/** @brief Initialize the application by registering functions for method calls. @return Zero in all cases. */ int osrfAppInitialize() { osrfLogInfo(OSRF_LOG_MARK, "Initializing Auth Server..."); /* load and parse the IDL */ if (!oilsInitIDL(NULL)) return 1; /* return non-zero to indicate error */ osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.init", "oilsAuthInit", "Start the authentication process and returns the intermediate authentication seed" " PARAMS( username )", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.init.barcode", "oilsAuthInitBarcode", "Start the authentication process using a patron barcode and return " "the intermediate authentication seed. PARAMS(barcode)", 1, 0); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.init.username", "oilsAuthInitUsername", "Start the authentication process using a patron username and return " "the intermediate authentication seed. PARAMS(username)", 1, 0); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.complete", "oilsAuthComplete", "Completes the authentication process. Returns an object like so: " "{authtoken : <token>, authtime:<time>}, where authtoken is the login " "token and authtime is the number of seconds the session will be active" "PARAMS(username, md5sum( seed + md5sum( password ) ), type, org_id ) " "type can be one of 'opac','staff', or 'temp' and it defaults to 'staff' " "org_id is the location at which the login should be considered " "active for login timeout purposes", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.login", "oilsAuthLogin", "Request an authentication token logging in with username or " "barcode. Parameter is a keyword arguments hash with keys " "username, barcode, identifier, password, type, org, workstation, " "agent. The 'identifier' option is used when the caller wants the " "API to determine if an identifier string is a username or barcode " "using the barcode format configuration.", 1, 0); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.verify", "oilsAuthComplete", "Verifies the user provided a valid username and password." "Params and are the same as open-ils.auth.authenticate.complete." "Returns SUCCESS event on success, failure event on failure", 1, 0); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.session.retrieve", "oilsAuthSessionRetrieve", "Pass in the auth token and this retrieves the user object. By " "default, the auth timeout is reset when this call is made. If " "a second non-zero parameter is passed, the auth timeout info is " "returned to the caller along with the user object. If a 3rd " "non-zero parameter is passed, the auth timeout will not be reset." "Returns the user object (password blanked) for the given login session " "PARAMS( authToken[, returnTime[, doNotResetSession]] )", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.session.delete", "oilsAuthSessionDelete", "Destroys the given login session " "PARAMS( authToken )", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.session.reset_timeout", "oilsAuthResetTimeout", "Resets the login timeout for the given session " "Returns an ILS Event with payload = session_timeout of session " "if found, otherwise returns the NO_SESSION event" "PARAMS( authToken )", 1, 0 ); if(!_oilsAuthSeedTimeout) { /* Load the default timeouts */ jsonObject* value_obj; value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/auth_limits/seed" ); _oilsAuthSeedTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthSeedTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Auth Seeds - Using 30 seconds" ); _oilsAuthSeedTimeout = 30; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/auth_limits/block_time" ); _oilsAuthBlockTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthBlockTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Blocking Timeout - Using 3x Seed" ); _oilsAuthBlockTimeout = _oilsAuthSeedTimeout * 3; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/auth_limits/block_count" ); _oilsAuthBlockCount = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthBlockCount ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid count for Blocking - Using 10" ); _oilsAuthBlockCount = 10; } osrfLogInfo(OSRF_LOG_MARK, "Set auth limits: " "seed => %ld : block_timeout => %ld : block_count => %ld", _oilsAuthSeedTimeout, _oilsAuthBlockTimeout, _oilsAuthBlockCount ); } return 0; }
/** @brief Determine the login timeout. @param userObj Pointer to an object describing the user. @param type Pointer to one of four possible character strings identifying the login type. @param orgloc Org unit to use for settings lookups (negative or zero means unspecified) @return The length of the timeout, in seconds. The default timeout value comes from the configuration file, and depends on the login type. The default may be overridden by a corresponding org unit setting. The @a orgloc parameter says what org unit to use for the lookup. If @a orgloc <= 0, or if the lookup for @a orgloc yields no result, we look up the setting for the user's home org unit instead (except that if it's the same as @a orgloc we don't bother repeating the lookup). Whether defined in the config file or in an org unit setting, a timeout value may be expressed as a raw number (i.e. all digits, possibly with leading and/or trailing white space) or as an interval string to be translated into seconds by PostgreSQL. */ static long oilsAuthGetTimeout( const jsonObject* userObj, const char* type, int orgloc ) { if(!