From 9dd4518094eea2af44fa7e841ec159d8f57ea8bb Mon Sep 17 00:00:00 2001
From: Josef Moravec <josef.moravec@gmail.com>
Date: Tue, 26 Sep 2017 14:14:53 +0200
Subject: [PATCH] Allow patron password checking in Koha ILS-DI driver (#1036)

- New configurable option allows passwords to be either validated or ignored.
---
 config/vufind/KohaILSDI.ini                   |  5 +++
 .../src/VuFind/ILS/Driver/KohaILSDI.php       | 32 ++++++++++++++-----
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/config/vufind/KohaILSDI.ini b/config/vufind/KohaILSDI.ini
index bc5095df685..bd036fdfd71 100755
--- a/config/vufind/KohaILSDI.ini
+++ b/config/vufind/KohaILSDI.ini
@@ -17,6 +17,11 @@ database    = koha
 ; Url to the ILS-DI API
 url         	= http://library.myuniversity.edu/cgi-bin/koha/ilsdi.pl
 
+; If we trust our authentication source and know it to be the same as the one used by
+; Koha then we can choose to not validate our patron's passwords (Useful if you are
+; using SAML/Shibboleth for authentication for both VuFind and Koha)
+dontValidatePasswords = false
+
 ;; In addition you can set 'renewals_enabled' and
 ;; 'cancel_holds_enabled' in config.ini to 'true' using this driver.
 ;; I would also recommend you set 'holds_mode' to '"holds"', as this
diff --git a/module/VuFind/src/VuFind/ILS/Driver/KohaILSDI.php b/module/VuFind/src/VuFind/ILS/Driver/KohaILSDI.php
index 1764a8b8ccc..147f1a2cd10 100644
--- a/module/VuFind/src/VuFind/ILS/Driver/KohaILSDI.php
+++ b/module/VuFind/src/VuFind/ILS/Driver/KohaILSDI.php
@@ -115,6 +115,13 @@ class KohaILSDI extends \VuFind\ILS\Driver\AbstractBase implements
      */
     protected $dateConverter;
 
+    /**
+     * Should validate passwords against Koha system?
+     *
+     * @var boolean
+     */
+    protected $validatePasswords;
+
     /**
      * Constructor
      *
@@ -162,6 +169,14 @@ class KohaILSDI extends \VuFind\ILS\Driver\AbstractBase implements
             = isset($this->config['Other']['availableLocations'])
             ? $this->config['Other']['availableLocations'] : [];
 
+        // If we are using SAML/Shibboleth for authentication for both ourselves
+        // and Koha then we can't validate the patrons passwords against Koha as
+        // they won't have one. (Double negative logic used so that if the config
+        // option isn't present in KohaILSDI.ini then ILS passwords will be
+        // validated)
+        $this->validatePasswords
+            = empty($this->config['Catalog']['dontValidatePasswords']);
+
         $this->debug("Config Summary:");
         $this->debug("DB Host: " . $this->host);
         $this->debug("ILS URL: " . $this->ilsBaseUrl);
@@ -1750,14 +1765,15 @@ class KohaILSDI extends \VuFind\ILS\Driver\AbstractBase implements
      */
     public function patronLogin($username, $password)
     {
-        //       $idObj = $this->makeRequest(
-        //         "AuthenticatePatron" . "&username=" . $username
-        //       . "&password=" . $password
-        // );
-        $idObj = $this->makeRequest(
-            "LookupPatron" . "&id=" . urlencode($username)
-            . "&id_type=userid"
-        );
+        $request = "LookupPatron" . "&id=" . urlencode($username)
+            . "&id_type=userid";
+
+        if ($this->validatePasswords) {
+            $request = "AuthenticatePatron" . "&username="
+                . urlencode($username) . "&password=" . $password;
+        }
+
+        $idObj = $this->makeRequest($request);
 
         $this->debug("username: " . $username);
         $this->debug("Code: " . $idObj->{'code'});
-- 
GitLab