From 997a5705504b63cbaf9ae41f0487f5c1654c686f Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Wed, 2 May 2018 15:51:38 -0300 Subject: [PATCH] Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials This patch makes the /api/v1/oauth/token enpoint respect the RESTOAuth2ClientCredentials syspref. It will return 400 (with 'Unimplemented grant type' error message) on the event of the syspref being disabled and the grant_type => 'client_credentials' value passed. To test: - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: It fails because the off-switch is not implemented - Apply this patch - Run: k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart --- Koha/REST/V1/OAuth.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Koha/REST/V1/OAuth.pm b/Koha/REST/V1/OAuth.pm index 727838bf2e..d201f8818b 100644 --- a/Koha/REST/V1/OAuth.pm +++ b/Koha/REST/V1/OAuth.pm @@ -13,7 +13,7 @@ sub token { my $c = shift->openapi->valid_input or return; my $grant_type = $c->validation->param('grant_type'); - unless ($grant_type eq 'client_credentials') { + unless ( $grant_type eq 'client_credentials' and C4::Context->preference('RESTOAuth2ClientCredentials') ) { return $c->render(status => 400, openapi => {error => 'Unimplemented grant type'}); } -- 2.39.5