Bug 20402: Don't look at cookies if OAuth2 is attempted and has failed
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
parent
ccc034195e
commit
996b100f1f
1 changed files with 25 additions and 16 deletions
|
@ -113,6 +113,8 @@ sub authenticate_api_request {
|
|||
my $spec = $c->match->endpoint->pattern->defaults->{'openapi.op_spec'};
|
||||
my $authorization = $spec->{'x-koha-authorization'};
|
||||
|
||||
my $authorization_header = $c->req->headers->authorization;
|
||||
if ($authorization_header and $authorization_header =~ /^Bearer /) {
|
||||
if (my $oauth = $c->oauth) {
|
||||
my $clients = C4::Context->config('api_client');
|
||||
$clients = [ $clients ] unless ref $clients eq 'ARRAY';
|
||||
|
@ -137,6 +139,13 @@ sub authenticate_api_request {
|
|||
);
|
||||
}
|
||||
|
||||
# If we have "Authorization: Bearer" header and oauth authentication
|
||||
# failed, do not try other authentication means
|
||||
Koha::Exceptions::Authentication::Required->throw(
|
||||
error => 'Authentication failure.'
|
||||
);
|
||||
}
|
||||
|
||||
my $cookie = $c->cookie('CGISESSID');
|
||||
my ($session, $user);
|
||||
# Mojo doesn't use %ENV the way CGI apps do
|
||||
|
|
Loading…
Reference in a new issue