[Koha-bugs] [Bug 7174] Authentication rewriting

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon May 8 19:10:12 CEST 2017 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7174

Lari Taskula <lari.taskula at jns.fi> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #41536|0                           |1
        is obsolete|                            |
  Attachment #41537|0                           |1
        is obsolete|                            |

--- Comment #24 from Lari Taskula <lari.taskula at jns.fi> ---
Created attachment 63255
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=63255&action=edit
Bug 7174 - Authentication Rewrite - Core

Depends heavily on Buugg 14540, which introduces many tests to spot regression
caused by this feature.

Introduces a new modular authentication system based on Exception signaling
and reusable authentication components/challenges.
This system is cross-framework -compatible, currently supporting Mojolicious
and CGI, but adding support for any other framework is straightforward.

Central idea is to provide a single authentication function to deal with all
types of authentication scenarios, REST API, Cookie, Password, LDAP...
Also it is important to make a system that is easy to extend and can deal with
many future authentication scenarios.

Currently only CGI password, LDAP and cookie login is tested. Legacy behaviour
is used to deal with other types of authentication.

See the attached schematic in Bugzilla for a more architectural overview.

Also fixes few bugs related to anonymous_search_history

The basic principle is:
1. We get an authentication request from any Web/GUI-framework, for ex CGI.
2. Request is normalized by extracting all necessary authentication data
   elements to a separate data structure.
3. Based on the found authentication data elements, system decides which
   authentication route to take.
4. Route implements all challenges needed to authenticate the request.
   Route returns the authenticated Koha::Borrower or an Exception if login
   failed.
5. The user environment/session is set/deleted based on the Route result.
6. a Koha::Borrower and the CGISESSID-cookie is returned to the calling
   framework in the format the framework needs.
7. Framework needs to catch possible exceptions and deal with them.
   Eg. login failed, no permission, under maintenance.
8. Authentication succeeds and session is set, or failure is reported to user.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list