Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/t/db_dependent/api/v1/auth.t
Lari Taskula e2fc524701 Bug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI 
This patch migrates from Swagger2 to Mojolicious::Plugin::OpenAPI as Swagger2 is
no longer actively maintained.

This migration involves some minor changes to our Swagger specification documents
and to controllers. Each operation is migrated in following patches separately.
Please see Mojolicious::Plugin::OpenAPI and its tutorial for more documentation.

The patch also refactors some API authentication -related code by taking advantage
of Koha::Exceptions. Authentication is now handled via Mojolicious's "under->to"
functionality. The actual authentication & authorization checks are moved to
Koha::REST::V1::Auth. Added a HTTP 503 response for when database update is
required, instead of returning an authentication failure as before.

To test:
1. prove t/db_dependent/api/v1/auth.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-09-21 11:27:04 -03:00

116 lines
3.6 KiB
Perl
Raw Blame History

#!/usr/bin/env perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with Koha; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
use Modern::Perl;
use Test::More tests => 1;
use Test::Mojo;
use Test::Warn;
use t::lib::TestBuilder;
use t::lib::Mocks;
use C4::Auth;
use Koha::Database;
my $schema = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new;
# FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
# this affects the other REST api tests
t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
my $remote_address = '127.0.0.1';
my $t = Test::Mojo->new('Koha::REST::V1');
my $tx;
subtest 'under() tests' => sub {
plan tests => 15;
$schema->storage->txn_begin;
my ($borrowernumber, $session_id) = create_user_and_session();
# 401 (no authentication)
$tx = $t->ua->build_tx( GET => "/api/v1/patrons" );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(401)
->json_is('/error', 'Authentication failure.');
# 403 (no permission)
$tx = $t->ua->build_tx( GET => "/api/v1/patrons" );
$tx->req->cookies(
{ name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(403)
->json_is('/error', 'Authorization failure. Missing required permission(s).');
# 401 (session expired)
my $session = C4::Auth::get_session($session_id);
$session->delete;
$session->flush;
$tx = $t->ua->build_tx( GET => "/api/v1/patrons" );
$tx->req->cookies(
{ name => 'CGISESSID', value => $session_id } );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(401)
->json_is('/error', 'Session has been expired.');
# 503 (under maintenance & pending update)
t::lib::Mocks::mock_preference('Version', 1);
$tx = $t->ua->build_tx( GET => "/api/v1/patrons" );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(503)
->json_is('/error', 'System is under maintenance.');
# 503 (under maintenance & database not installed)
t::lib::Mocks::mock_preference('Version', undef);
$tx = $t->ua->build_tx( GET => "/api/v1/patrons" );
$tx->req->env( { REMOTE_ADDR => $remote_address } );
$t->request_ok($tx)
->status_is(503)
->json_is('/error', 'System is under maintenance.');
$schema->storage->txn_rollback;
};
sub create_user_and_session {
my $user = $builder->build(
{
source => 'Borrower',
value => {
flags => 0
}
}
);
# Create a session for the authorized user
my $session = C4::Auth::get_session('');
$session->param( 'number', $user->{borrowernumber} );
$session->param( 'id', $user->{userid} );
$session->param( 'ip', '127.0.0.1' );
$session->param( 'lasttime', time() );
$session->flush;
return ( $user->{borrowernumber}, $session->id );
}
1;
View git blame Copy permalink