- added minimal support to store data needed for authentication

1b665304 · Andreas Romeyke · 8562549d · 1b665304 · 1b665304 · 1b665304
Commit 1b665304 authored 2 years ago by Andreas Romeyke
--- a/lib/SLUB/LZA/Rosetta/TA.pm
+++ b/lib/SLUB/LZA/Rosetta/TA.pm
@@ -11,12 +11,14 @@ use feature qw(say);
 use Regexp::Optimizer;
 use IO::Zlib;
 use Text::CSV_PP;
+use SLUB::LZA::Rosetta::TA::Crypt;
 # ABSTRACT: main module for ta-tool
 our %config;
 our %cache;
 our $cache_path;
+our $SALT = pack("H16", "There is no security by obscurity!");
 BEGIN{
    my $home = path($ENV{'HOME'});
    if ($home->is_dir() && !$home->is_rootdir) {
@@ -24,6 +26,10 @@ BEGIN{
        our $config_file = $config_path;
        if ($config_path->is_file) {
            %config = YAML::LoadFile($config_path);
+            if (defined $config{password}) {
+                warn "HINT: The password was stored in config file!";
+                $config{decrypted_password} = SLUB::LZA::Rosetta::TA::Crypt::decrypt($config{password});
+            }
        }
        $cache_path = $home->child('.cache')->child('ta-tool.cache');
        if ($cache_path->is_file and -s $cache_path < 8192*1024) { # if size > 8MB, write new at end, see END{}-block

--- a/lib/SLUB/LZA/Rosetta/TA/Command/init.pm
+++ b/lib/SLUB/LZA/Rosetta/TA/Command/init.pm
@@ -4,6 +4,10 @@ use warnings;
 use SLUB::LZA::Rosetta::TA -command;
 use YAML qw(DumpFile);
 use feature qw(say);
+use IO::Prompt;
+use Crypt::Mode::CBC;
+use Path::Tiny;
 sub abstract {"Initialize $0";}
 sub description {"Initialize $0, preparing config"}
@@ -12,6 +16,7 @@ sub opt_spec {
        ["verbose|v" => "enable verbose output"],
        ["rosettahost|r=s" => "host adress where Rosetta runs", {required=>1}],
        ["logdir|l=s" => "logdir where rosetta stores it server log files", {required=>1}],
+        ["authentication|a" => "enable authentification (needed if Rosetta's general parameter 'sru_authentication=true'), password is stored salted only in config file!", {required=>0}]
    );
 }
 sub validate_args {
@@ -25,11 +30,31 @@ sub execute {
    my %config;
    $config{host} = $opt->{rosettahost};
    $config{logdir} = $opt->{logdir};
+    if (defined $opt->{authentication}) {
+        warn "HINT: The password will stored in config file!";
+        my $user = prompt('User:' );
+        $config{user} = "$user";
+        my $institution = prompt('Institution:' );
+        $config{institution} = "$institution";
+        RETRY:
+        my $passwd1 = prompt ('Password:', -echo=>"*");
+        my $passwd2 = prompt ('Password, again:', -echo=>"*");
+        if ($passwd1 ne $passwd2) {
+            say "you typed different passwords, retry";
+            goto RETRY;
+        }
+        $config{password} = SLUB::LZA::Rosetta::TA::Crypt::encrypt("$passwd1");
+    }
    if (defined $SLUB::LZA::Rosetta::TA::config_file) {
        if (defined $opt->{verbose}) {
            say "store config in $SLUB::LZA::Rosetta::TA::config_file";
        }
-        YAML::DumpFile($SLUB::LZA::Rosetta::TA::config_file, %config);
+        my $file = path($SLUB::LZA::Rosetta::TA::config_file);
+        $file->touch();
+        $file->chmod("0600");
+        my $fh = path($SLUB::LZA::Rosetta::TA::config_file)->filehandle({exclusive => 0}, ">");
+        YAML::DumpFile($fh, %config);
+        $fh->close;
    }
 }

