[Bug 28417] New: Authen::CAS::Client always loaded even in CAS in not in used
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Bug ID: 28417 Summary: Authen::CAS::Client always loaded even in CAS in not in used Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: ASSIGNED Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: jonathan.druart+koha@gmail.com Reporter: jonathan.druart+koha@gmail.com QA Contact: testopia@bugs.koha-community.org Blocks: 28410 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28410 [Bug 28410] Reduce memory footprint -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #1 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 121276 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=121276&action=edit Bug 28417: Don't use C4::Auth_with_cas if CAS is not used We should follow the same pattern as ldap and not use C4::Auth_with_cas if the cas syspref is not turned on. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #2 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- This script shows that 3Mb is saved in RAM use Memory::Usage; my $mu = Memory::Usage->new(); $mu->record('Loading'); require Koha::Biblios; $mu->record('module loaded'); print $mu->report(); -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #3 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Test plan: confirm that CAS is still working -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Authen::CAS::Client always |Authen::CAS::Client always |loaded even in CAS in not |loaded even if CAS in not |in used |in used -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Authen::CAS::Client always |Authen::CAS::Client always |loaded even if CAS in not |loaded even if CAS in not |in used |used -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Authen::CAS::Client always |Authen::CAS::Client always |loaded even if CAS in not |loaded even if CAS is not |used |used -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #4 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #3)
Test plan: confirm that CAS is still working
What's the suggested way to test CAS? I've never used it but I think I thought about trying out https://hub.docker.com/r/apereo/cas/ a little while ago... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #5 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- (In reply to David Cook from comment #4)
(In reply to Jonathan Druart from comment #3)
Test plan: confirm that CAS is still working
What's the suggested way to test CAS?
I don't know, Tomas promised me to test this patch. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #121276|0 |1 is obsolete| | --- Comment #6 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 127103 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127103&action=edit Bug 28417: Don't use C4::Auth_with_cas if CAS is not used We should follow the same pattern as ldap and not use C4::Auth_with_cas if the cas syspref is not turned on. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off --- Comment #7 from Tomás Cohen Arazi <tomascohen@gmail.com> --- This actually fixes something bigger, because C4::Auth was using a couple methods that weren't exported correctly. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #8 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 127104 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127104&action=edit Bug 28417: (follow-up) Fix typo - There are CAS demo servers, pick one [1] - They all seem to have the same user/pass as of writing this: User: casuser Password: Mellon To test: 1. Enable CAS and all related preferences. I chose v3 or higher, it only affects the logout action. 2. Set the CAS URL: https://casserver.herokuapp.com/cas (note that if you click on any of the examples, they include a trailing /login, don't put it). 3. Generate a Koha user, with userid: casuser (I also used that for cardnumber, just in case). Set no password to the user, or its irrelevant anyway. Add it stff permissions. 4. Open your Koha OPAC, I use KTD thus: http://kohadev.myDNSname.org:8080 5. Try to login using CAS => SUCCESS: You are redirected to the right login page 6. Login using casuser/Mellon as advertised in the 'demos' site. => SUCCESS: You are logged in! 7. Now logout => SUCCESS: You are sent to CAS so they know you wanted to logout (if you enabled CAS logout) 8. Repeat on the staff interface. => SUCCESS: Things work! 9. Apply this patches, restart all the things: $ restart_all 10. Repeat all in OPAC and admin interfaces => SUCCESS: Things work! 11. Sign off :-D [1] https://apereo.github.io/cas/Demos.html Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |tomascohen@gmail.com |y.org | Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@davidnind.com --- Comment #9 from Tomás Cohen Arazi <tomascohen@gmail.com> --- I took the liberty to straight PQA. but I'm CC'ing the other David just in case he can give it a try in case I missed some use case. Also, having a simple way to use demo servers will help with other CAS reports. So I want everyone to be familiar. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #10 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Jonathan Druart from comment #5)
(In reply to David Cook from comment #4)
(In reply to Jonathan Druart from comment #3)
Test plan: confirm that CAS is still working
What's the suggested way to test CAS?
I don't know, Tomas promised me to test this patch.
Sorry for the delay :-/ -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #127103|0 |1 is obsolete| | --- Comment #11 from David Nind <david@davidnind.com> --- Created attachment 127105 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127105&action=edit Bug 28417: Don't use C4::Auth_with_cas if CAS is not used We should follow the same pattern as ldap and not use C4::Auth_with_cas if the cas syspref is not turned on. Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #127104|0 |1 is obsolete| | --- Comment #12 from David Nind <david@davidnind.com> --- Created attachment 127106 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127106&action=edit Bug 28417: (follow-up) Fix typo - There are CAS demo servers, pick one [1] - They all seem to have the same user/pass as of writing this: User: casuser Password: Mellon To test: 1. Enable CAS and all related preferences. I chose v3 or higher, it only affects the logout action. 2. Set the CAS URL: https://casserver.herokuapp.com/cas (note that if you click on any of the examples, they include a trailing /login, don't put it). 3. Generate a Koha user, with userid: casuser (I also used that for cardnumber, just in case). Set no password to the user, or its irrelevant anyway. Add it stff permissions. 4. Open your Koha OPAC, I use KTD thus: http://kohadev.myDNSname.org:8080 5. Try to login using CAS => SUCCESS: You are redirected to the right login page 6. Login using casuser/Mellon as advertised in the 'demos' site. => SUCCESS: You are logged in! 7. Now logout => SUCCESS: You are sent to CAS so they know you wanted to logout (if you enabled CAS logout) 8. Repeat on the staff interface. => SUCCESS: Things work! 9. Apply this patches, restart all the things: $ restart_all 10. Repeat all in OPAC and admin interfaces => SUCCESS: Things work! 11. Sign off :-D [1] https://apereo.github.io/cas/Demos.html Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #13 from David Nind <david@davidnind.com> --- (In reply to Tomás Cohen Arazi from comment #9)
I took the liberty to straight PQA. but I'm CC'ing the other David just in case he can give it a try in case I missed some use case.
Also, having a simple way to use demo servers will help with other CAS reports. So I want everyone to be familiar.
I've added my sign off - not sure I'm the right person for use cases for authentication related things, but things worked as per the test plan. Feel free to cc me in on any CAS bugs that required sign off - you always have great test plans! A couple of minor things I noticed when testing: 1. After step 3 a restart_all is required, otherwise the link for CAS login is not displayed. 2. As mentioned in step 1 using CAS 3 or later for casServerVersion affects the logout action. I found this confusing as it sends you back to the CAS server, then when you click on login it logs you in to the CAS server rather than sending you to Koha - I'm sure there is a use case for that, and probably something those using a CAS environment would be familiar with. Changing casServerVersion to Version 2 or earlier means you get sent back to Koha. 3. For the staff interface the heading before the link is "Cas login", I think this should be "CAS login", but pretty minor really and is the how it is currently. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #14 from Katrin Fischer <katrin.fischer@bsz-bw.de> ---
2. As mentioned in step 1 using CAS 3 or later for casServerVersion affects the logout action. I found this confusing as it sends you back to the CAS server, then when you click on login it logs you in to the CAS server rather than sending you to Koha - I'm sure there is a use case for that, and probably something those using a CAS environment would be familiar with. Changing casServerVersion to Version 2 or earlier means you get sent back to Koha.
Hm, it should always send you back to Koha. When you start the login process from Koha or any application its URL should be part of the link to the CAS server. It's then used to send you back after a successful login. Part of the problem with logout and the CAS versions is that this parameter name was changed. Maybe the test server is CAS 2 and it doesn't work quite right with both settings because of that? We have a CAS 3 installation and it does work there (18.11 and 20.11). Looking at the patch set I think it looks like it did not change anything in that area. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #15 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Tomas, I think your patch is adding back the problem in opac-user.pl. What about the following change? diff --git a/opac/opac-user.pl b/opac/opac-user.pl index 6feb144e508..e610cabc2ab 100755 --- a/opac/opac-user.pl +++ b/opac/opac-user.pl @@ -57,8 +57,10 @@ my $query = CGI->new; # CAS single logout handling # Will print header and exit -require C4::Auth_with_cas; -C4::Context->preference('casAuthentication') and C4::Auth_with_cas::logout_if_required($query); +if ( C4::Context->preference('casAuthentication') ) { + require C4::Auth_with_cas; + C4::Auth_with_cas::logout_if_required($query); +} my ( $template, $borrowernumber, $cookie ) = get_template_and_user( { -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #16 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 127249 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127249&action=edit Bug 28417: Don't require C4::Auth_with_cas from opac-user if not needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #127249|0 |1 is obsolete| | --- Comment #17 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 127251 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=127251&action=edit Bug 28417: Don't require C4::Auth_with_cas from opac-user if not needed Note that without the use URI::QueryParam statement in C4::Auth we get: Can't locate object method "query_param_delete" via package "URI::_generic" at /kohadevbox/koha/C4/Auth.pm line 1254 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |21.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 --- Comment #18 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Pushed to master for 21.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28417 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|Pushed to master |RESOLVED CC| |kyle@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org