Filename | /usr/share/koha/lib/C4/Auth_with_cas.pm |
Statements | Executed 41 statements in 2.56ms |
Calls | P | F | Exclusive Time |
Inclusive Time |
Subroutine |
---|---|---|---|---|---|
1 | 1 | 1 | 3.36ms | 8.59ms | BEGIN@26 | C4::Auth_with_cas::
1 | 1 | 1 | 1.12ms | 1.75ms | BEGIN@28 | C4::Auth_with_cas::
1 | 1 | 1 | 602µs | 1.04ms | BEGIN@25 | C4::Auth_with_cas::
1 | 1 | 1 | 31µs | 88µs | BEGIN@27 | C4::Auth_with_cas::
1 | 1 | 1 | 25µs | 33µs | BEGIN@20 | C4::Auth_with_cas::
1 | 1 | 1 | 23µs | 23µs | BEGIN@33 | C4::Auth_with_cas::
1 | 1 | 1 | 17µs | 119µs | BEGIN@31 | C4::Auth_with_cas::
1 | 1 | 1 | 16µs | 16µs | CORE:ftis (opcode) | C4::Auth_with_cas::
1 | 1 | 1 | 15µs | 39µs | BEGIN@21 | C4::Auth_with_cas::
1 | 1 | 1 | 14µs | 18µs | BEGIN@24 | C4::Auth_with_cas::
1 | 1 | 1 | 14µs | 173µs | BEGIN@23 | C4::Auth_with_cas::
1 | 1 | 1 | 13µs | 29µs | multipleAuth | C4::Auth_with_cas::
0 | 0 | 0 | 0s | 0s | check_api_auth_cas | C4::Auth_with_cas::
0 | 0 | 0 | 0s | 0s | checkpw_cas | C4::Auth_with_cas::
0 | 0 | 0 | 0s | 0s | getMultipleAuth | C4::Auth_with_cas::
0 | 0 | 0 | 0s | 0s | login_cas | C4::Auth_with_cas::
0 | 0 | 0 | 0s | 0s | login_cas_url | C4::Auth_with_cas::
0 | 0 | 0 | 0s | 0s | logout_cas | C4::Auth_with_cas::
Line | State ments |
Time on line |
Calls | Time in subs |
Code |
---|---|---|---|---|---|
1 | package C4::Auth_with_cas; | ||||
2 | |||||
3 | # Copyright 2009 BibLibre SARL | ||||
4 | # | ||||
5 | # This file is part of Koha. | ||||
6 | # | ||||
7 | # Koha is free software; you can redistribute it and/or modify it under the | ||||
8 | # terms of the GNU General Public License as published by the Free Software | ||||
9 | # Foundation; either version 2 of the License, or (at your option) any later | ||||
10 | # version. | ||||
11 | # | ||||
12 | # Koha is distributed in the hope that it will be useful, but WITHOUT ANY | ||||
13 | # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||||
14 | # A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||||
15 | # | ||||
16 | # You should have received a copy of the GNU General Public License along | ||||
17 | # with Koha; if not, write to the Free Software Foundation, Inc., | ||||
18 | # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||||
19 | |||||
20 | 3 | 36µs | 2 | 40µs | # spent 33µs (25+8) within C4::Auth_with_cas::BEGIN@20 which was called:
# once (25µs+8µs) by C4::Auth::BEGIN@39 at line 20 # spent 33µs making 1 call to C4::Auth_with_cas::BEGIN@20
# spent 8µs making 1 call to strict::import |
21 | 3 | 36µs | 2 | 63µs | # spent 39µs (15+24) within C4::Auth_with_cas::BEGIN@21 which was called:
# once (15µs+24µs) by C4::Auth::BEGIN@39 at line 21 # spent 39µs making 1 call to C4::Auth_with_cas::BEGIN@21
# spent 24µs making 1 call to warnings::import |
22 | |||||
23 | 3 | 41µs | 2 | 333µs | # spent 173µs (14+160) within C4::Auth_with_cas::BEGIN@23 which was called:
# once (14µs+160µs) by C4::Auth::BEGIN@39 at line 23 # spent 173µs making 1 call to C4::Auth_with_cas::BEGIN@23
# spent 160µs making 1 call to Exporter::import |
24 | 3 | 34µs | 2 | 22µs | # spent 18µs (14+4) within C4::Auth_with_cas::BEGIN@24 which was called:
