[Koha-devel] Kanopy and SIP2 hack
Katrin Fischer
katrin.fischer.83 at web.de
Sun Oct 14 12:02:44 CEST 2018
Hi Mark,
reading your use case made me think of some open bugs we have, the first
being maybe a similar use case to yours:
*Bug 16694*
<https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694> -
Limit SIP2 auth by patron attribute
*Bug 10077*
<https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10077> - Pass
extended patron attributes via Borrower SIP protocol
Hope this helps,
Katrin
On 12.10.2018 19:46, Mark Alexander wrote:
> Our little library is preparing to use the Kanopy video streaming
> service. Kanopy can use SIP2 to query our Koha server for the purpose
> of user authentication. That's great; I can enable SIP2 pretty
> easily.
>
> The problem is that our librarian wants to put limits on which patrons
> can use Kanopy. The idea is that we don't want to allow more than
> one person per household to be able stream videos; otherwise mom, pop,
> and all the kids could go crazy one weekend on a Buffy The Vampire Slayer
> binge, for example.
>
> But Kanopy and Koha don't have a way to impose this kind of limit.
> So I came up with the following idea, which does seem to work in
> my test VM:
>
> 1. Add a new patron attribute called "KANOPY_OK", which has a yes/no value.
> Set it to yes for those patrons that will be allowed access to Kanopy.
>
> 2. Hack the SIP server code for "handle patron status" to check the incoming client's
> IP address against a Kanopy-provided list of IP addresses. If there is a match,
> authenticate the patron only if their "KANOPY_OK" atribute is "yes" (actually "1").
>
> But I hate the fact that I had to hack Koha to do this (see part of
> the hack below). Am I'm going at this the wrong way? Would it make
> more sense to enhance the plugin architecture to add a SIP2 patron
> filter function like the one below? Is this just too ugly to ever
> be considered seriously?
>
> Thanks in advance,
> Mark
>
> P.S. Here's the main part of the hack, which is a function that is called
> from handle_patron_status and handle_patron_info.
>
> my @kanopy_ips = (
> "208.66.24.46",
> "104.239.197.182",
> "18.209.148.51",
> "34.232.89.121",
> "34.234.81.211",
> "34.235.227.70",
> "34.235.53.173",
> "52.203.108.44"
> );
>
> sub sip2_check_patron {
> my ( $patron, $server ) = @_;
>
> if ( $patron ) {
> my $ipaddr = $server->{server}->{client}->peerhost;
> foreach my $kanopy ( @kanopy_ips ) {
> if ( $ipaddr =~ /^(::ffff:)?\Q$kanopy\E$/ ) {
> my $borrowernumber = $patron->{borrowernumber};
> my $value = C4::Members::Attributes::GetBorrowerAttributeValue( $borrowernumber, 'KANOPY_OK' $
> return $value eq "1";
> }
> }
> }
> return 1;
> }
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20181014/527bf8e2/attachment.html>
More information about the Koha-devel
mailing list