]> git.koha-community.org Git - koha.git/commit
Bug 33708: Make staff interface login not require public API (OAuth/OIDC)
authorTomas Cohen Arazi <tomascohen@theke.io>
Tue, 9 May 2023 21:03:50 +0000 (18:03 -0300)
committerMatt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Thu, 8 Jun 2023 16:51:20 +0000 (16:51 +0000)
commit9450ffe660a5c83d58c68ac0cf5da30020fc4233
tree521f123c871126623d0146482b0674eaf0f2dad1
parent202f376c425b2f551dfcc1ee07d012d90fa0b17c
Bug 33708: Make staff interface login not require public API (OAuth/OIDC)

This patch makes the URL for staff login not point to the `/public`
namespace. The behavior is not changed for the protocol, but as
`/public` requires several settings to be available, it effectively
requires to enable the OPAC, the public API, etc. This patch
diferentiates both to solve the problem.

I've tested following the Wiki instructions to set keycloak [1] using
the *--sso* switch for `ktd` as well [2].

It is important to set the following URLs as allowed redirect in order
to replicate the issue and verify the fix:

http://localhost:8080/api/v1/public/oauth/login/test/opac
http://localhost:8081/api/v1/oauth/login/test/staff

To test:
1. Login into the staff interface using the SSO link:
=> FAIL: Results in a 'Bad redirect URL' error
2. Apply this patch and repeat 1
=> SUCCESS: You get a permission denied error or you just login,
depending on your setup.

[1] https://wiki.koha-community.org/wiki/Testing_SSO
[2] ktd --sso up -d

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit dd512db60b21080a1c1cfeae2a3891edd69fd95e)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Koha/REST/V1/OAuth/Client.pm