Koha/members/apikeys.pl
Julian Maurice 3aa102d0c3 Bug 20568: API keys management in interface
This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.

Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
   correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
   API keys". Click on it.
9/ Repeat steps 4-6

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-09 12:55:58 -03:00

96 lines
2.9 KiB
Perl
Executable file

#!/usr/bin/env perl
# Copyright 2015 BibLibre
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use Modern::Perl;
use CGI;
use String::Random;
use C4::Auth;
use C4::Members;
use C4::Output;
use Koha::ApiKeys;
use Koha::ApiKey;
my $cgi = new CGI;
my ($template, $loggedinuser, $cookie) = get_template_and_user({
template_name => 'members/apikeys.tt',
query => $cgi,
type => 'intranet',
authnotrequired => 0,
flagsrequired => {borrowers => 1},
});
my $borrowernumber = $cgi->param('borrowernumber');
my $borrower = C4::Members::GetMember(borrowernumber => $borrowernumber);
my $op = $cgi->param('op');
if ($op) {
if ($op eq 'generate') {
my $apikey = new Koha::ApiKey;
$apikey->borrowernumber($borrowernumber);
$apikey->api_key(String::Random->new->randregex('[a-zA-Z0-9]{32}'));
$apikey->store;
print $cgi->redirect('/cgi-bin/koha/members/apikeys.pl?borrowernumber=' . $borrowernumber);
exit;
}
if ($op eq 'delete') {
my $key = $cgi->param('key');
my $api_key = Koha::ApiKeys->find({borrowernumber => $borrowernumber, api_key => $key});
if ($api_key) {
$api_key->delete;
}
print $cgi->redirect('/cgi-bin/koha/members/apikeys.pl?borrowernumber=' . $borrowernumber);
exit;
}
if ($op eq 'revoke') {
my $key = $cgi->param('key');
my $api_key = Koha::ApiKeys->find({borrowernumber => $borrowernumber, api_key => $key});
if ($api_key) {
$api_key->active(0);
$api_key->store;
}
print $cgi->redirect('/cgi-bin/koha/members/apikeys.pl?borrowernumber=' . $borrowernumber);
exit;
}
if ($op eq 'activate') {
my $key = $cgi->param('key');
my $api_key = Koha::ApiKeys->find({borrowernumber => $borrowernumber, api_key => $key});
if ($api_key) {
$api_key->active(1);
$api_key->store;
}
print $cgi->redirect('/cgi-bin/koha/members/apikeys.pl?borrowernumber=' . $borrowernumber);
exit;
}
}
my @api_keys = Koha::ApiKeys->search({borrowernumber => $borrowernumber});
$template->param(
api_keys => \@api_keys,
borrower => $borrower,
borrowernumber => $borrowernumber,
);
output_html_with_http_headers $cgi, $cookie, $template->output;