From 2bc1e0f84fdd5e24d670e75603a7c692b71917cb Mon Sep 17 00:00:00 2001 From: Lucas Gass Date: Tue, 12 Feb 2019 00:38:41 +0000 Subject: [PATCH] Bug 22132: Add Basic authentication to the API - Revert This reverts commit 2403b01021e66cae65e210426b644cc6a695ff5f. Signed-off-by: Lucas Gass --- Koha/REST/V1/Auth.pm | 46 ++------------------------------------------ 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index ab3af44460..cf64a25828 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -21,7 +21,7 @@ use Modern::Perl; use Mojo::Base 'Mojolicious::Controller'; -use C4::Auth qw( check_cookie_auth checkpw_internal get_session haspermission ); +use C4::Auth qw( check_cookie_auth get_session haspermission ); use C4::Context; use Koha::ApiKeys; @@ -37,7 +37,6 @@ use Koha::Exceptions; use Koha::Exceptions::Authentication; use Koha::Exceptions::Authorization; -use MIME::Base64; use Module::Load::Conditional; use Scalar::Util qw( blessed ); use Try::Tiny; @@ -79,7 +78,7 @@ sub under { return $c->render(status => 401, json => { error => $_->error }); } elsif ($_->isa('Koha::Exceptions::Authentication')) { - return $c->render(status => 401, json => { error => $_->error }); + return $c->render(status => 500, json => { error => $_->error }); } elsif ($_->isa('Koha::Exceptions::BadParameter')) { return $c->render(status => 400, json => $_->error ); @@ -152,21 +151,6 @@ sub authenticate_api_request { ); } } - elsif ( $authorization_header and $authorization_header =~ /^Basic / ) { - unless ( C4::Context->preference('RESTBasicAuth') ) { - Koha::Exceptions::Authentication::Required->throw( - error => 'Basic authentication disabled' - ); - } - $user = $c->_basic_auth( $authorization_header ); - unless ( $user ) { - # If we have "Authorization: Basic" header and authentication - # failed, do not try other authentication means - Koha::Exceptions::Authentication::Required->throw( - error => 'Authentication failure.' - ); - } - } else { my $cookie = $c->cookie('CGISESSID'); @@ -406,30 +390,4 @@ sub _object_ownership_by_reserve_id { return $reserve && $user->borrowernumber == $reserve->borrowernumber; } -=head3 _basic_auth - -Internal method that performs Basic authentication. - -=cut - -sub _basic_auth { - my ( $c, $authorization_header ) = @_; - - my ( $type, $credentials ) = split / /, $authorization_header; - - unless ($credentials) { - Koha::Exceptions::Authentication::Required->throw( error => 'Authentication failure.' ); - } - - my $decoded_credentials = decode_base64( $credentials ); - my ( $user_id, $password ) = split( /:/, $decoded_credentials, 2 ); - - my $dbh = C4::Context->dbh; - unless ( checkpw_internal($dbh, $user_id, $password ) ) { - Koha::Exceptions::Authorization::Unauthorized->throw( error => 'Invalid password' ); - } - - return Koha::Patrons->find({ userid => $user_id }); -} - 1; -- 2.39.5