[open-ils-commits] r10297 - trunk/Open-ILS/src/perlmods/OpenILS/WWW

svn at svn.open-ils.org svn at svn.open-ils.org
Thu Aug 7 09:49:54 EDT 2008


Author: erickson
Date: 2008-08-07 09:49:48 -0400 (Thu, 07 Aug 2008)
New Revision: 10297

Modified:
   trunk/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm
Log:
return to login page if auth fails, existing auth session has timed out, or existing auth session does not have required perms

Modified: trunk/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm
===================================================================
--- trunk/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm	2008-08-07 13:49:30 UTC (rev 10296)
+++ trunk/Open-ILS/src/perlmods/OpenILS/WWW/Proxy.pm	2008-08-07 13:49:48 UTC (rev 10297)
@@ -112,11 +112,13 @@
 				)
 			);
 			return Apache2::Const::REDIRECT;
-		}
+		} else {
+            return back_to_login($cgi);
+        }
 	}
 
 	my $user = verify_login($auth_ses);
-	return Apache2::Const::FORBIDDEN unless ($user);
+    return back_to_login($cgi) unless $user;
 
 	$ws_ou ||= $user->home_ou;
 
@@ -127,12 +129,25 @@
 		->request('open-ils.actor.user.perm.check', $auth_ses, $user->id, $ws_ou, $perms)
 		->gather(1);
 
-	return Apache2::Const::FORBIDDEN if (@$failures > 0);
+	return back_to_login($cgi) if (@$failures > 0);
 
 	# they're good, let 'em through
 	return Apache2::Const::DECLINED;
 }
 
+sub back_to_login {
+    my $cgi = shift;
+    print $cgi->redirect(
+        -uri=>$cgi->url,
+        -cookie=>$cgi->cookie(
+            -name=>'ses',
+            -value=>'',
+            -path=>'/',-expires=>'-1h'
+        )
+    );
+    return Apache2::Const::REDIRECT;
+}
+
 # returns the user object if the session is valid, 0 otherwise
 sub verify_login {
 	my $auth_token = shift;



More information about the open-ils-commits mailing list