[OPEN-ILS-DEV] Best way to authenticate users against Evergreen

Mike Rylander mrylander at gmail.com
Fri Feb 20 12:57:04 EST 2009 

On Fri, Feb 20, 2009 at 11:58 AM, Niles Ingalls
<nilesi at zionsville.lib.in.us> wrote:
> Mark,
> I'm working on something similar, and the remote user authentication is
> fairly simple.
> I'll snip what I've got from my Codeigniter Model in regards to logging in,
>  which is using a Curl library found here:


There is a perl script that can be 'require'd that will give you a
handy oils_login() function, if you want to use the OpenSRF XMPP
transport.  It's located at
Open-ILS/src/support-scripts/oils_header.pl in the release tarballs
and in svn.  The scripts under
Open-ILS/src/support-scripts/test-scripts/ use this to authenticate
user accounts for testing.

There is also an XML-RPC interface to all of the Evergreen OpenSRF
APIs.  A self-contained script that uses RPC::XML to authenticate a
user is located at
Open-ILS/src/support-scripts/test-scripts/collections.pl in the
tarball and in svn.  This would be the most Web Service-ish way to do
what you want.

A third option is to use the gateway, as Niles suggests, but in XML
mode.  You would POST an XML document containing the request and
parameters and get back and XML version of the result you see with the
JSON gateway.  To try this out, just add
"&format=xml&input_format=json" to the URLs constructed in Niles'
example.

-- 
Mike Rylander
 | VP, Research and Design
 | Equinox Software, Inc. / The Evergreen Experts
 | phone:  1-877-OPEN-ILS (673-6457)
 | email:  miker at esilibrary.com
 | web:  http://www.esilibrary.com


> http://codeigniter.com/wiki/File:curl-library-1-1.zip
> $username = 'user';
> $password = md5('password');
> $host = 'http://evergreen.lib.in.us/gateway';
> $post =
> 'method=open-ils.auth.authenticate.init&service=open-ils.auth&param="' .
> $username . '"';
> $response = json_decode($this->curl->post($host, $post,
> array(CURLOPT_HTTPHEADER => array("Content-Type: text/xml"))));
> //print_r($response);
> $seed = $response->payload[0]; // init seed sent to us by evergreen
> $md5_password = md5( $seed . $password);
> // let's login now.
> $login_param = json_encode(array('password'=>$md5_password, 'type'=>'opac',
> 'org'=>null,'username'=>$username));
> $post =
> 'method=open-ils.auth.authenticate.complete&service=open-ils.auth&param=' .
> $login_param;
> $response = json_decode($this->curl->post($host, $post,
> array(CURLOPT_HTTPHEADER => array("Content-Type: text/xml"))));
> $authtoken = $response->payload[0]->payload->authtoken;
>
>
> Niles Ingalls
> UNIX & Web Administrator
> Hussey-Mayfield Memorial Public Library
> 250 N. Fifth Street
> P.O. Box 840
> Zionsville, IN. 46077
> Phone   317-873-3149 x13280
> Fax     317-873-8339
> "Confidence is what you have before you understand the problem." - Woody
> Allen
>
> On Feb 20, 2009, at 11:38 AM, Mark Jordan wrote:
>
> Hi,
>
> I've looked through most of the docs and can't find any mention of an API to
> authenticate users against their credentials in Evergreen. Is there such an
> API (preferably a web-servicy one)? I saw the dicussion in the list archives
> from last May about writing a Perl script to pull up patron info via
> OpenSRF, but that's about all I've come across.
>
> I'm writing a Drupal module that will use "drivers" to authenticate against
> whatever external auth source will respond, focusing for now on
> library-oriented sources like ILSs since there are already Drupal modules
> for LDAP, Shib, Pubcookie, etc. Each driver is a small PHP file that simply
> returns TRUE or FALSE, and optimially an email address, for a user who logs
> into Drupal. (It also allows you to modify the login form programmatically
> but that's independent of the authentication.) If the account is not an
> existing local Drupal account, the request is routed to the driver
> (configured by the site admin) and an account is either created or logged in
> if the driver returns TRUE after talkikg to the external auth source. If the
> driver returns FALSE, the user is told the standard Drupal "unrecognized
> username or password".
>
> I've got a working driver for Innovative (wich has a RESTful patron API) and
> a sample/generic SQL driver. I've figured out enough about Evergreen's
> actor.usr table to authenticate using it (well, it will work in Drupal 7
> since in Drupal 6 you can't switch between MySQL and Postgres nicely), but
> if there's a more API-oriented way to query for users, I'd rather use that.
> I've looked for a PHP library for OpenSRF but didn't find any.
>
> Mark
>
> Mark Jordan
> Head of Library Systems
> W.A.C. Bennett Library, Simon Fraser University
> Burnaby, British Columbia, V5A 1S6, Canada
> Voice: 778.782.5753 / Fax: 778.782.3023
> mjordan at sfu.ca
>
>
>

More information about the Open-ils-dev mailing list