Commit 5d69061c authored by Laurent's avatar Laurent

hotline #84068 do not try to authenticate on SIGB that do not provides authentication

parent 63a8f142
Pipeline #5834 passed with stage
in 32 minutes and 9 seconds
- ticket #84068 : SIGB Orphee: correction du fonctionnement lorque le webservice n'utilise pas de mots de passe
\ No newline at end of file
......@@ -188,7 +188,6 @@ abstract class Class_WebService_SIGB_AbstractRESTService extends Class_WebServic
public function ilsdiGetPatronInfo($params, $reader, $error_tag='error') {
$emprunteur = Class_WebService_SIGB_Emprunteur::newInstance()->setService($this);
$params = array_merge(array('service' => 'GetPatronInfo'), $params);
$xml = $this->httpGet($params);
if (0 === strpos($xml, '<html>'))
......
......@@ -163,7 +163,7 @@ class Class_WebService_SIGB_Orphee_Service extends Class_WebService_SIGB_Abstrac
protected function hasGetAdh() {
return $this->_search_client->hasFunction('GetAdh');
return $this->_search_client && $this->_search_client->hasFunction('GetAdh');
}
......
......@@ -55,14 +55,9 @@ class ZendAfi_Auth extends Zend_Auth {
public function newAuthDb() {
if ($this->_auth_db_adapter)
return $this->_auth_db_adapter;
$authAdapter = new ZendAfi_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('bib_admin_users');
$authAdapter->setIdentityColumn('LOGIN');
$authAdapter->setCredentialColumn('PASSWORD');
return $this->_auth_db_adapter = $authAdapter;
return $this->_auth_db_adapter
? $this->_auth_db_adapter
: $this->_auth_db_adapter = new ZendAfi_Auth_Adapter_DbTable();
}
......
<?php
/**
* Copyright (c) 2012-2018, Agence Française Informatique (AFI). All rights reserved.
*
* BOKEH is free software; you can redistribute it and/or modify
* it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
* the Free Software Foundation.
*
* There are special exceptions to the terms and conditions of the AGPL as it
* is applied to this software (see README file).
*
* BOKEH is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
* along with BOKEH; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
abstract class ZendAfi_Auth_Adapter_Abstract implements Zend_Auth_Adapter_Interface {
protected
$_identity,
$_credential,
$_authenticated_user;
public function shouldBreakChain() {
return false;
}
/**
* @param string $identity
* @return Zend_Auth_Adapter_Abstract
*/
public function setIdentity($identity) {
$this->_identity = $identity;
return $this;
}
/**
* @param string $credential
* @return Zend_Auth_Adapter_Abstract
*/
public function setCredential($credential) {
$this->_credential = $credential;
return $this;
}
/**
* @return Std_Class
*/
public function getResultObject() {
return $this->_authenticated_user->toStdClass();
}
}
......@@ -19,34 +19,10 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
class ZendAfi_Auth_Adapter_CommSigb implements Zend_Auth_Adapter_Interface {
class ZendAfi_Auth_Adapter_CommSigb extends ZendAfi_Auth_Adapter_Abstract {
protected
$_identity = null,
$_credential = null,
$_authenticated_user = null,
$_called_services = [];
/**
* @param string $identity
* @return Zend_Auth_Adapter_CommSigb
*/
public function setIdentity($identity) {
$this->_identity = $identity;
return $this;
}
/**
* @param string $credential
* @return Zend_Auth_Adapter_CommSigb
*/
public function setCredential($credential) {
$this->_credential = $credential;
return $this;
}
/**
* @return Zend_Auth_Result
*/
......@@ -145,6 +121,9 @@ class ZendAfi_Auth_Adapter_CommSigb implements Zend_Auth_Adapter_Interface {
protected function _getUserFromSigbWithLibrary($user, $library) {
$this->_called_services[] = $service = $library->getSIGBComm();
if (!$service->providesAuthentication())
return;
if (!$loaner = $service->getEmprunteur($user))
return;
......@@ -206,12 +185,4 @@ class ZendAfi_Auth_Adapter_CommSigb implements Zend_Auth_Adapter_Interface {
$this->_authenticated_user = $user;
return $result;
}
/**
* @return Std_Class
*/
public function getResultObject() {
return $this->_authenticated_user->toStdClass();
}
}
......@@ -20,43 +20,24 @@
*/
class ZendAfi_Auth_Adapter_DbTable extends Zend_Auth_Adapter_DbTable {
public function shouldBreakChain() {
return false;
}
class ZendAfi_Auth_Adapter_DbTable extends ZendAfi_Auth_Adapter_Abstract {
/**
* _authenticateCreateSelect() - This method creates a Zend_Db_Select object that
* is completely configured to be queried against the database.
*
* @return Zend_Db_Select
*/
protected function _authenticateCreateSelect() {
if (empty($this->_credentialTreatment)
|| (strpos($this->_credentialTreatment, "?") === false))
$this->_credentialTreatment = '?';
/** @return Zend_Auth_Result */
public function authenticate() {
$type = ($this->_authenticated_user = Class_Users::findFirstBy(['login' => $this->_identity,
'password' => $this->_credential,
'password not' => '']))
? Zend_Auth_Result::SUCCESS
: Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
$credentialExpression = new Zend_Db_Expr(
'(CASE WHEN ' .
$this->_zendDb->quoteInto(
$this->_zendDb->quoteIdentifier($this->_credentialColumn, true)
. ' = ' . $this->_credentialTreatment, $this->_credential
)
. ' THEN 1 ELSE 0 END) AS '
. $this->_zendDb->quoteIdentifier('zend_auth_credential_match')
);
return $this->_zendDb
->select()
->from($this->_tableName, array('*', $credentialExpression))
->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity)
->where($this->_zendDb->quoteIdentifier($this->_credentialColumn, true) . ' = ?', $this->_credential)
->where($this->_zendDb->quoteIdentifier($this->_credentialColumn, true) . ' <> ?', '');
return new Zend_Auth_Result($type, $this->_identity);
}
public function getResultObject() {
return $this->getResultRowObject(null,'password');
$object = parent::getResultObject();
unset($object->password);
return $object;
}
}
......@@ -1061,7 +1061,7 @@ class ModoControllerDeleteExpiredRegistrationsTest extends Admin_AbstractControl
['id' => 1,
'login' => 'pwd',
'password' => 'pwd',
'date' => '2018-16-01',
'date' => '2048-12-01',
'mail' => 'pwd@afi-sa.fr']);
$this->fixture('Class_UsersNonValid',
......
......@@ -2496,6 +2496,9 @@ class AuthControllerPostWithSameIdSigbTest extends AbstractControllerTestCase {
->answers([])
->whenCalled('isConnected')
->answers(true)
->whenCalled('providesAuthentication')
->answers(true);
$params = ['url_serveur' => 'http://mon-koha-de-test.org',
......@@ -2588,6 +2591,9 @@ class AuthControllerPostLoginWithDifferentIdIntBibTest
->answers($emprunteur)
->whenCalled('isConnected')
->answers(true)
->whenCalled('providesAuthentication')
->answers(true);
$params = ['url_serveur' => 'http://mon-koha-de-test.org',
......
......@@ -114,6 +114,9 @@ class AuthControllerWithoutPasswordKohaTest extends AuthControllerWithoutPasswor
->answers($this->_emprunteur)
->whenCalled('isConnected')
->answers(true)
->whenCalled('providesAuthentication')
->answers(true);
}
......
......@@ -366,7 +366,7 @@ class BiblixAuthenticateTest extends ModelTestCase {
$mock = $this
->mock()
->whenCalled('open_url')
->with('http://www.annecy.fr/webservice/biblix.ilsdi?service=GetPatronInfo&showLoans=1&showHolds=1')
->with('http://www.annecy.fr/webservice/biblix.ilsdi?service=GetPatronInfo&patronId=28&showLoans=1&showHolds=1')
->answers(BiblixNetFixtures::xmlGetPatronJustinTicou())
->beStrict();
......@@ -375,38 +375,57 @@ class BiblixAuthenticateTest extends ModelTestCase {
$service->setWebClient($mock);
$this->fixture('Class_IntBib',
['id' => 94,
'comm_sigb' => Class_IntBib::COM_BIBLIXNET,
'comm_params' => ['url_serveur' => 'http://www.annecy.fr/webservice/biblix.ilsdi']]);
$logger = $this
->mock()
->whenCalled('log')
->answers(true)
->whenCalled('logError')
->willDo(function($url, $message) {
throw new RuntimeException($url . ' :: ' . $message);
});
Class_WebService_SIGB_AbstractService::setLogger($logger);
$this->fixture('Class_Users',
['id' => 12,
'login' => '10102003',
'password' => 'secret',
'idabon' => '87364',
'id_sigb' => 28,
'int_bib' => $this->fixture('Class_IntBib',
['id' => 94,
'comm_sigb' => Class_IntBib::COM_BIBLIXNET,
'comm_params' => ['url_serveur' => 'http://www.annecy.fr/webservice/biblix.ilsdi']]),
'bib' => $this->fixture('Class_Bib',
['id' => 94,
'id_site' => 94])])
->beAbonneSIGB()
->assertSave();
$errors = ZendAfi_Auth::getInstance()->authenticateLoginPassword('10102003', 'secret');
ZendAfi_Auth::getInstance()->clearIdentity();
}
public function tearDown() {
Class_WebService_SIGB_BiblixNet::reset();
Class_WebService_SIGB_AbstractService::setLogger(null);
parent::tearDown();
}
/** @test */
public function EvelyneShouldBeLogged() {
public function withRightCredentialsJustinShouldBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10102003', 'secret');
if (!$user = Class_Users::getIdentity())
return $this->fail();
$this->assertEquals('10102003', $user->getLogin());
return $user->getEmprunts();
}
/**
* @depends withRightCredentialsJustinShouldBeLogged
* @test
*/
public function justinfShouldHaveTwoLoans($loans) {
$this->assertCount(2, $loans);
}
/** @test */
public function withWrongCredentialsJustinShouldNotBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10102003', 'oups');
$this->assertEmpty(Class_Users::getIdentity());
}
}
\ No newline at end of file
......@@ -73,7 +73,6 @@ class OrpheeServiceGetServiceTest extends ModelTestCase {
abstract class OrpheeServiceTestCase extends ModelTestCase {
protected
$_storm_default_to_volatile = true,
$_search_client,
$_orphee,
$_orphee_allow_hold_avail,
......@@ -93,16 +92,28 @@ abstract class OrpheeServiceTestCase extends ModelTestCase {
->answers(new EndSessionResponse());
$this->_beforeOrpheeServiceCreate();
$this->_orphee = new Class_WebService_SIGB_Orphee_ServiceForTesting($this->_search_client);
$allow_hold_available_items=true;
$this->_orphee_allow_hold_avail = Class_WebService_SIGB_Orphee_Service::getService('tests/fixtures/orphee.wsdl', null, $allow_hold_available_items);
$this->_orphee_allow_hold_avail->setSearchClient($this->_search_client);
$this->_orphee_allow_hold_avail->isConnected();
$this->_henry_dupont = Class_Users::getLoader()
->newInstanceWithId(2)
->setLogin('10900000753')
->setPassword('secret');
$this->_orphee = new Class_WebService_SIGB_Orphee_ServiceForTesting($this->_search_client);
Class_WebService_SIGB_Orphee::setService($this->_orphee);
$this->_henry_dupont = $this->fixture('Class_Users',
['id' => 2,
'login' => '10900000753',
'idabon' => '100753',
'password' => 'secret',
'int_bib' => $this->fixture('Class_IntBib',
['id' => 34,
'comm_sigb' => Class_IntBib::COM_ORPHEE,
'comm_params' => ['url_serveur' => 'tests/fixtures/orphee.wsdl',
'allow_hold_available_items' => true]]),
'bib' => $this->fixture('Class_Bib',
['id' => 34])]);
$this->_henry_dupont->beAbonneSIGB()->assertSave();
}
......@@ -1545,3 +1556,73 @@ class OrpheeServiceChangePasswordWithoutClientTest extends ModelTestCase {
parent::tearDown();
}
}
class OrpheeAuthenticateLocallyTest extends OrpheeServiceTestCase {
public function setUp() {
parent::setUp();
ZendAfi_Auth::getInstance()->clearIdentity();
}
/** @test */
public function withRightCredentialsHenryShouldBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10900000753', 'secret');
$this->assertNotNull($user = Class_Users::getIdentity());
$this->assertEquals('10900000753', $user->getLogin());
}
/** @test */
public function withWrongCredentialsJustinShouldNotBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10900000753', 'oups');
$this->assertEmpty(Class_Users::getIdentity());
}
}
class OrpheeAuthenticateThroughSigbTest extends OrpheeServiceTestCase {
public function setUp() {
parent::setUp();
Class_AdminVar::set('LOGIN_THROUGH_SIGB_ONLY', 1);
$this->_search_client
->whenCalled('hasFunction')->with('GetAdh')->answers(true)
->whenCalled('GetAdh')
->willDo(
function($param) {
$response = ($param->carte == '10900000753' && $param->pwd == 'secret')
? OrpheeFixtures::xmlGetAdhHenryDupont()
: '';
return $this->mock()
->whenCalled('getXml')
->answers($response);
})
->whenCalled('EndSession')->with(new EndSession())->answers(true);
