[Koha-devel] Kanopy and SIP2 hack

Katrin Fischer katrin.fischer.83 at web.de
Sun Oct 14 12:02:44 CEST 2018 

Hi Mark,

reading your use case made me think of some open bugs we have, the first 
being maybe a similar use case to yours:

*Bug 16694* 
<https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694> - 
Limit SIP2 auth by patron attribute

*Bug 10077* 
<https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=10077> - Pass 
extended patron attributes via Borrower SIP protocol

Hope this helps,

Katrin


On 12.10.2018 19:46, Mark Alexander wrote:
> Our little library is preparing to use the Kanopy video streaming
> service.  Kanopy can use SIP2 to query our Koha server for the purpose
> of user authentication.  That's great; I can enable SIP2 pretty
> easily.
>
> The problem is that our librarian wants to put limits on which patrons
> can use Kanopy.  The idea is that we don't want to allow more than
> one person per household to be able stream videos; otherwise mom, pop,
> and all the kids could go crazy one weekend on a Buffy The Vampire Slayer
> binge, for example.
>
> But Kanopy and Koha don't have a way to impose this kind of limit.
> So I came up with the following idea, which does seem to work in
> my test VM:
>
> 1. Add a new patron attribute called "KANOPY_OK", which has a yes/no value.
>     Set it to yes for those patrons that will be allowed access to Kanopy.
>
> 2. Hack the SIP server code for "handle patron status" to check the incoming client's
>     IP address against a Kanopy-provided list of IP addresses.  If there is a match,
>     authenticate the patron only if their "KANOPY_OK" atribute is "yes" (actually "1").
>
> But I hate the fact that I had to hack Koha to do this (see part of
> the hack below).  Am I'm going at this the wrong way?  Would it make
> more sense to enhance the plugin architecture to add a SIP2 patron
> filter function like the one below?  Is this just too ugly to ever
> be considered seriously?
>
> Thanks in advance,
> Mark
>
> P.S. Here's the main part of the hack, which is a function that is called
> from handle_patron_status and handle_patron_info.
>
> my @kanopy_ips = (
>    "208.66.24.46",
>    "104.239.197.182",
>    "18.209.148.51",
>    "34.232.89.121",
>    "34.234.81.211",
>    "34.235.227.70",
>    "34.235.53.173",
>    "52.203.108.44"
> );
>
> sub sip2_check_patron {
>      my ( $patron, $server ) = @_;
>
>      if ( $patron ) {
>          my $ipaddr = $server->{server}->{client}->peerhost;
>          foreach my $kanopy ( @kanopy_ips ) {
>              if ( $ipaddr =~ /^(::ffff:)?\Q$kanopy\E$/ ) {
>                  my $borrowernumber = $patron->{borrowernumber};
>                  my $value = C4::Members::Attributes::GetBorrowerAttributeValue( $borrowernumber, 'KANOPY_OK' $
>                  return $value eq "1";
>              }
>          }
>      }
>      return 1;
> }
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20181014/527bf8e2/attachment.html>

More information about the Koha-devel mailing list