From ab0049b0d15bc32586a7ab0e92a8a506e31b6e83 Mon Sep 17 00:00:00 2001 From: Demian Katz Date: Wed, 14 Oct 2015 10:27:33 -0400 Subject: [PATCH] Switched guest detection to standard permission system. --- config/vufind/EDS.ini | 8 ++-- config/vufind/permissions.ini | 7 +++ .../VuFind/Controller/EdsrecordController.php | 24 ++++------ .../Search/Factory/EdsBackendFactory.php | 4 +- .../src/VuFindSearch/Backend/EDS/Backend.php | 34 +++++++------- .../Backend/EDS/EBSCOAuthenticateIP.php | 45 ------------------- 6 files changed, 38 insertions(+), 84 deletions(-) delete mode 100644 module/VuFindSearch/src/VuFindSearch/Backend/EDS/EBSCOAuthenticateIP.php diff --git a/config/vufind/EDS.ini b/config/vufind/EDS.ini index 12a28071db1..8f52f262ab3 100644 --- a/config/vufind/EDS.ini +++ b/config/vufind/EDS.ini @@ -1,3 +1,8 @@ +; IMPORTANT NOTE: By default, VuFind will block access to certain EDS content +; unless it knows which users are authorized (by IP, etc.). Please configure the +; access.EDSExtendedResults permission in permissions.ini to allow users to +; see this content. You are responsible for complying with your license. + ; This section contains global settings affecting search behavior. [General] ; This setting controls the default sort order of search results; the selected @@ -184,6 +189,3 @@ user_name = [USERNAME] password = [PASSWORD] profile = [PROFILE] organization_id = "VuFind 2.x from MyUniversity" -; IP authentication for the users of Springfield University -; List of ip addresses of Springfield University -local_ip_addresses = "127.0.0.1, 192.168.11" diff --git a/config/vufind/permissions.ini b/config/vufind/permissions.ini index 04f20ea0d22..2c2a438192f 100644 --- a/config/vufind/permissions.ini +++ b/config/vufind/permissions.ini @@ -61,6 +61,7 @@ ; List of permissions that you may wish to configure: ; ; access.AdminModule - Controls access to the admin panel (if enabled in config.ini) +; access.EDSExtendedResults - Controls visibility of protected EDS results ; access.EITModule - Controls access to the EBSCO EIT module (if active) ; access.StaffViewTab - Controls access to the staff view tab in record mode ; access.SummonExtendedResults - Controls visibility of protected Summon results @@ -76,6 +77,12 @@ role[] = guest role[] = loggedin permission = access.StaffViewTab +; Example for EDS +;[default.EDSModule] +;ipRange[] = "127.0.0.1" +;ipRange[] = "192.168.11" +;permission = access.EDSExtendedResults + ; Examples for Shibboleth ; ; Only users that have either common-lib-terms and entityid from idp1 or diff --git a/module/VuFind/src/VuFind/Controller/EdsrecordController.php b/module/VuFind/src/VuFind/Controller/EdsrecordController.php index ec35238dc39..3095a5d06ea 100644 --- a/module/VuFind/src/VuFind/Controller/EdsrecordController.php +++ b/module/VuFind/src/VuFind/Controller/EdsrecordController.php @@ -26,6 +26,7 @@ * @link http://vufind.org Main Site */ namespace VuFind\Controller; +use VuFind\Exception\Forbidden as ForbiddenException; /** * EDS Record Controller @@ -60,11 +61,14 @@ public function pdfAction() { $driver = $this->loadRecord(); //if the user is a guest, redirect them to the login screen. - if (!$this->isAuthenticationIP() && false == $this->getUser()) { - return $this->forceLogin(); - } else { - return $this->redirect()->toUrl($driver->getPdfLink()); + $auth = $this->getAuthorizationService(); + if (!$auth->isGranted('access.EDSExtendedResults')) { + if (!$this->getUser()) { + return $this->forceLogin(); + } + throw new ForbiddenException('Access denied.'); } + return $this->redirect()->toUrl($driver->getPdfLink()); } /** @@ -78,16 +82,4 @@ protected function resultScrollerActive() return (isset($config->Record->next_prev_navigation) && $config->Record->next_prev_navigation); } - - /** - * Is IP Authentication being used? - * - * @return bool - */ - protected function isAuthenticationIP() - { - $config = $this->getServiceLocator()->get('VuFind\Config')->get('EDS'); - return (isset($config->EBSCO_Account->ip_auth) - && 'true' == $config->EBSCO_Account->ip_auth); - } } \ No newline at end of file diff --git a/module/VuFind/src/VuFind/Search/Factory/EdsBackendFactory.php b/module/VuFind/src/VuFind/Search/Factory/EdsBackendFactory.php index 955cd455494..995e493ab62 100644 --- a/module/VuFind/src/VuFind/Search/Factory/EdsBackendFactory.php +++ b/module/VuFind/src/VuFind/Search/Factory/EdsBackendFactory.php @@ -103,10 +103,12 @@ public function createService(ServiceLocatorInterface $serviceLocator) */ protected function createBackend(Connector $connector) { + $auth = $this->serviceLocator->get('ZfcRbac\Service\AuthorizationService'); + $isGuest = !