From 763343a152b1e2a7a0c4fb6f6b8fd685843eb562 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Thu, 3 May 2018 15:29:22 -0300 Subject: [PATCH] Bug 20624: (QA follow-up) Handle missing deps gracefuly This patch makes the /token endpoint and the authenticate_api_request method behave correctly in the event of missing deps for OAuth2. To test: - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: The behaviour is not implemented - Apply this patch - Run: k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart --- Koha/REST/V1/Auth.pm | 14 ++++++++++++-- Koha/REST/V1/OAuth.pm | 29 ++++++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 1df26e49cf..b2ccd6b59e 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -21,8 +21,6 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; -use Net::OAuth2::AuthorizationServer; - use C4::Auth qw( check_cookie_auth get_session haspermission ); use C4::Context; @@ -39,6 +37,7 @@ use Koha::Exceptions; use Koha::Exceptions::Authentication; use Koha::Exceptions::Authorization; +use Module::Load::Conditional; use Scalar::Util qw( blessed ); use Try::Tiny; @@ -118,7 +117,18 @@ sub authenticate_api_request { my $authorization = $spec->{'x-koha-authorization'}; my $authorization_header = $c->req->headers->authorization; + if ($authorization_header and $authorization_header =~ /^Bearer /) { + # attempt to use OAuth2 authentication + if ( ! Module::Load::Conditional::can_load('Net::OAuth2::AuthorizationServer') ) { + Koha::Exceptions::Authorization::Unauthorized->throw( + error => 'Authentication failure.' + ); + } + else { + require Net::OAuth2::AuthorizationServer; + } + my $server = Net::OAuth2::AuthorizationServer->new; my $grant = $server->client_credentials_grant(Koha::OAuth::config); my ($type, $token) = split / /, $authorization_header; diff --git a/Koha/REST/V1/OAuth.pm b/Koha/REST/V1/OAuth.pm index d201f8818b..dc098859a7 100644 --- a/Koha/REST/V1/OAuth.pm +++ b/Koha/REST/V1/OAuth.pm @@ -1,17 +1,40 @@ package Koha::REST::V1::OAuth; +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + use Modern::Perl; -use Mojo::Base 'Mojolicious::Controller'; +use Module::Load::Conditional; -use Net::OAuth2::AuthorizationServer; +use C4::Context; use Koha::OAuth; -use C4::Context; +use Mojo::Base 'Mojolicious::Controller'; sub token { + my $c = shift->openapi->valid_input or return; + if ( Module::Load::Conditional::can_load('Net::OAuth2::AuthorizationServer') ) { + require Net::OAuth2::AuthorizationServer; + } + else { + return $c->render( status => 400, openapi => { error => 'Unimplemented grant type' } ); + } + my $grant_type = $c->validation->param('grant_type'); unless ( $grant_type eq 'client_credentials' and C4::Context->preference('RESTOAuth2ClientCredentials') ) { return $c->render(status => 400, openapi => {error => 'Unimplemented grant type'}); -- 2.39.5