_context" value="intranet" />
[% FOREACH INPUT IN INPUTS %]
<input type="hidden" name="[% INPUT.name |html %]" value="[% INPUT.value |html %]" />
......@@ -97,7 +98,7 @@
[% END %]
[% END %]
[% IF ( nopermission ) %]
[% IF ( error == "NOPERMISSION" ) %]
<p><a href="javascript:window.history.back()">[Forrige side]</a>
<a href="/">[Hovedside]</a></p>
[% END %]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment