From 2bc1e0f84fdd5e24d670e75603a7c692b71917cb Mon Sep 17 00:00:00 2001
From: Lucas Gass <lucas@bywatersolutions.com>
Date: Tue, 12 Feb 2019 00:38:41 +0000
Subject: [PATCH] Bug 22132: Add Basic authentication to the API - Revert

This reverts commit 2403b01021e66cae65e210426b644cc6a695ff5f.

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
---
 Koha/REST/V1/Auth.pm | 46 ++------------------------------------------
 1 file changed, 2 insertions(+), 44 deletions(-)

diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm
index ab3af44460..cf64a25828 100644
--- a/Koha/REST/V1/Auth.pm
+++ b/Koha/REST/V1/Auth.pm
@@ -21,7 +21,7 @@ use Modern::Perl;
 
 use Mojo::Base 'Mojolicious::Controller';
 
-use C4::Auth qw( check_cookie_auth checkpw_internal get_session haspermission );
+use C4::Auth qw( check_cookie_auth get_session haspermission );
 use C4::Context;
 
 use Koha::ApiKeys;
@@ -37,7 +37,6 @@ use Koha::Exceptions;
 use Koha::Exceptions::Authentication;
 use Koha::Exceptions::Authorization;
 
-use MIME::Base64;
 use Module::Load::Conditional;
 use Scalar::Util qw( blessed );
 use Try::Tiny;
@@ -79,7 +78,7 @@ sub under {
             return $c->render(status => 401, json => { error => $_->error });
         }
         elsif ($_->isa('Koha::Exceptions::Authentication')) {
-            return $c->render(status => 401, json => { error => $_->error });
+            return $c->render(status => 500, json => { error => $_->error });
         }
         elsif ($_->isa('Koha::Exceptions::BadParameter')) {
             return $c->render(status => 400, json => $_->error );
@@ -152,21 +151,6 @@ sub authenticate_api_request {
             );
         }
     }
-    elsif ( $authorization_header and $authorization_header =~ /^Basic / ) {
-        unless ( C4::Context->preference('RESTBasicAuth') ) {
-            Koha::Exceptions::Authentication::Required->throw(
-                error => 'Basic authentication disabled'
-            );
-        }
-        $user = $c->_basic_auth( $authorization_header );
-        unless ( $user ) {
-            # If we have "Authorization: Basic" header and authentication
-            # failed, do not try other authentication means
-            Koha::Exceptions::Authentication::Required->throw(
-                error => 'Authentication failure.'
-            );
-        }
-    }
     else {
 
         my $cookie = $c->cookie('CGISESSID');
@@ -406,30 +390,4 @@ sub _object_ownership_by_reserve_id {
     return $reserve && $user->borrowernumber == $reserve->borrowernumber;
 }
 
-=head3 _basic_auth
-
-Internal method that performs Basic authentication.
-
-=cut
-
-sub _basic_auth {
-    my ( $c, $authorization_header ) = @_;
-
-    my ( $type, $credentials ) = split / /, $authorization_header;
-
-    unless ($credentials) {
-        Koha::Exceptions::Authentication::Required->throw( error => 'Authentication failure.' );
-    }
-
-    my $decoded_credentials = decode_base64( $credentials );
-    my ( $user_id, $password ) = split( /:/, $decoded_credentials, 2 );
-
-    my $dbh = C4::Context->dbh;
-    unless ( checkpw_internal($dbh, $user_id, $password ) ) {
-        Koha::Exceptions::Authorization::Unauthorized->throw( error => 'Invalid password' );
-    }
-
-    return Koha::Patrons->find({ userid => $user_id });
-}
-
 1;
-- 
2.39.5