From 5c7d12e4e0f813fb31a9ebe7b5c6e5aee71c6cfc Mon Sep 17 00:00:00 2001 From: Julian Maurice Date: Tue, 17 Apr 2018 19:07:01 +0200 Subject: [PATCH] Bug 20402: Remove dependency on Mojo::Plugin::OAuth2::Server Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart --- C4/Installer/PerlDependencies.pm | 5 ----- Koha/REST/V1.pm | 3 --- Koha/REST/V1/Auth.pm | 13 +++++++++++-- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/C4/Installer/PerlDependencies.pm b/C4/Installer/PerlDependencies.pm index cfd8d689f8..ffc8661380 100644 --- a/C4/Installer/PerlDependencies.pm +++ b/C4/Installer/PerlDependencies.pm @@ -893,11 +893,6 @@ our $PERL_DEPS = { required => '1', min_ver => '0.16', }, - 'Mojolicious::Plugin::OAuth2::Server' => { - usage => 'REST API', - required => '1', - min_ver => '0.40', - } }; 1; diff --git a/Koha/REST/V1.pm b/Koha/REST/V1.pm index 9059ea5069..57ad113291 100644 --- a/Koha/REST/V1.pm +++ b/Koha/REST/V1.pm @@ -19,8 +19,6 @@ use Modern::Perl; use Mojo::Base 'Mojolicious'; -use Koha::OAuth; - use C4::Context; =head1 NAME @@ -53,7 +51,6 @@ sub startup { $self->secrets([$secret_passphrase]); } - $self->plugin('OAuth2::Server' => Koha::OAuth::config); $self->plugin(OpenAPI => { url => $self->home->rel_file("api/v1/swagger/swagger.json"), route => $self->routes->under('/api/v1')->to('Auth#under'), diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index f9b885f491..65f0e719c9 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -21,6 +21,8 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; +use Net::OAuth2::AuthorizationServer; + use C4::Auth qw( check_cookie_auth get_session haspermission ); use C4::Context; @@ -115,10 +117,17 @@ sub authenticate_api_request { my $authorization_header = $c->req->headers->authorization; if ($authorization_header and $authorization_header =~ /^Bearer /) { - if (my $oauth = $c->oauth) { + my $server = Net::OAuth2::AuthorizationServer->new; + my $grant = $server->client_credentials_grant(Koha::OAuth::config); + my ($type, $token) = split / /, $authorization_header; + my ($valid_token, $error) = $grant->verify_access_token( + access_token => $token, + ); + + if ($valid_token) { my $clients = C4::Context->config('api_client'); $clients = [ $clients ] unless ref $clients eq 'ARRAY'; - my ($client) = grep { $_->{client_id} eq $oauth->{client_id} } @$clients; + my ($client) = grep { $_->{client_id} eq $valid_token->{client_id} } @$clients; my $patron = Koha::Patrons->find($client->{patron_id}); my $permissions = $authorization->{'permissions'}; -- 2.39.5