The kohadevbox has admin/admin set, so for testing when
creating the initial superuser, if you wish to minimize
effort, use admin/admin. Otherwise, make sure to:
export KOHA_USER={whatever your user is}
export KOHA_PASS={whatever your password is}
before attempting to run the test.
Also, this test was failing because of a validation check on
the passwords requiring uppercase letters, lowercase letters,
and numbers. Changed the sample data passwords to fix.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This selenium test goes through the process of creating a category and
patron user (as is completed in the basic_workflow.t test) then the
superlibrarian used to create them is logged out and the newly created
patron user authenticates into the OPAC and staff intranet therefore testing the
authenitcation of both.
Test plan (this test plan includes how to install Selenium as well as
how to run this test, for the benefit of people who have not got
Selenium installed on their machines):
1. wget https://selenium-release.storage.googleapis.com/2.53/selenium-server-standalone-2.53.0.jar
2. vim /etc/apt/sources.list.d/firefox.list
3. Paste into the file:
deb http://packages.linuxmint.com debian import
4. sudo apt-get update
5. sudo apt-get install firefox
6. sudo apt-get install xvfb
7. Set the SELENIUM_PATH vartiable:
SELENIUM_PATH=/home/vagrant/kohaclone/selenium-server-standalone-2.53.0.jar
8. Xvfb :1 -screen 0 1024x768x24 2>&1 >/dev/null &
9. DISPLAY=:1 java -jar $SELENIUM_PATH
Note: This will start up the selenium server. Everytime you want to shut
down this terminal window and want to restart Selenium just run the step
9 command to restart the Selenium server
10. Open a new terminal window and write in:
git clone https://github.com/gempesaw/Selenium-Remote-Driver --branch
build/master --single-branch --depth 1
11. cd Selenium-Remote-Driver
12. perl Makefile.PL
13. make
14. make test
15. sudo make install
16. Now everything is installed and you can et up for running the selenium tests
17. Create a superlibrarian user with the username koha and password
koha
18. If your usual port configuration for the intranet and OPAC is 8081
and 8080 respectively then set the staffClientBaseURL and OPACBaseURL
system preferences to localhost:8080 and localhost:80 respectively
19. sudo koha-shell <instancename>
20. perl t/db_dependent/selenium/authenticate.t
21. The test should pass.
Note: The time_diff comments in the test output showing what the test is
doing
Note: If you have issues with installing Selenium and
Selenium::Remote::Driver please write a comment on the bug report and I
will be more than happy to create a screencapture video showing all the
steps
Sponsored-By: Catalyst IT
https://bugs.koha-community.org/show_bug.cgi?id=19181
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Run t/db_dependent/Virtualshelves.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This 'bug' existed long enough now to finally remove it ;)
We do so by deleting the invitation if the borrower already has a share
on this list. Actually not that hard.
We still need: a unit test and a db revision.
Test plan:
[1] Share a list. Let user B accept.
[2] Without this patch: Share again and let B accept again.
[3] Verify that you have two shares for this list in virtualshelfshares.
[4] With this patch: Share another list, let B accept.
[5] Share this other list again, let B accept again.
[6] Verify that virtualshelfshares does not contain double entries now.
(Note: This pertains to the second list only.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
While we get packaging sorted, Net::OAuth2::AuthorizationServer is not a
hard dependency for Koha and the feature requiring it is disabled by
default.
This patch:
- Makes the dependency optional
- Makes the unit tests for the OAuth2 client credentials flow skip if
the dependency is not met.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the /token endpoint and the authenticate_api_request
method behave correctly in the event of missing deps for OAuth2.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: The behaviour is not implemented
- Apply this patch
- Run:
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.
To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the /api/v1/oauth/token enpoint respect the
RESTOAuth2ClientCredentials syspref. It will return 400 (with
'Unimplemented grant type' error message) on the event of the syspref
being disabled and the grant_type => 'client_credentials' value passed.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: It fails because the off-switch is not implemented
- Apply this patch
- Run:
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
As Martin correctly highlighted, the method name is not correctly
spelled in POD. This patch fixes it.
To test:
- Look carefully
=> FAIL: Method name is _verify_client_cb but POD says _verify_client_db
- Apply this patch
- Look carefully
=> SUCCESS: Notice the POD is fixed!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch wires the OAuth related code so it leverages on the new
Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the
hardcoded entries in koha-conf.xml originally proposed by bug 20402.
To test revisit the test plan for bug 20402, and verify that it works.
But create API key pairs instead of writing them down in koha-conf.xml.
Also:
- Run:
$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s)
classes. It adds tests for expired tokens too.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests should fail without the rest of the patches.
Sponsored-by: ByWater Solutions
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Edit: fix warning introduced by this patch
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch addresses the request from Julian that api keys are expected
to be client id/secret pairs.
