[Bug 28507] New: Create Koha::Session wrapper to create consistent sessions throughout Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 Bug ID: 28507 Summary: Create Koha::Session wrapper to create consistent sessions throughout Koha Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org At the moment, there are a couple different places where authenticated sessions get created. One is checkauth() and another is check_api_auth(). I would also like to create consistently structured authenticated sessions from Koha Plugins. There should be a standard API for creating and fetching sessions. I propose a Koha::Session wrapper. It will define Koha's standard session key set and have some automatic population for things like 'ip' and 'lasttime'. There will also be a method for setting the C4::Context->userenv, which is something that gets done repeatedly in checkauth(), check_api_auth(), check_cookie_auth(), and other less relevant places (like checkpw_internal which is bizarre). I think that this is a reasonable step forward as we add AuthN and AuthZ to things like Koha plugins and Mojolicious controllers. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=28325 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=17427 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- For instance: Koha::Session->create_user_session({ }); -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 --- Comment #2 from David Cook <dcook@prosentient.com.au> --- For instance: Koha::Session->set_user_session({ user => $patron, session => $session, extensions => { desk_id => $desk_id, shibboleth => $shibboleth, }, }); We'd take both the session object and data to put into it. The $session object would have 'ip' and 'lasttime' set automatically. Likewise: Koha::Session->set_userenv({ session => $session, extensions => { id => $userid, } }); The above would use session data or let you override particular key/value pairs using extensions. Although personally I find the concept of C4::Context->userenv to be unnecessary. You just need sessions, but Koha has a dependency on C4::Context->userenv... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=24539 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |dcook@prosentient.com.au |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- Actually, I think the key thing is having Koha::Session enforce a number of mandatory session variables. After reviewing C4::Auth::check_api_auth(), C4::Auth::checkauth(), C4::InstallAuth::checkauth(), the required keys for an authenticated user appear to be: - number - id - cardnumber - firstname - surname - branch - branchname - flags - emailaddress - ip - lasttime - interface (not set by C4::InstallAuth::checkauth() but is by the other 2) C4::Auth::checkauth() also sets "search_history", "desk_id", "desk_name", "shibboleth", "register_id", "register_name", "sco_user", and "cas_ticket". C4::Auth::check_api_auth() also sets "cas_ticket". -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #4 from David Cook <dcook@prosentient.com.au> --- *** This bug has been marked as a duplicate of bug 31050 *** -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28507 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=32178 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org