3 # Copyright 2007 LibLime
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it under the
8 # terms of the GNU General Public License as published by the Free Software
9 # Foundation; either version 2 of the License, or (at your option) any later
12 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
13 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
14 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License along with
17 # Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
18 # Suite 330, Boston, MA 02111-1307 USA
23 use C4
::Auth qw
/check_api_auth/;
28 # The authentication strategy for the biblios web
29 # services is as follows.
31 # 1. biblios POSTs to the authenticate API with URL-encoded
32 # form parameters 'userid' and 'password'. If the credentials
33 # belong to a valid user with the 'editcatalogue' privilege,
34 # a session cookie is returned and a Koha session created. Otherwise, an
35 # appropriate error is returned.
36 # 2. For subsequent calls to the biblios APIs, the user agent
37 # should submit the same session cookie. If the cookie is
38 # not supplied or does not correspond to a valid session, the API
39 # will redirect to this authentication API.
40 # 3. The session cookie should not be (directly) sent back to the user's
41 # web browser, but instead should be stored and submitted by biblios.
44 my ($status, $cookie, $sessionID) = check_api_auth
($query, { editcatalogue
=> 1} );
46 if ($status eq "ok") {
47 print $query->header(-type
=> 'text/xml', cookie
=> $cookie);
49 print $query->header(-type
=> 'text/xml');
51 print XMLout
({ status
=> $status }, NoAttr
=> 1, RootName
=> 'response', XMLDecl
=> 1);