It does so by
- Adding 'client_id' and 'secret' columns
- Removing 'value'
Tests got adjusted and so controller scripts and templates.
Both libs and tests changes have been squashed. This ones remain in
order to keep Owen's attribution on the template changes and avoid
rebase conflicts.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes some interface changes to bring things better in line
with existing interface patterns. This patch also re-indents the
modified templates with 4 spaces instead of 2 and makes <input>s
self-closing.
Also changed: Corrected system preference check in opac-apikeys.pl.
To test, apply the patch and:
In the staff client:
- Open a patron record and choose More -> Manage API keys.
- There should be a standard message dialog containing a link to
"Generate a new key."
- Clicking the link should show the form for adding a new key.
- Test that clicking the "Cancel" link hides the form.
- Test that creating the new key works correctly.
- You should now see a table showing existing keys and a "Generate a
new key" button above it.
- Test that the "Delete" button asks for confirmation, and that
confirming and denying both work correctly.
- Test that "Revoke" and "Activate" actions still work correctly.
In the OPAC:
- Set the AllowPatronsManageAPIKeysInOPAC system preference to "Allow."
- Log in to the OPAC and click the "your API keys" link in the sidebar.
- Clicking the "Generate new key" button should display the form for
adding a new key.
- Clicking the "cancel" link should hide the form.
- Submitting the form should add a new key.
- You should now see a table showing existing keys.
- Test that the "Delete" link asks for confirmation, and that
confirming and denying both work correctly.
- Test that "Revoke" and "Activate" actions still work correctly.
- Set the AllowPatronsManageAPIKeysInOPAC system preference to "Don't
allow."
- Log in to the OPAC and confirm that the "your API keys" link in the
sidebar is no longer visible.
- Confirm that navigating directly to /cgi-bin/koha/opac-apikeys.pl
results in a 404 error.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the OPAC interface for API keys management work
with the new lib. Verify all actions work for a logged user.
Users without login should be redirected to an error page.
The AllowPatronsManageAPIKeysInOPAC syspref is added to control if the
OPAC feature is enabled or not.
To test:
- Verify the syspref works
- Verify users can manage their API keys
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds unit tests for the introduced classes: Koha::ApiKey(s).
To test:
- Apply this patch
- Run
$ kshell
k$ prove t/db_dependent/Koha/ApiKeys.t
=> FAIL: Tests fail because the feature is not implemented.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch changes the table structure adding fields usually found on
this kind of api management pages.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.
Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
API keys". Click on it.
9/ Repeat steps 4-6
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
GET /patrons now requires { "borrowers": 1 } instead of
{ "borrowers": "edit_borrowers" }
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.
Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an <api_client> element under <config>:
<api_client>
<client_id>$CLIENT_ID</client_id>
<client_secret>$CLIENT_SECRET</client_secret>
<patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
</api_client>
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
configuration:
- OAuth flow: Client credentials
- Access Token Request Method: POST
- Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
- Access Token Request Client Authentication: Credentials in request
body
- Client ID: $CLIENT_ID
- Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
(which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
http://$KOHA_URL/api/v1/patrons then click on SEND
If patron X has permission 'borrowers', it should return 200 OK
with the list of patrons
Otherwise it should return 403 with the list of required permissions
(Please test both cases)
7. Wait an hour (or run the following SQL query:
UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
You should have a 403 Forbidden status, and the token must have been
removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
using the previous SQL query, and run the following command:
misc/cronjobs/cleanup_database.pl --oauth-tokens
Verify that expired tokens were removed, and that the others are
still there
9. prove t/db_dependent/api/v1/oauth.t
[1] https://addons.mozilla.org/en-US/firefox/addon/rester/
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a --timezone switch to koha-create so the timezone can
be set on creation time. It defaults to empty (i.e. using the server's
local time).
To test:
- Create an instance:
$ sudo koha-create --create-db timezone1
=> SUCCESS: /etc/koha/sites/timezone1/koha-conf.xml contains an empty
<timezone> entry.
- Apply this patch
- Run:
$ perl misc4dev/cp_debian_files.pl
- Create a new instance:
$ sudo koha-create --create-db timezone2
=> SUCCESS: /etc/koha/sites/timezone2/koha-conf.xml contains an empty
<timezone> entry (i.e. the current behaviour is preserved).
- Create a new instance:
$ sudo koha-create --create-db --timezone Your/Timezone timezone3
=> SUCCESS: /etc/koha/sites/timezone3/koha-conf.xml contains
<timezone>Your/Timezone</timezone> (i.e. introduced behaviour works)
- Sign off :-D
Sponsored-by: ByWater Solutions
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If items.restricted == 1, CanBookBeIssued will not returned what we are
testing.
The easiest and global fix is to define a default value at TestBuilder
package level
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett
Julian Maurice