# once (14µs+4µs) by C4::Auth::BEGIN@39 at line 24 # spent 18µs making 1 call to C4::Auth_with_cas::BEGIN@24
# spent 4µs making 1 call to C4::Context::import |
25 | 3 | 182µs | 2 | 1.21ms | # spent 1.04ms (602µs+442µs) within C4::Auth_with_cas::BEGIN@25 which was called:
# once (602µs+442µs) by C4::Auth::BEGIN@39 at line 25 # spent 1.04ms making 1 call to C4::Auth_with_cas::BEGIN@25
# spent 169µs making 1 call to Exporter::import |
26 | 3 | 166µs | 1 | 8.59ms | # spent 8.59ms (3.36+5.23) within C4::Auth_with_cas::BEGIN@26 which was called:
# once (3.36ms+5.23ms) by C4::Auth::BEGIN@39 at line 26 # spent 8.59ms making 1 call to C4::Auth_with_cas::BEGIN@26 |
27 | 3 | 55µs | 2 | 145µs | # spent 88µs (31+57) within C4::Auth_with_cas::BEGIN@27 which was called:
# once (31µs+57µs) by C4::Auth::BEGIN@39 at line 27 # spent 88µs making 1 call to C4::Auth_with_cas::BEGIN@27
# spent 57µs making 1 call to CGI::import |
28 | 3 | 216µs | 2 | 1.78ms | # spent 1.75ms (1.12+637µs) within C4::Auth_with_cas::BEGIN@28 which was called:
# once (1.12ms+637µs) by C4::Auth::BEGIN@39 at line 28 # spent 1.75ms making 1 call to C4::Auth_with_cas::BEGIN@28
# spent 25µs making 1 call to Exporter::import |
29 | |||||
30 | |||||
31 | 3 | 74µs | 2 | 220µs | # spent 119µs (17+101) within C4::Auth_with_cas::BEGIN@31 which was called:
# once (17µs+101µs) by C4::Auth::BEGIN@39 at line 31 # spent 119µs making 1 call to C4::Auth_with_cas::BEGIN@31
# spent 102µs making 1 call to vars::import |
32 | |||||
33 | # spent 23µs within C4::Auth_with_cas::BEGIN@33 which was called:
# once (23µs+0s) by C4::Auth::BEGIN@39 at line 39 | ||||
34 | 5 | 26µs | require Exporter; | ||
35 | $VERSION = 3.07.00.049; # set the version for version checking | ||||
36 | $debug = $ENV{DEBUG}; | ||||
37 | @ISA = qw(Exporter); | ||||
38 | @EXPORT = qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url); | ||||
39 | 1 | 1.63ms | 1 | 23µs | } # spent 23µs making 1 call to C4::Auth_with_cas::BEGIN@33 |
40 | 1 | 13µs | 1 | 43.3ms | my $context = C4::Context->new() or die 'C4::Context->new failed'; # spent 43.3ms making 1 call to C4::Context::new |
41 | 1 | 500ns | my $defaultcasserver; | ||
42 | 1 | 300ns | my $casservers; | ||
43 | 1 | 1µs | my $yamlauthfile = "../C4/Auth_cas_servers.yaml"; | ||
44 | |||||
45 | |||||
46 | # If there's a configuration for multiple cas servers, then we get it | ||||
47 | 3 | 15µs | 1 | 29µs | if (multipleAuth()) { # spent 29µs making 1 call to C4::Auth_with_cas::multipleAuth |
48 | ($defaultcasserver, $casservers) = YAML::LoadFile(qq($FindBin::Bin/$yamlauthfile)); | ||||
49 | $defaultcasserver = $defaultcasserver->{'default'}; | ||||
50 | } else { | ||||
51 | # Else, we fall back to casServerUrl syspref | ||||
52 | $defaultcasserver = 'default'; | ||||
53 | 1 | 2.05ms | $casservers = { 'default' => C4::Context->preference('casServerUrl') }; # spent 2.05ms making 1 call to C4::Context::preference | ||
54 | } | ||||
55 | |||||
56 | # Is there a configuration file for multiple cas servers? | ||||
57 | # spent 29µs (13+16) within C4::Auth_with_cas::multipleAuth which was called:
# once (13µs+16µs) by C4::Auth::BEGIN@39 at line 47 | ||||
58 | 1 | 30µs | 1 | 16µs | return (-e qq($FindBin::Bin/$yamlauthfile)); # spent 16µs making 1 call to C4::Auth_with_cas::CORE:ftis |
59 | } | ||||
60 | |||||
61 | # Returns configured CAS servers' list if multiple authentication is enabled | ||||