_oilsAuthOPACTimeout) { /* Load the default timeouts */ jsonObject* value_obj; value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/default_timeout/opac" ); _oilsAuthOPACTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthOPACTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for OPAC logins" ); _oilsAuthOPACTimeout = 0; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/default_timeout/staff" ); _oilsAuthStaffTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthStaffTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for staff logins" ); _oilsAuthStaffTimeout = 0; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/default_timeout/temp" ); _oilsAuthOverrideTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthOverrideTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for temp logins" ); _oilsAuthOverrideTimeout = 0; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/default_timeout/persist" ); _oilsAuthPersistTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthPersistTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid default timeout for persist logins" ); _oilsAuthPersistTimeout = 0; } osrfLogInfo(OSRF_LOG_MARK, "Set default auth timeouts: " "opac => %ld : staff => %ld : temp => %ld : persist => %ld", _oilsAuthOPACTimeout, _oilsAuthStaffTimeout, _oilsAuthOverrideTimeout, _oilsAuthPersistTimeout ); } int home_ou = (int) jsonObjectGetNumber( oilsFMGetObject( userObj, "home_ou" )); if(orgloc < 1) orgloc = home_ou; char* setting = NULL; long default_timeout = 0; if( !strcmp( type, OILS_AUTH_OPAC )) { setting = OILS_ORG_SETTING_OPAC_TIMEOUT; default_timeout = _oilsAuthOPACTimeout; } else if( !strcmp( type, OILS_AUTH_STAFF )) { setting = OILS_ORG_SETTING_STAFF_TIMEOUT; default_timeout = _oilsAuthStaffTimeout; } else if( !strcmp( type, OILS_AUTH_TEMP )) { setting = OILS_ORG_SETTING_TEMP_TIMEOUT; default_timeout = _oilsAuthOverrideTimeout; } else if( !strcmp( type, OILS_AUTH_PERSIST )) { setting = OILS_ORG_SETTING_PERSIST_TIMEOUT; default_timeout = _oilsAuthPersistTimeout; } // Get the org unit setting, if there is one. char* timeout = oilsUtilsFetchOrgSetting( orgloc, setting ); if(!timeout) { if( orgloc != home_ou ) { osrfLogDebug(OSRF_LOG_MARK, "Auth timeout not defined for org %d, " "trying home_ou %d", orgloc, home_ou ); timeout = oilsUtilsFetchOrgSetting( home_ou, setting ); } } if(!timeout) return default_timeout; // No override from org unit setting // Translate the org unit setting to a number long t; if( !*timeout ) { osrfLogWarning( OSRF_LOG_MARK, "Timeout org unit setting is an empty string for %s login; using default", timeout, type ); t = default_timeout; } else { // Treat timeout string as an interval, and convert it to seconds t = oilsUtilsIntervalToSeconds( timeout ); if( -1 == t ) { // Unable to convert; possibly an invalid interval string osrfLogError( OSRF_LOG_MARK, "Unable to convert timeout interval \"%s\" for %s login; using default", timeout, type ); t = default_timeout; } } free(timeout); return t; }
/** @brief Initialize the application by registering functions for method calls. @return Zero in all cases. */ int osrfAppInitialize() { osrfLogInfo(OSRF_LOG_MARK, "Initializing Auth Server..."); /* load and parse the IDL */ if (!oilsInitIDL(NULL)) return 1; /* return non-zero to indicate error */ osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.init", "oilsAuthInit", "Start the authentication process and returns the intermediate authentication seed" " PARAMS( username )", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.complete", "oilsAuthComplete", "Completes the authentication process. Returns an object like so: " "{authtoken : <token>, authtime:<time>}, where authtoken is the login " "token and authtime is the number of seconds the session will be active" "PARAMS(username, md5sum( seed + md5sum( password ) ), type, org_id ) " "type can be one of 'opac','staff', or 'temp' and it defaults to 'staff' " "org_id is the location at which the login should be considered " "active for login timeout purposes", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.authenticate.verify", "oilsAuthComplete", "Verifies the user provided a valid username and password." "Params and are the same as open-ils.auth.authenticate.complete." "Returns SUCCESS event on success, failure event on failure", 1, 0); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.session.retrieve", "oilsAuthSessionRetrieve", "Pass in the auth token and this retrieves the user object. The auth " "timeout is reset when this call is made " "Returns the user object (password blanked) for the given login session " "PARAMS( authToken )", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.session.delete", "oilsAuthSessionDelete", "Destroys the given login session " "PARAMS( authToken )", 1, 0 ); osrfAppRegisterMethod( MODULENAME, "open-ils.auth.session.reset_timeout", "oilsAuthResetTimeout", "Resets the login timeout for the given session " "Returns an ILS Event with payload = session_timeout of session " "if found, otherwise returns the NO_SESSION event" "PARAMS( authToken )", 1, 0 ); if(!_oilsAuthSeedTimeout) { /* Load the default timeouts */ jsonObject* value_obj; value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/auth_limits/seed" ); _oilsAuthSeedTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthSeedTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Auth Seeds - Using 30 seconds" ); _oilsAuthSeedTimeout = 30; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/auth_limits/block_time" ); _oilsAuthBlockTimeout = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthBlockTimeout ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid timeout for Blocking Timeout - Using 3x Seed" ); _oilsAuthBlockTimeout = _oilsAuthSeedTimeout * 3; } value_obj = osrf_settings_host_value_object( "/apps/open-ils.auth/app_settings/auth_limits/block_count" ); _oilsAuthBlockCount = oilsUtilsIntervalToSeconds( jsonObjectGetString( value_obj )); jsonObjectFree(value_obj); if( -1 == _oilsAuthBlockCount ) { osrfLogWarning( OSRF_LOG_MARK, "Invalid count for Blocking - Using 10" ); _oilsAuthBlockCount = 10; } osrfLogInfo(OSRF_LOG_MARK, "Set auth limits: " "seed => %ld : block_timeout => %ld : block_count => %ld", _oilsAuthSeedTimeout, _oilsAuthBlockTimeout, _oilsAuthBlockCount ); } return 0; }