/**
@brief Initialize the application by registering functions for method calls.
@return Zero in all cases.
*/
int osrfAppInitialize() {
osrfLogInfo(OSRF_LOG_MARK, "Initializing Auth Server...");
/* load and parse the IDL */
if (!oilsInitIDL(NULL)) return 1; /* return non-zero to indicate error */
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.init",
"oilsAuthInit",
"Start the authentication process and returns the intermediate authentication seed"
" PARAMS( username )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.init.barcode",
"oilsAuthInitBarcode",
"Start the authentication process using a patron barcode and return "
"the intermediate authentication seed. PARAMS(barcode)", 1, 0);
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.init.username",
"oilsAuthInitUsername",
"Start the authentication process using a patron username and return "
"the intermediate authentication seed. PARAMS(username)", 1, 0);
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.complete",
"oilsAuthComplete",
"Completes the authentication process. Returns an object like so: "
"{authtoken : <token>, authtime:<time>}, where authtoken is the login "
"token and authtime is the number of seconds the session will be active"
"PARAMS(username, md5sum( seed + md5sum( password ) ), type, org_id ) "
"type can be one of 'opac','staff', or 'temp' and it defaults to 'staff' "
"org_id is the location at which the login should be considered "
"active for login timeout purposes", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.login",
"oilsAuthLogin",
"Request an authentication token logging in with username or "
"barcode. Parameter is a keyword arguments hash with keys "
"username, barcode, identifier, password, type, org, workstation, "
"agent. The 'identifier' option is used when the caller wants the "
"API to determine if an identifier string is a username or barcode "
"using the barcode format configuration.",
1, 0);
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.verify",
"oilsAuthComplete",
"Verifies the user provided a valid username and password."
"Params and are the same as open-ils.auth.authenticate.complete."
"Returns SUCCESS event on success, failure event on failure", 1, 0);
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.session.retrieve",
"oilsAuthSessionRetrieve",
"Pass in the auth token and this retrieves the user object. By "
"default, the auth timeout is reset when this call is made. If "
"a second non-zero parameter is passed, the auth timeout info is "
"returned to the caller along with the user object. If a 3rd "
"non-zero parameter is passed, the auth timeout will not be reset."
"Returns the user object (password blanked) for the given login session "
"PARAMS( authToken[, returnTime[, doNotResetSession]] )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.session.delete",
"oilsAuthSessionDelete",
"Destroys the given login session "
"PARAMS( authToken )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.session.reset_timeout",
"oilsAuthResetTimeout",
"Resets the login timeout for the given session "
"Returns an ILS Event with payload = session_timeout of session "
"if found, otherwise returns the NO_SESSION event"
"PARAMS( authToken )", 1, 0 );
if(!_oilsAuthSeedTimeout) { /* Load the default timeouts */
jsonObject* value_obj;
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/auth_limits/seed" );
_oilsAuthSeedTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthSeedTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Auth Seeds - Using 30 seconds" );
_oilsAuthSeedTimeout = 30;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/auth_limits/block_time" );
_oilsAuthBlockTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthBlockTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Blocking Timeout - Using 3x Seed" );
_oilsAuthBlockTimeout = _oilsAuthSeedTimeout * 3;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/auth_limits/block_count" );
_oilsAuthBlockCount = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthBlockCount ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid count for Blocking - Using 10" );
_oilsAuthBlockCount = 10;
}
osrfLogInfo(OSRF_LOG_MARK, "Set auth limits: "
"seed => %ld : block_timeout => %ld : block_count => %ld",
_oilsAuthSeedTimeout, _oilsAuthBlockTimeout, _oilsAuthBlockCount );
}
return 0;
}
/**
@brief Determine the login timeout.
@param userObj Pointer to an object describing the user.
@param type Pointer to one of four possible character strings identifying the login type.
@param orgloc Org unit to use for settings lookups (negative or zero means unspecified)
@return The length of the timeout, in seconds.
The default timeout value comes from the configuration file, and depends on the
login type.
The default may be overridden by a corresponding org unit setting. The @a orgloc
parameter says what org unit to use for the lookup. If @a orgloc <= 0, or if the
lookup for @a orgloc yields no result, we look up the setting for the user's home org unit
instead (except that if it's the same as @a orgloc we don't bother repeating the lookup).
Whether defined in the config file or in an org unit setting, a timeout value may be
expressed as a raw number (i.e. all digits, possibly with leading and/or trailing white
space) or as an interval string to be translated into seconds by PostgreSQL.
