From 28fb7b4f83b84069954fd6baf7e1e762c67ee75c Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 4 May 2020 15:43:18 -0300 Subject: [PATCH] Bug 25327: Do not call authenticate_api_request to render the spec The original code for Koha::REST::V1::Auth::under called authenticate_api_request when requesting the API spec. This didn't make sense, and recent changes on what conditions are tested for public routes, broke the route. We could add another condition, but it really doesn't make sense to call authenticate_api_request if it should be publicly available in any configuration, as discussed on the bug. This patch adds a trivial check and the requested route, and lets the request through in any case in 'under'. To test: 1. Point your browser to: http://kohadev.myDNSname.org:8080/api/v1/ http://kohadev.myDNSname.org:8080/api/v1/.html => FAIL: In both cases you get an authorization error. 2. Apply the regression tests patch 3. Run: $ kshell k$ prove t/db_dependent/api/v1/auth.t => FAIL: The tests reflect the situation, and fail 4. Apply this patch 5. Repeat 1 and 3 => SUCCESS: All good! 6. Sign off :-D Signed-off-by: Tomas Cohen Arazi Signed-off-by: Nick Clemens Signed-off-by: Jonathan Druart Signed-off-by: Aleisha Amohia --- Koha/REST/V1/Auth.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index c94d651494..ca26530f61 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -84,6 +84,9 @@ sub under { # Requesting a token shouldn't go through the API authenticaction chain $status = 1; } + elsif ( $namespace eq '' or $namespace eq '.html' ) { + $status = 1; + } else { $status = authenticate_api_request($c, { is_public => $is_public, is_plugin => $is_plugin }); } -- 2.39.5