Evergreen

Various mod_perl handlers should accept eg2's auth token

Bug #1996908 reported by Galen Charlton on 2022-11-17

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Evergreen	Fix Released	Medium	Unassigned
3.10	Fix Released	Medium	Unassigned	Evergreen 3.10.1
3.9	Fix Released	Medium	Unassigned	Evergreen 3.9.2

Bug Description

The Apache authentication handler OpenILS::WWW::Proxy::Authen and other mod_perl handlers (e.g., for bib export) currently expect that the authentication session will be passed to it only via a 'ses' URL parameter or a 'ses' cookie. However, it should also be taught to accept the web-based staff client's eg.auth.token cookie.

That way, any resources that are guarded by the OpenILS::WWW::Proxy::Authen handler (such as print overdue notices or a direct link to reporter output) can be directly used if the user has already logged in to the staff client. Ditto for resources (other than TPAC) that have their own Perl handlers.

See original description

Tags:

Galen Charlton (gmc) on 2022-11-17

Changed in evergreen:
importance:	Undecided → Medium

Revision history for this message

Galen Charlton (gmc) wrote on 2022-11-17:

A patch is available at user/gmcharlt/lp1996908_proxy_authen_accepts_eg.auth.token / https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/gmcharlt/lp1996908_proxy_authen_accepts_eg.auth.token

tags:

added: authentication pullrequest

Revision history for this message

Mike Rylander (mrylander) wrote on 2022-12-01:

I've signed off Galen's commit above, and expanded the eg.auth.token support to other legacy mod_perl handlers as well, ommiting the OPAC via EGCatLoader. Branch at:

https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/miker/lp1996908_legacy_handlers_accept_eg.auth.token

Galen Charlton (gmc) on 2022-12-01

summary:	- OpenILS::WWW::Proxy::Authen should accept eg2's auth token + Various mod_perl handlers should accept eg2's auth token
description:	updated
description:	updated

Revision history for this message

Jason Boyer (jboyer) wrote on 2023-03-05:

The thing on the tin is done within, pushed to master -> rel_3_9; thanks Galen and Mike!

Changed in evergreen:
status:	New → Fix Committed
milestone:	none → 3.11-beta

Evergreen Bug Maintenance (bugmaster) on 2023-03-27

Changed in evergreen:
milestone:	3.11-beta → none
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.