$auth->isGranted('access.EDSExtendedResults'); $backend = new Backend( $connector, $this->createRecordCollectionFactory(), $this->serviceLocator->get('VuFind\CacheManager')->getCache('object'), - new \Zend\Session\Container('EBSCO'), $this->edsConfig + new \Zend\Session\Container('EBSCO'), $this->edsConfig, $isGuest ); $backend->setAuthManager($this->serviceLocator->get('VuFind\AuthManager')); $backend->setLogger($this->logger); diff --git a/module/VuFindSearch/src/VuFindSearch/Backend/EDS/Backend.php b/module/VuFindSearch/src/VuFindSearch/Backend/EDS/Backend.php index b6419ac47d2..7697b99af88 100644 --- a/module/VuFindSearch/src/VuFindSearch/Backend/EDS/Backend.php +++ b/module/VuFindSearch/src/VuFindSearch/Backend/EDS/Backend.php @@ -141,6 +141,13 @@ class Backend extends AbstractBackend */ protected $localIps = ''; + /** + * Is the current user a guest? + * + * @var bool + */ + protected $isGuest; + /** * Constructor. * @@ -149,10 +156,11 @@ class Backend extends AbstractBackend * @param CacheAdapter $cache Object cache * @param SessionContainer $session Session container * @param Config $config Object representing EDS.ini + * @param bool $isGuest Is the current user a guest? */ public function __construct(ApiClient $client, RecordCollectionFactoryInterface $factory, CacheAdapter $cache, - SessionContainer $session, Config $config = null + SessionContainer $session, Config $config = null, $isGuest = true ) { // Save dependencies: $this->client = $client; @@ -180,6 +188,8 @@ public function __construct(ApiClient $client, $this->localIps = $config->EBSCO_Account->local_ip_addresses; } + $this->isGuest = $isGuest; + // Save default profile value, since profile property may be overriden: $this->defaultProfile = $this->profile; } @@ -309,7 +319,7 @@ public function retrieve($id, ParamBag $params = null) $sessionToken = $this->getSessionToken(true); } $response = $this->client->retrieve( - $an, $dbId, $authenticationToken, $sessionToken, $hlTerms + $an, $dbId, $authenticationToken, $sessionToken, $hlTerms ); } catch(Exception $e) { throw new BackendException($e->getMessage(), $e->getCode(), $e); @@ -555,21 +565,7 @@ protected function validAuthIP($listIPs) */ protected function isGuest() { - // If the user is not logged in, then treat them as a guest. Unless they are - // using IP Authentication. - // If IP Authentication is used, then don't treat them as a guest. - - //RF : 2015/05/01 - deactivated - //if ($this->ipAuth) { - // return 'n'; - //} - - if ($this->validAuthIP($this->localIps) - || (isset($this->authManager) && $this->authManager->isLoggedIn()) - ) { - return 'n'; - } - return 'y'; + return $this->isGuest ? 'y' : 'n'; } /** @@ -586,7 +582,7 @@ public function createSession($isGuest, $profile = '') { try { $authToken = $this->getAuthenticationToken(); - $results = $this->client->createSession($profile, $isGuest, $authToken); + $results = $this->client->createSession($profile, $isGuest, $authToken); } catch(\EbscoEdsApiException $e) { $errorCode = $e->getApiErrorCode(); $desc = $e->getApiErrorDescription(); @@ -598,7 +594,7 @@ public function createSession($isGuest, $profile = '') try { $authToken = $this->getAuthenticationToken(true); $results = $this->client - ->createSession($this->profile, $isGuest, $authToken); + ->createSession($this->profile, $isGuest, $authToken); } catch(Exception $e) { throw new BackendException( $e->getMessage(), diff --git a/module/VuFindSearch/src/VuFindSearch/Backend/EDS/EBSCOAuthenticateIP.php b/module/VuFindSearch/src/VuFindSearch/Backend/EDS/EBSCOAuthenticateIP.php deleted file mode 100644 index 30e0c439b30..00000000000 --- a/module/VuFindSearch/src/VuFindSearch/Backend/EDS/EBSCOAuthenticateIP.php +++ /dev/null @@ -1,45 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0.txt Apache license - * @link http://vufind.org Main Site - */ -function validAuthIP($listIPs) -{ - - $m = explode(",", $listIPs); - // get the ip address of the request - $ip_address = trim($_SERVER['REMOTE_ADDR']); - foreach($m as $ip) { - $v = trim($ip); - if (strcmp(substr($ip_address, 0, strlen($v)), $v) == 0) { - // inside of ip address range of customer - return true; - } - } - // if not found, return false, not authenticated by IP address - return false; - -} \ No newline at end of file