ZendAfi_Auth::getInstance()->clearIdentity();
}
/** @test */
public function withRightCredentialsHenryShouldBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10900000753', 'secret');
$this->assertNotNull($user = Class_Users::getIdentity());
$this->assertEquals('10900000753', $user->getLogin());
}
/** @test */
public function withWrongCredentialsJustinShouldNotBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10900000753', 'oups');
$this->assertEmpty(Class_Users::getIdentity());
}
}
\ No newline at end of file
......@@ -271,38 +271,58 @@ class VSmartAuthenticateTest extends ModelTestCase {
$service->setWebClient($mock);
$this->fixture('Class_IntBib',
['id' => 94,
'comm_sigb' => Class_IntBib::COM_VSMART,
'comm_params' => ['url_serveur' => 'http://www.moulins.fr/webservice/VubisSmartHttpApi.csp']]);
$logger = $this
->mock()
->whenCalled('log')
->answers(true)
->whenCalled('logError')
->willDo(function($url, $message) {
throw new RuntimeException($url . ' :: ' . $message);
});
Class_WebService_SIGB_AbstractService::setLogger($logger);
$errors = ZendAfi_Auth::getInstance()->authenticateLoginPassword('10102003', 'secret');
$this->fixture('Class_Users',
['id' => 12,
'login' => '10102003',
'password' => 'secret',
'idabon' => '87364',
'id_sigb' => 28,
'int_bib' => $this->fixture('Class_IntBib',
['id' => 94,
'comm_sigb' => Class_IntBib::COM_VSMART,
'comm_params' => ['url_serveur' => 'http://www.moulins.fr/webservice/VubisSmartHttpApi.csp']]),
'bib' => $this->fixture('Class_Bib',
['id' => 94,
'id_site' => 94])])
->beAbonneSIGB()
->assertSave();
ZendAfi_Auth::getInstance()->clearIdentity();
}
public function tearDown() {
Class_WebService_SIGB_VSmart::reset();
Class_WebService_SIGB_AbstractService::setLogger(null);
parent::tearDown();
}
/** @test */
public function EvelyneShouldBeLogged() {
public function withRightCredentialsEvelyneShouldBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10102003', 'secret');
if (!$user = Class_Users::getIdentity())
return $this->fail();
$this->assertEquals('10102003', $user->getLogin());
return $user->getEmprunts();
}
/**
* @depends withRightCredentialsEvelyneShouldBeLogged
* @test
*/
public function justinfShouldHaveThreeLoans($loans) {
$this->assertCount(3, $loans);
}
/** @test */
public function withWrongCredentialsJustinShouldNotBeLogged() {
ZendAfi_Auth::getInstance()->authenticateLoginPassword('10102003', 'oups');
$this->assertEmpty(Class_Users::getIdentity());
}
}
\ No newline at end of file
......@@ -108,9 +108,16 @@ abstract class AuthCommSigbWithWebServicesAndAbonneZorkTestCase extends AuthComm
'libelle' => 'Some patrons',
'type_fichier' => Class_IntProfilDonnees::FT_PATRONS]);
Class_WebService_SIGB_Nanook::setService($comm_params, $this->nanook = $this->mock());
Class_WebService_SIGB_Orphee::setService($this->orphee = $this->mock());
Class_WebService_SIGB_Opsys::setService($this->opsys = $this->mock());
Class_WebService_SIGB_Nanook::setService($comm_params,
$this->nanook = $this->mock()
->whenCalled('providesAuthentication')
->answers(true));
Class_WebService_SIGB_Orphee::setService($this->orphee = $this->mock()
->whenCalled('providesAuthentication')
->answers(false));
Class_WebService_SIGB_Opsys::setService($this->opsys = $this->mock()
->whenCalled('providesAuthentication')
->answers(true));
$this->nanook
->whenCalled('getEmprunteur')
......@@ -518,7 +525,9 @@ class AuthCommSigbWithWebServicesAndAbonneZorkAndMinimalResponseTest
'libelle' => 'Some patrons',
'type_fichier' => Class_IntProfilDonnees::FT_PATRONS]);
Class_WebService_SIGB_Opsys::setService($this->opsys = $this->mock());
Class_WebService_SIGB_Opsys::setService($this->opsys = $this->mock()
->whenCalled('providesAuthentication')
->answers(true));
$annecy_library = $this->fixture('Class_Bib',
['id' => 43,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment