[Bug 26792] New: Create simple is_authenticated and is_authorized methods for AuthN/AuthZ
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 Bug ID: 26792 Summary: Create simple is_authenticated and is_authorized methods for AuthN/AuthZ Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org There should be simple methods for checking if a web user is authenticated and authorized. Basically, you check a cookie value for a session ID, check if that session ID maps to an authentic user account, and then check if that user account has authorizations. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- Of course, is_authenticated should probably also trigger session timeouts. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 --- Comment #2 from David Cook <dcook@prosentient.com.au> --- I'm making some good progress here. I've created some methods like Koha::Auth->is_authenticated and Koha::Auth->is_authorized, and then implemented those in a Mojolicious application mounted in plack.psgi at 'intranet/staff'. (The Koha::Auth->is_authenticated is used to cover all routes in the Mojo startup() function, while Koha::Auth->is_authorized is implemented in a "helper", which allows it to be easily and cleanly used in Mojo controller actions.) I need to refactor C4::Auth to create a "is_timed_out" function and add that to Koha::Auth->is_authenticated, but otherwise these should be nearly ready. I should probably rename "is_authorized" to "authorize" as it actually authorizes the user. The "is_authenticated" is just a check though. If it fails, the plan is to redirect the user to a login page or internally use a Mojo login controller. I need to put some more thought into that. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |26791 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26791 [Bug 26791] Build Mojolicious controller replacement for export.pl -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- Actually, I might just merge this into Bug 26791 to help testers... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|26791 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26791 [Bug 26791] Build Mojolicious controller replacement for export.pl -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26792 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #4 from David Cook <dcook@prosentient.com.au> --- *** This bug has been marked as a duplicate of bug 26791 *** -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org