From 5f733763d048de2f39d52ee21f1a7f099637f79a Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Fri, 1 Feb 2019 15:18:45 +0000 Subject: [PATCH] Bug 17006: Add /patrons/{patron_id}/password This patch introduces an endpoint for changing a patron's password. It targets privileged user with the right permissions, changing some patron's password. To test: - Apply this patchset - Run: $ kshell k$ prove t/db_dependent/api/v1/patrons_password.t => SUCCESS: tests pass! - Play with the different use cases highlighted by the tests, on your favourite REST testing tool (Postman, RESTer on FF, etc). Sponsored-by: Municipal Libray Ceska Trebova Signed-off-by: Tomas Cohen Arazi Signed-off-by: Josef Moravec Signed-off-by: Kyle M Hall Signed-off-by: Nick Clemens (cherry picked from commit ae1e6b558c1e5c581fe0652774c97ae18531758a) Signed-off-by: Martin Renvoize --- Koha/REST/V1/Patrons/Password.pm | 76 ++++++++++++++++++++++++ t/db_dependent/api/v1/patrons_password.t | 4 +- 2 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 Koha/REST/V1/Patrons/Password.pm diff --git a/Koha/REST/V1/Patrons/Password.pm b/Koha/REST/V1/Patrons/Password.pm new file mode 100644 index 0000000000..f8e14947d8 --- /dev/null +++ b/Koha/REST/V1/Patrons/Password.pm @@ -0,0 +1,76 @@ +package Koha::REST::V1::Patrons::Password; + +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +use Modern::Perl; + +use Mojo::Base 'Mojolicious::Controller'; + +use Koha::Patrons; + +use Scalar::Util qw(blessed); +use Try::Tiny; + +=head1 NAME + +Koha::REST::V1::Patrons::Password + +=head1 API + +=head2 Methods + +=head3 set + +Controller method that sets a patron's password, permission driven + +=cut + +sub set { + + my $c = shift->openapi->valid_input or return; + + my $patron = Koha::Patrons->find( $c->validation->param('patron_id') ); + my $body = $c->validation->param('body'); + + unless ($patron) { + return $c->render( status => 404, openapi => { error => "Patron not found." } ); + } + + my $password = $body->{password} // ""; + my $password_2 = $body->{password_2} // ""; + + unless ( $password eq $password_2 ) { + return $c->render( status => 400, openapi => { error => "Passwords don't match" } ); + } + + return try { + + ## Change password + $patron->set_password($password); + + return $c->render( status => 200, openapi => "" ); + } + catch { + unless ( blessed $_ && $_->can('rethrow') ) { + return $c->render( status => 500, openapi => { error => "$_" } ); + } + + # an exception was raised. return 400 with the stringified exception + return $c->render( status => 400, openapi => { error => "$_" } ); + }; +} + +1; diff --git a/t/db_dependent/api/v1/patrons_password.t b/t/db_dependent/api/v1/patrons_password.t index 2b86fb2714..f066f946eb 100644 --- a/t/db_dependent/api/v1/patrons_password.t +++ b/t/db_dependent/api/v1/patrons_password.t @@ -86,7 +86,7 @@ subtest 'set() (authorized user tests)' => sub { $tx->req->cookies( { name => 'CGISESSID', value => $session->id } ); $tx->req->env( { REMOTE_ADDR => '127.0.0.1' } ); - $t->request_ok($tx)->status_is(400)->json_is({ error => 'Password contains trailing spaces, which is forbidden.' }); + $t->request_ok($tx)->status_is(400)->json_is({ error => '[Password contains leading/trailing whitespace character(s)]' }); $new_password = 'abcdefg'; $tx @@ -106,7 +106,7 @@ subtest 'set() (authorized user tests)' => sub { $tx->req->cookies( { name => 'CGISESSID', value => $session->id } ); $tx->req->env( { REMOTE_ADDR => '127.0.0.1' } ); - $t->request_ok($tx)->status_is(400)->json_is({ error => 'Password is too weak' }); + $t->request_ok($tx)->status_is(400)->json_is({ error => '[Password is too weak]' }); $new_password = 'ABcde123%&'; $tx -- 2.39.5