From d4d69ade8c695b37fea03ad9cec2d3c2b74a2012 Mon Sep 17 00:00:00 2001 From: David Cook Date: Wed, 10 May 2023 02:43:44 +0000 Subject: [PATCH] Bug 33708: Allow anonymous access to OAuth endpoints Users needs anonymous access to OAuth endpoints so that they can login, and then use authenticated access for other endpoints. Signed-off-by: David Cook Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 05190ed1d99e3cca7cbd766a9f41e106f25d26a3) Signed-off-by: Matt Blenkinsop --- Koha/REST/V1/Auth.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 1b2a9c090b..b04fcaeb62 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -81,8 +81,8 @@ sub under { "Configuration prevents the usage of this endpoint by unprivileged users"); } - if ( $c->req->url->to_abs->path eq '/api/v1/oauth/token' ) { - # Requesting a token shouldn't go through the API authentication chain + if ( $c->req->url->to_abs->path =~ m#^/api/v1/oauth/# || $c->req->url->to_abs->path =~ m#^/api/v1/public/oauth/#) { + # Requesting OAuth endpoints shouldn't go through the API authentication chain $status = 1; } elsif ( $namespace eq '' or $namespace eq '.html' ) { -- 2.39.5