InstallAuth - Authenticates Koha users for Install process
use CGI qw ( -utf8 ); use InstallAuth; use C4::Output; my $query = new CGI; my ( $template, $borrowernumber, $cookie ) = get_template_and_user( { template_name => "opac-main.tt", query => $query, type => "opac", authnotrequired => 1, flagsrequired => { acquisition => '*' }, } ); output_html_with_http_headers $query, $cookie, $template->output;
The main function of this module is to provide authentification. However the get_template_and_user function has been provided so that a users login information is passed along automatically. This gets loaded into the template. This package is different from C4::Auth in so far as C4::Auth uses many preferences which are supposed NOT to be obtainable when installing the database.
As in C4::Auth, Authentication is based on cookies.
my ( $template, $borrowernumber, $cookie ) = get_template_and_user( { template_name => "opac-main.tt", query => $query, type => "opac", authnotrequired => 1, flagsrequired => { acquisition => '*' }, } );
This call passes the query
, flagsrequired
and authnotrequired
to &checkauth
(in this module) to perform authentification. See &checkauth
for an explanation of these parameters.
The template_name
is then used to find the correct template for the page. The authenticated users details are loaded onto the template in the logged_in_user variable (which is a Koha::Patron object). Also the sessionID
is passed to the template. This can be used in templates if cookies are disabled. It needs to be put as and input to every authenticated page.
More information on the gettemplate
sub can be found in the Templates.pm module.
($userid, $cookie, $sessionID) = &checkauth($query, $noauth, $flagsrequired, $type);
Verifies that the user is authorized to run this script. If the user is authorized, a (userid, cookie, session-id, flags) quadruple is returned. If the user is not authorized but does not have the required privilege (see $flagsrequired below), it displays an error page and exits. Otherwise, it displays the login page and exits.
Note that &checkauth
will return if and only if the user is authorized, so it should be called early on, before any unfinished operations (e.g., if you've opened a file, then &checkauth
won't close it for you).
$query
is the CGI object for the script calling &checkauth
.
The $noauth
argument is optional. If it is set, then no authorization is required for the script.
&checkauth
fetches user and session information from $query
and ensures that the user is authorized to run scripts that require authorization.
The $flagsrequired
argument specifies the required privileges the user must have if the username and password are correct. It should be specified as a reference-to-hash; keys in the hash should be the "flags" for the user, as specified in the Members intranet module. Any key specified must correspond to a "flag" in the userflags table. E.g., { circulate => 1 } would specify that the user must have the "circulate" privilege in order to proceed. To make sure that access control is correct, the $flagsrequired
parameter must be specified correctly.
The $type
argument specifies whether the template should be retrieved from the opac or intranet directory tree. "opac" is assumed if it is not specified; however, if $type
is specified, "intranet" is assumed if it is not "opac".
If $query
does not have a valid session ID associated with it (i.e., the user has not logged in) or if the session has expired, &checkauth
presents the user with a login page (from the point of view of the original script, &checkauth
does not return). Once the user has authenticated, &checkauth
restarts the original script (this time, &checkauth
returns).
The login page is provided using a HTML::Template, which is set in the systempreferences table or at the top of this file. The variable $type
selects which template to use, either the opac or the intranet authentification template.
&checkauth
returns a user ID, a cookie, and a session ID. The cookie should be sent back to the browser; it verifies that the user has authenticated.
CGI(3)
C4::Output(3)
Digest::MD5(3)