From dd58ce2a036e9b762f3e5418b7b670532de5dd05 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Wed, 27 Mar 2024 12:01:32 +0000 Subject: [PATCH] Bug 36420: Allow Basic authentication using `cardnumber` This patch makes the API Basic authentication work with cardnumbers. The used `checkpw_internal` method already does the fallback check. To test: 1. Apply the unit tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/auth_basic.t => FAIL: Tests explode! [1] 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D [1] This highlights an underlying bug! Instead of getting 403, etc we get a 500. This is because of the internal fallback mechanism allowing the cardnumber+password combination, but then the Koha::Patron->find... not finding :-D Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize Signed-off-by: Katrin Fischer (cherry picked from commit 154a2ea9ad5b6e911a504b8798f5ffe6df1c2297) Signed-off-by: Fridolin Somers --- Koha/REST/V1/Auth.pm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 4e729e88dd..e563315418 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -527,14 +527,16 @@ sub _basic_auth { Koha::Exceptions::Authentication::Required->throw( error => 'Authentication failure.' ); } - my $decoded_credentials = decode_base64( $credentials ); - my ( $user_id, $password ) = split( /:/, $decoded_credentials, 2 ); + my $decoded_credentials = decode_base64($credentials); + my ( $identifier, $password ) = split( /:/, $decoded_credentials, 2 ); - unless ( checkpw_internal($user_id, $password ) ) { + my $patron = Koha::Patrons->find( { userid => $identifier } ); + $patron //= Koha::Patrons->find( { cardnumber => $identifier } ); + + unless ( checkpw_internal( $identifier, $password ) ) { Koha::Exceptions::Authorization::Unauthorized->throw( error => 'Invalid password' ); } - my $patron = Koha::Patrons->find({ userid => $user_id }); if ( $patron->password_expired ) { Koha::Exceptions::Authorization::Unauthorized->throw( error => 'Password has expired' ); } -- 2.39.5