return $self->load_simple("home") if $path =~ /opac\/home/;
return $self->load_simple("advanced") if $path =~ /opac\/advanced/;
- return $self->load_login if $path =~ /opac\/login/;
- return $self->load_logout if $path =~ /opac\/logout/;
return $self->load_rresults if $path =~ /opac\/results/;
return $self->load_record if $path =~ /opac\/record/;
# ----------------------------------------------------------------
- # Everything below here requires authentication
+ # Logout and login require SSL
# ----------------------------------------------------------------
- return $self->redirect_secure($path)
+ if($path =~ /opac\/login/) {
+ return $self->redirect_ssl unless $self->cgi->https;
+ return $self->load_login;
+ }
+
+ if($path =~ /opac\/logout/) {
+ #return Apache2::Const::FORBIDDEN unless $self->cgi->https;
+ $self->apache->log->warn("catloader: logout called in non-secure context from " .
+ ($self->ctx->{referer} || '<no referer>')) unless $self->cgi->https;
+ return $self->load_logout;
+ }
+
+ # ----------------------------------------------------------------
+ # Everything below here requires SSL + authentication
+ # ----------------------------------------------------------------
+ return $self->redirect_auth
unless $self->cgi->https and $self->editor->requestor;
return $self->load_place_hold if $path =~ /opac\/place_hold/;
return Apache2::Const::OK;
}
+
+# -----------------------------------------------------------------------------
+# Redirect to SSL equivalent of a given page
+# -----------------------------------------------------------------------------
+sub redirect_ssl {
+ my $self = shift;
+ my $new_page = sprintf('https://%s%s', $self->apache->hostname, $self->apache->unparsed_uri);
+ $self->apache->print($self->cgi->redirect(-url => $new_page));
+ return Apache2::Const::REDIRECT;
+}
+
# -----------------------------------------------------------------------------
-# If a secure resource is requested insecurely, redirect to the login page,
+# If an authnticated resource is requested w/o auth, redirect to the login page,
# then return to the originally requrested resource upon successful login.
# -----------------------------------------------------------------------------
-sub redirect_secure {
- my ($self, $path) = @_;
+sub redirect_auth {
+ my $self = shift;
my $login_page = sprintf('https://%s%s/login', $self->apache->hostname, $self->ctx->{opac_root});
my $redirect_to = uri_escape($self->apache->unparsed_uri);
$self->apache->print($self->cgi->redirect(-url => "$login_page?redirect_to=$redirect_to"));
} else {
# For now, keep an eye out for any pages being unceremoniously redirected to logout...
- $self->apache->log->info("loading " . $ctx->{path_info} . "; auth session " .
+ $self->apache->log->info("catloader: loading " . $ctx->{path_info} . "; auth session " .
$e->authtoken . " no longer valid; redirecting to logout");
return $self->load_logout;
});
unless($tt->process($template, {ctx => $ctx, l => set_text_handler($ctx, $r)})) {
- $r->log->warn('Template error: ' . $tt->error);
+ $r->log->warn('egweb: template error: ' . $tt->error);
return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
}
my $locale = $ctx->{locale};
$locale =~ s/-/_/g;
- $r->log->info("messages locale = $locale");
+ $r->log->debug("egweb: messages locale = $locale");
unless($lh_cache{$locale}) {
- $r->log->info("Unsupported locale: $locale");
+ $r->log->info("egweb: Unsupported locale: $locale");
$lh_cache{$locale} = $lh_cache{'en_US'};
}
};
if($@) {
- $r->log->error("Context Loader error: $@");
+ $r->log->error("egweb: Context Loader error: $@");
return Apache2::Const::HTTP_INTERNAL_SERVER_ERROR;
}
- $r->log->info("context loader resulted in status $stat");
+ $r->log->debug("egweb: context loader resulted in status $stat");
return $stat;
}
} otherwise {
my $e = shift;
my $err = "Invalid XML: $e";
- $r->log->error($err);
+ $r->log->error("egweb: $err");
$r->content_type('text/plain; encoding=utf8');
$r->print("\n$err\n\n$data");
};
last unless $localpath;
for my $tpath (@{$ctx->{template_paths}}) {
my $fpath = "$tpath/$skin/$localpath.$ext";
- $r->log->debug("looking at possible template $fpath");
+ $r->log->debug("egweb: looking at possible template $fpath");
if(-r $fpath) {
$template = "$localpath.$ext";
last;
# no template configured or found
unless($template) {
- $r->log->warn("No template configured for path $path");
+ $r->log->debug("egweb: No template configured for path $path");
return ();
}
}
- $r->log->debug("template = $template : page args = @$page_args");
+ $r->log->debug("egweb: template = $template : page args = @$page_args");
return ($template, $page_args, $as_xml);
}
my $r = shift;
my $epoch = stat($web_config_file)->mtime;
unless($web_config_edit_time and $web_config_edit_time == $epoch) {
- $r->log->debug("Reloading web config after edit...") if $r;
+ $r->log->debug("egweb: Reloading web config after edit...") if $r;
$web_config_edit_time = $epoch;
$web_config = parse_config($web_config_file);
}