--- a/lib/SLUB/LZA/Rosetta/TA/Command/log.pm
+++ b/lib/SLUB/LZA/Rosetta/TA/Command/log.pm
@@ -43,6 +43,8 @@ sub opt_spec {
        ["level=s@" => "levels to search for. Levels could be: 'error', 'warn', 'info', 'debug'. You could use multiple levels by repeating"],
        ["match=s" => "perl regex to search for" => {default=>".*"}],
        ["trace=s" => "trace a sip/IE with given ID (SIP-ID or Deposit-ID or IE PID)"],
+        ["user|u:s" => "user if authentication needed (optional, depends on settings in Rosetta's global parameter: sru_authentication=true)", {required=>0}],
+        ["password|p:s" => "password if authentication needed (optional, depends on settings in Rosetta's global parameter: sru_authentication=true)", {required=>0}],
    );
 }

--- a/lib/SLUB/LZA/Rosetta/TA/Command/search.pm
+++ b/lib/SLUB/LZA/Rosetta/TA/Command/search.pm
@@ -79,7 +79,7 @@ sub execute {
        $startrecord = $opt->{startrecord};
    }
    my $query = SLUB::LZA::Rosetta::TA::common_sru::prepare_query($opt);
-    my $response = SLUB::LZA::Rosetta::TA::SRU::sru_search('ie', $query, $startrecord, $maxrecords, $opt->{verbose});
+    my $response = SLUB::LZA::Rosetta::TA::SRU::sru_search('ie', $query, $startrecord, $maxrecords, $opt->{verbose}, $opt->{user}, $opt->{password});
    say $response;
 }

--- a/lib/SLUB/LZA/Rosetta/TA/Crypt.pm
+++ b/lib/SLUB/LZA/Rosetta/TA/Crypt.pm
+package SLUB::LZA::Rosetta::TA::Crypt;
+use strict;
+use warnings;
+use Crypt::Mode::CBC;
+our $salt = pack("H16", "There is no security by obscurity!");
+sub encrypt {
+    my $what = shift;
+    my $iv = "74387112"; # length needs to be of 8
+    my $c = Crypt::Mode::CBC->new('Blowfish');
+    my $password = $c->encrypt($what, $salt, $iv);
+    my $password_hex = unpack("H*", $password);
+    return $password_hex;
+}
+sub decrypt {
+    my $password_hex = shift;
+    my $c = Crypt::Mode::CBC->new('Blowfish');
+    if (defined $password_hex) {
+        my $iv = "74387112"; # length needs to be of 8
+        my $password = pack("H*", $password_hex);
+        my $decrypted = $c->decrypt($password, $salt, $iv);
+        return $decrypted;
+    }
+    return;
+}
+1;
--- a/lib/SLUB/LZA/Rosetta/TA/SRU.pm
+++ b/lib/SLUB/LZA/Rosetta/TA/SRU.pm
@@ -2,6 +2,9 @@ package SLUB::LZA::Rosetta::TA::SRU;
 use strict;
 use warnings;
 use feature qw(say);
+use LWP::Authen::Basic;
+use LWP::UserAgent;
+use Carp;
 sub url_encode_simple {
    my $string = shift;
@@ -38,20 +41,35 @@ sub sru_search {
    $ua->agent("MyApp/0.1 ");
    $ua->timeout(3600);#1h
    $ua->default_headers->push_header('Accept-Encoding' => 'br, lzma, bzip2, gzip, compressed, deflate');
    $ua->ssl_opts(
        verify_hostname=>1,
        # SSL_ca_path => '/etc/ssl/',
    );
    if ($is_verbose) {
        say "searchurl = $sru";
    }
+    foreach my $retry (1 .. 2) {
        my $req = $ua->get($sru);
        if ($req->is_success) {
            my $xres = $req->decoded_content;
            return $xres;
+        } else {
+            if ($retry == 1 and defined $SLUB::LZA::Rosetta::TA::config{"decrypted_password"} ) {
+                my $user = $SLUB::LZA::Rosetta::TA::config{"user"};
+                my $inst = $SLUB::LZA::Rosetta::TA::config{"institution"};
+                my $password = $SLUB::LZA::Rosetta::TA::config{"decrypted_password"};
+                my $preauth = "$user-institutionCode-$inst:$password";
+                my $auth = MIME::Base64::encode_base64($preauth , '');
+                $ua->default_headers->push_header('Authorization' => $auth);
+                warn "Retry using authentication";
            } else {
                croak("Error was: " . $req->status_line());
            }
        }
+    }
+}
 1;