http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7174 --- Comment #14 from Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi> --- Created attachment 41124 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=41124&action=edit Bug 7174 - Authentication Rewrite Depends heavily on Buugg 14540, which introduces many tests to spot regression caused by this feature. Introduces a new modular authentication system based on Exception signaling and reusable authentication components/challenges. This system is cross-framework -compatible, currently supporting Mojolicious and CGI, but adding support for any other framework is straightforward. Central idea is to provide a single authentication function to deal with all types of authentication scenarios, REST API, Cookie, Password, LDAP... Also it is important to make a system that is easy to extend and can deal with many future authentication scenarios. Currently only CGI password, LDAP and cookie login is tested. Legacy behaviour is used to deal with other types of authentication. Deprecates a lot of subroutines in C4::Auth. See the attached schematic in Bugzilla for a more architectural overview. The basic principle is: 1. We get an authentication request from any Web/GUI-framework, for ex CGI. 2. Request is normalized by extracting all necessary authentication data elements to a separate data structure. 3. Based on the found authentication data elements, system decides which authentication route to take. 4. Route implements all challenges needed to authenticate the request. Route returns the authenticated Koha::Borrower or an Exception if login failed. 5. The user environment/session is set/deleted based on the Route result. 6. a Koha::Borrower and the CGISESSID-cookie is returned to the calling framework in the format the framework needs. 7. Framework needs to catch possible exceptions and deal with them. Eg. login failed, no permission, under maintenance. 8. Authentication succeeds and session is set, or failure is reported to user. ----------------------------------- -::- TEST PLAN: -::- ----------------------------------- Use PageObject tests from Buugg 14540 and Buugg 14536 to test against regression. ::MANUAL TESTS:: OPAC: 1. Go to opac-main.pl 1.1. Try to access a restricted page like /cgi-bin/koha/opac-account.pl 2. Login with password. 3. Navigate to any OPAC page requiring login. 4. Observe that the login is still valid and correct username is displayed on top right of the browser window. 5. Logout 5.1. Try to access a restricted page. 6. Login again. 7. Browse a bit. 8. Logout. Anonymous search history (OPAC): 1. Make a search 2. Make another search 3. Login 4. Make yet another search 5. Go to my search history. 6. Observe that the last three searches are shown in your search history. 7. Logout STAFF CLIENT (Intra): 0. Try to access a restricted page, like /cgi-bin/koha/mainpage.pl 1. Login 2. Navigate a bit to confirm that the login remains active. 3. Logout. 4. Login again. 5. Navigate to a restricted page. 6. Logout. 6.1. Try to access a restricted page. -- You are receiving this mail because: You are watching all bug changes.