*/
static long oilsAuthGetTimeout( const jsonObject* userObj, const char* type, int orgloc ) {
if(!_oilsAuthOPACTimeout) { /* Load the default timeouts */
jsonObject* value_obj;
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/default_timeout/opac" );
_oilsAuthOPACTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthOPACTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for OPAC logins" );
_oilsAuthOPACTimeout = 0;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/default_timeout/staff" );
_oilsAuthStaffTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthStaffTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for staff logins" );
_oilsAuthStaffTimeout = 0;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/default_timeout/temp" );
_oilsAuthOverrideTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthOverrideTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for temp logins" );
_oilsAuthOverrideTimeout = 0;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/default_timeout/persist" );
_oilsAuthPersistTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthPersistTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for persist logins" );
_oilsAuthPersistTimeout = 0;
}
osrfLogInfo(OSRF_LOG_MARK, "Set default auth timeouts: "
"opac => %ld : staff => %ld : temp => %ld : persist => %ld",
_oilsAuthOPACTimeout, _oilsAuthStaffTimeout,
_oilsAuthOverrideTimeout, _oilsAuthPersistTimeout );
}
int home_ou = (int) jsonObjectGetNumber( oilsFMGetObject( userObj, "home_ou" ));
if(orgloc < 1)
orgloc = home_ou;
char* setting = NULL;
long default_timeout = 0;
if( !strcmp( type, OILS_AUTH_OPAC )) {
setting = OILS_ORG_SETTING_OPAC_TIMEOUT;
default_timeout = _oilsAuthOPACTimeout;
} else if( !strcmp( type, OILS_AUTH_STAFF )) {
setting = OILS_ORG_SETTING_STAFF_TIMEOUT;
default_timeout = _oilsAuthStaffTimeout;
} else if( !strcmp( type, OILS_AUTH_TEMP )) {
setting = OILS_ORG_SETTING_TEMP_TIMEOUT;
default_timeout = _oilsAuthOverrideTimeout;
} else if( !strcmp( type, OILS_AUTH_PERSIST )) {
setting = OILS_ORG_SETTING_PERSIST_TIMEOUT;
default_timeout = _oilsAuthPersistTimeout;
}
// Get the org unit setting, if there is one.
char* timeout = oilsUtilsFetchOrgSetting( orgloc, setting );
if(!timeout) {
if( orgloc != home_ou ) {
osrfLogDebug(OSRF_LOG_MARK, "Auth timeout not defined for org %d, "
"trying home_ou %d", orgloc, home_ou );
timeout = oilsUtilsFetchOrgSetting( home_ou, setting );
}
}
if(!timeout)
return default_timeout; // No override from org unit setting
// Translate the org unit setting to a number
long t;
if( !*timeout ) {
osrfLogWarning( OSRF_LOG_MARK,
"Timeout org unit setting is an empty string for %s login; using default",
timeout, type );
t = default_timeout;
} else {
// Treat timeout string as an interval, and convert it to seconds
t = oilsUtilsIntervalToSeconds( timeout );
if( -1 == t ) {
// Unable to convert; possibly an invalid interval string
osrfLogError( OSRF_LOG_MARK,
"Unable to convert timeout interval \"%s\" for %s login; using default",
timeout, type );
t = default_timeout;
}
}
free(timeout);
return t;
}
/**
@brief Initialize the application by registering functions for method calls.
@return Zero in all cases.
*/
int osrfAppInitialize() {
osrfLogInfo(OSRF_LOG_MARK, "Initializing Auth Server...");
/* load and parse the IDL */
if (!oilsInitIDL(NULL)) return 1; /* return non-zero to indicate error */
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.init",
"oilsAuthInit",
"Start the authentication process and returns the intermediate authentication seed"
" PARAMS( username )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.complete",
"oilsAuthComplete",
"Completes the authentication process. Returns an object like so: "
"{authtoken : <token>, authtime:<time>}, where authtoken is the login "
"token and authtime is the number of seconds the session will be active"
"PARAMS(username, md5sum( seed + md5sum( password ) ), type, org_id ) "
"type can be one of 'opac','staff', or 'temp' and it defaults to 'staff' "
"org_id is the location at which the login should be considered "
"active for login timeout purposes", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.authenticate.verify",
"oilsAuthComplete",
"Verifies the user provided a valid username and password."
"Params and are the same as open-ils.auth.authenticate.complete."
"Returns SUCCESS event on success, failure event on failure", 1, 0);
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.session.retrieve",
"oilsAuthSessionRetrieve",
"Pass in the auth token and this retrieves the user object. The auth "
"timeout is reset when this call is made "
"Returns the user object (password blanked) for the given login session "
"PARAMS( authToken )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.session.delete",
"oilsAuthSessionDelete",
"Destroys the given login session "
"PARAMS( authToken )", 1, 0 );
osrfAppRegisterMethod(
MODULENAME,
"open-ils.auth.session.reset_timeout",
"oilsAuthResetTimeout",
"Resets the login timeout for the given session "
"Returns an ILS Event with payload = session_timeout of session "
"if found, otherwise returns the NO_SESSION event"
"PARAMS( authToken )", 1, 0 );
if(!_oilsAuthSeedTimeout) { /* Load the default timeouts */
jsonObject* value_obj;
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/auth_limits/seed" );
_oilsAuthSeedTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthSeedTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Auth Seeds - Using 30 seconds" );
_oilsAuthSeedTimeout = 30;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/auth_limits/block_time" );
_oilsAuthBlockTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthBlockTimeout ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Blocking Timeout - Using 3x Seed" );
_oilsAuthBlockTimeout = _oilsAuthSeedTimeout * 3;
}
value_obj = osrf_settings_host_value_object(
"/apps/open-ils.auth/app_settings/auth_limits/block_count" );
_oilsAuthBlockCount = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj ));
jsonObjectFree(value_obj);
if( -1 == _oilsAuthBlockCount ) {
osrfLogWarning( OSRF_LOG_MARK, "Invalid count for Blocking - Using 10" );
_oilsAuthBlockCount = 10;
}
osrfLogInfo(OSRF_LOG_MARK, "Set auth limits: "
"seed => %ld : block_timeout => %ld : block_count => %ld",
_oilsAuthSeedTimeout, _oilsAuthBlockTimeout, _oilsAuthBlockCount );
}
return 0;
}
