Evergreen

User opt-in when staff member has logged in via proxied authentication fails due to missing workstation ID

Bug #1620803 reported by Dan Scott on 2016-09-06

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Evergreen	Status tracked in Main
2.10	Fix Released	Undecided	Unassigned	Evergreen 2.10.7
Main	Fix Released	Undecided	Unassigned	Evergreen 2.11-rc

Bug Description

* Evergreen master & 2.10.6

When we went live on our production 2.10.6 system, we noticed that opting-in users would fail if the staff member had logged into the staff client using their LDAP password (and thus going through auth_proxy and LDAP) instead of their Evergreen internal password.

The calls in syslog looked like the following:

Sep 6 18:23:39 hostname open-ils.actor: [ACT:1701:CStoreEditor.pm:139:blah] editor[1|123] actor.usr_org_unit_opt_in.create id= opt_in_ws= staff=123 usr=456 org_unit=100 opt_in_ts=now isnew= ischanged= isdeleted=
Sep 6 18:23:40 hostname open-ils.cstore: [ERR :31314:oils_sql.c:2489:blah] open-ils.cstore ERROR inserting actor::usr_org_unit_opt_in object using query [INSERT INTO actor.usr_org_unit_opt_in (id,opt_in_ws,staff,usr,org_unit,opt_in_ts) VALUES (DEFAULT,DEFAULT,123,456,100,'now');]: 3505682 3505682: ERROR: null value in column "opt_in_ws" violates not-null constraint

The lack of a value for opt_in_ws results in failure because, as indicated, it needs to be a non-null value per the actor.usr_org_unit_opt_in table definition.

I have reproduced this on master as well. I see code in oils_auth.c and oils_auth_internal.c that mentions having to propagate the workstation ID--perhaps we need to add the corresponding code to AuthProxy.pm (and possibly its friends)?

Revision history for this message

Dan Scott (denials) wrote on 2016-09-06:

BTW, my temporary workaround is to set a default value for the opt-in workstation column, like so:

INSERT INTO actor.workstation(name, owning_lib) VALUES ('automatic-for-the-people', 1);
# SELECT * FROM actor.workstation WHERE owning_lib = 1;
id | name | owning_lib
-----+--------------------------+------------
929 | automatic-for-the-people | 1
(1 row)
ALTER TABLE actor.usr_org_unit_opt_in ALTER COLUMN opt_in_ws SET DEFAULT 929;

Obviously a gross hack that I hope doesn't have to live long!

Revision history for this message

Dan Wells (dbw2) wrote on 2016-09-13:

Okay, this looks like an oversight in the auth_proxy code which is not passing through the 'workstation' argument to auth_internal. Here is a proposed fix:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/dbwells/lp1620803_passthru_workstation_in_authproxy

Revision history for this message

Dan Scott (denials) wrote on 2016-09-13:

I have confirmed that Dan Wells' commit resolves the problems we were seeing where copies checked in at a library where the workstation OU != the user's home OU would result in the copy being checked in from the user's home OU instead of the workstation OU (and causing transits).

I have also pushed the commit to master and rel_2_10. Thank you Dan!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.