Use shib_cql if Shib is used for login

vufind-org · Jul 12, 2024 · e2d689c · e2d689c
1 parent d2ce442
commit e2d689c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/config/vufind/Folio.ini b/config/vufind/Folio.ini
@@ -88,6 +88,9 @@ password_field = false
 ; %%username_field%% = The username_field config setting (above)
 ; %%password_field%% = The password_field config setting (above)
 ;cql = '%%username_field%% == "%%username%%" and %%password_field%% == "%%password%%"'
+; If this CQL statement is uncommented, it will be used when a user is logged in
+; via Shibboleth (e.g., the $_SERVER['Shib-Session-ID'] array value exists).
+;shib_cql = 'externalSystemId == "%%username%%"'
 
 ; Should we try to log the user into the Okapi API (true) or just look them
 ; up in the database using [API] credentials above (false). If set to true,

diff --git a/module/VuFind/src/VuFind/ILS/Driver/Folio.php b/module/VuFind/src/VuFind/ILS/Driver/Folio.php
@@ -994,6 +994,10 @@ protected function patronLoginWithOkapi($username, $password)
     /**
      * Support method for patronLogin(): authenticate the patron with a CQL looup.
      * Returns the CQL query for retrieving more information about the user.
+     * 
+     * NOTE: this method looks for the existence of a $SERVER['Shib-Session-ID'] variable 
+     * and, if found, looks for a `shib-cql` configuration stanza to use instead of the
+     * standard `cql` stanza.
      *
      * @param string $username The patron username
      * @param string $password The patron password
@@ -1005,9 +1009,16 @@ protected function getUserWithCql($username, $password)
         // Construct user query using barcode, username, etc.
         $usernameField = $this->config['User']['username_field'] ?? 'username';
         $passwordField = $this->config['User']['password_field'] ?? false;
-        $cql = $this->config['User']['cql']
-            ?? '%%username_field%% == "%%username%%"'
-            . ($passwordField ? ' and %%password_field%% == "%%password%%"' : '');
+        if (
+            isset($this->config['User']['shib_cql'])
+            && array_key_exists('Shib-Session-ID', $_SERVER)
+        ) {
+            $cql = $this->config['User']['shib_cql'];
+        } else {
+            $cql = $this->config['User']['cql']
+                ?? '%%username_field%% == "%%username%%"'
+                . ($passwordField ? ' and %%password_field%% == "%%password%%"' : '');
+        }
         $placeholders = [
             '%%username_field%%',
             '%%password_field%%',