"Fossies" - the Fresh Open Source Software Archive

Member "koha-19.11.15/svc/authentication" (23 Feb 2021, 1882 Bytes) of package /linux/misc/koha-19.11.15.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Perl source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "authentication": 20.05.06_vs_20.11.00.

    1 #!/usr/bin/perl
    2 
    3 # Copyright 2007 LibLime
    4 #
    5 # This file is part of Koha.
    6 #
    7 # Koha is free software; you can redistribute it and/or modify it
    8 # under the terms of the GNU General Public License as published by
    9 # the Free Software Foundation; either version 3 of the License, or
   10 # (at your option) any later version.
   11 #
   12 # Koha is distributed in the hope that it will be useful, but
   13 # WITHOUT ANY WARRANTY; without even the implied warranty of
   14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
   15 # GNU General Public License for more details.
   16 #
   17 # You should have received a copy of the GNU General Public License
   18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
   19 #
   20 
   21 use Modern::Perl;
   22 
   23 use CGI qw ( -utf8 );
   24 use C4::Auth qw/check_api_auth/;
   25 use XML::Simple;
   26 
   27 my $query = new CGI;
   28 
   29 # The authentication strategy for the biblios web 
   30 # services is as follows.
   31 # 
   32 # 1. biblios POSTs to the authenticate API with URL-encoded
   33 # form parameters 'userid' and 'password'.  If the credentials
   34 # belong to a valid user with the 'editcatalogue' privilege,
   35 # a session cookie is returned and a Koha session created.  Otherwise, an 
   36 # appropriate error is returned.
   37 # 2. For subsequent calls to the biblios APIs, the user agent
   38 # should submit the same session cookie.  If the cookie is
   39 # not supplied or does not correspond to a valid session, the API
   40 # will redirect to this authentication API.
   41 # 3. The session cookie should not be (directly) sent back to the user's
   42 # web browser, but instead should be stored and submitted by biblios.
   43 
   44 
   45 my ($status, $cookie, $sessionID) = check_api_auth($query, { editcatalogue => 'edit_catalogue'} );
   46 
   47 if ($status eq "ok") {
   48     print $query->header(-type => 'text/xml', cookie => $cookie);
   49 } else {
   50     print $query->header(-type => 'text/xml');
   51 }
   52 print XMLout({ status => $status }, NoAttr => 1, RootName => 'response', XMLDecl => 1);