62 | sub getMultipleAuth { | ||||
63 | return $casservers; | ||||
64 | } | ||||
65 | |||||
66 | # Logout from CAS | ||||
67 | sub logout_cas { | ||||
68 | my ($query) = @_; | ||||
69 | my $uri = C4::Context->preference('OPACBaseURL') . $query->script_name(); | ||||
70 | my $casparam = $query->param('cas'); | ||||
71 | # FIXME: This should be more generic and handle whatever parameters there might be | ||||
72 | $uri .= "?cas=" . $casparam if (defined $casparam); | ||||
73 | $casparam = $defaultcasserver if (not defined $casparam); | ||||
74 | my $cas = Authen::CAS::Client->new($casservers->{$casparam}); | ||||
75 | print $query->redirect( $cas->logout_url($uri)); | ||||
76 | } | ||||
77 | |||||
78 | # Login to CAS | ||||
79 | sub login_cas { | ||||
80 | my ($query) = @_; | ||||
81 | my $uri = C4::Context->preference('OPACBaseURL') . $query->script_name(); | ||||
82 | my $casparam = $query->param('cas'); | ||||
83 | # FIXME: This should be more generic and handle whatever parameters there might be | ||||
84 | $uri .= "?cas=" . $casparam if (defined $casparam); | ||||
85 | $casparam = $defaultcasserver if (not defined $casparam); | ||||
86 | my $cas = Authen::CAS::Client->new($casservers->{$casparam}); | ||||
87 | print $query->redirect( $cas->login_url($uri)); | ||||
88 | } | ||||
89 | |||||
90 | # Returns CAS login URL with callback to the requesting URL | ||||
91 | sub login_cas_url { | ||||
92 | |||||
93 | my ($query, $key) = @_; | ||||
94 | my $uri = C4::Context->preference('OPACBaseURL') . $query->url( -absolute => 1, -query => 1 ); | ||||
95 | my $casparam = $query->param('cas'); | ||||
96 | $casparam = $defaultcasserver if (not defined $casparam); | ||||
97 | $casparam = $key if (defined $key); | ||||
98 | my $cas = Authen::CAS::Client->new($casservers->{$casparam}); | ||||
99 | return $cas->login_url($uri); | ||||
100 | } | ||||
101 | |||||
102 | # Checks for password correctness | ||||
103 | # In our case : is there a ticket, is it valid and does it match one of our users ? | ||||
104 | sub checkpw_cas { | ||||
105 | $debug and warn "checkpw_cas"; | ||||
106 | my ($dbh, $ticket, $query) = @_; | ||||
107 | my $retnumber; | ||||
108 | my $uri = C4::Context->preference('OPACBaseURL') . $query->script_name(); | ||||
109 | my $casparam = $query->param('cas'); | ||||
110 | # FIXME: This should be more generic and handle whatever parameters there might be | ||||
111 | $uri .= "?cas=" . $casparam if (defined $casparam); | ||||
112 | $casparam = $defaultcasserver if (not defined $casparam); | ||||
113 | my $cas = Authen::CAS::Client->new($casservers->{$casparam}); | ||||
114 | |||||
115 | # If we got a ticket | ||||
116 | if ($ticket) { | ||||
117 | $debug and warn "Got ticket : $ticket"; | ||||
118 | |||||
119 | # We try to validate it | ||||
120 | my $val = $cas->service_validate($uri, $ticket ); | ||||
121 | |||||
122 | # If it's valid | ||||
123 | if ( $val->is_success() ) { | ||||
124 | |||||
125 | my $userid = $val->user(); | ||||
126 | $debug and warn "User CAS authenticated as: $userid"; | ||||
127 | |||||
128 | # Does it match one of our users ? | ||||
129 | my $sth = $dbh->prepare("select cardnumber from borrowers where userid=?"); | ||||
130 | $sth->execute($userid); | ||||
131 | if ( $sth->rows ) { | ||||
132 | $retnumber = $sth->fetchrow; | ||||
133 | return ( 1, $retnumber, $userid ); | ||||
134 | } | ||||
135 | $sth = $dbh->prepare("select userid from borrowers where cardnumber=?"); | ||||
136 | $sth->execute($userid); | ||||
137 | if ( $sth->rows ) { | ||||
138 | $retnumber = $sth->fetchrow; | ||||
139 | return ( 1, $retnumber, $userid ); | ||||
140 | } | ||||
141 | |||||
142 | # If we reach this point, then the user is a valid CAS user, but not a Koha user | ||||
143 | $debug and warn "User $userid is not a valid Koha user"; | ||||
144 | |||||
145 | } else { | ||||
146 | $debug and warn "Problem when validating ticket : $ticket"; | ||||
147 | $debug and warn "Authen::CAS::Client::Response::Error: " . $val->error() if $val->is_error(); | ||||
148 | $debug and warn "Authen::CAS::Client::Response::Failure: " . $val->message() if $val->is_failure(); | ||||
149 | $debug and warn Data::Dumper::Dumper($@) if $val->is_error() or $val->is_failure(); | ||||
150 | return 0; | ||||
151 | } | ||||
152 | } | ||||
153 | return 0; | ||||
154 | } | ||||
155 | |||||
156 | # Proxy CAS auth | ||||
157 | sub check_api_auth_cas { | ||||
158 | $debug and warn "check_api_auth_cas"; | ||||
159 | my ($dbh, $PT, $query) = @_; | ||||
160 | my $retnumber; | ||||
161 | my $url = C4::Context->preference('OPACBaseURL') . $query->script_name(); | ||||
162 | |||||
163 | my $casparam = $query->param('cas'); | ||||
164 | $casparam = $defaultcasserver if (not defined $casparam); | ||||
165 | my $cas = Authen::CAS::Client->new($casservers->{$casparam}); | ||||
166 | |||||
167 | # If we have a Proxy Ticket | ||||
168 | if ($PT) { | ||||
169 | my $r = $cas->proxy_validate( $url, $PT ); | ||||
170 | |||||
171 | # If the PT is valid | ||||
172 | if ( $r->is_success ) { | ||||
173 | |||||
174 | # We've got a username ! | ||||
175 | $debug and warn "User authenticated as: ", $r->user, "\n"; | ||||
176 | $debug and warn "Proxied through:\n"; | ||||
177 | $debug and warn " $_\n" for $r->proxies; | ||||
178 | |||||
179 | my $userid = $r->user; | ||||
180 | |||||
181 | # Does it match one of our users ? | ||||
182 | my $sth = $dbh->prepare("select cardnumber from borrowers where userid=?"); | ||||
183 | $sth->execute($userid); | ||||
184 | if ( $sth->rows ) { | ||||
185 | $retnumber = $sth->fetchrow; | ||||
186 | return ( 1, $retnumber, $userid ); | ||||
187 | } | ||||
188 | $sth = $dbh->prepare("select userid from borrowers where cardnumber=?"); | ||||
189 | return $r->user; | ||||
190 | $sth->execute($userid); | ||||
191 | if ( $sth->rows ) { | ||||
192 | $retnumber = $sth->fetchrow; | ||||
193 | return ( 1, $retnumber, $userid ); | ||||
194 | } | ||||
195 | |||||
196 | # If we reach this point, then the user is a valid CAS user, but not a Koha user | ||||
197 | $debug and warn "User $userid is not a valid Koha user"; | ||||
198 | |||||
199 | } else { | ||||
200 | $debug and warn "Proxy Ticket authentication failed"; | ||||
201 | return 0; | ||||
202 | } | ||||
203 | } | ||||
204 | return 0; | ||||
205 | } | ||||
206 | |||||
207 | |||||
208 | 1 | 8µs | 1; | ||
209 | __END__ | ||||
# spent 16µs within C4::Auth_with_cas::CORE:ftis which was called:
# once (16µs+0s) by C4::Auth_with_cas::multipleAuth at line 58 |