From 3d9d07d03bdfc8c18bb1595839dc9a8d2878ebc2 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Fri, 5 Jun 2020 09:16:16 -0300 Subject: [PATCH] Bug 24003: Make the API set userenv on authentication This patch makes the authentication step stash the user that got authenticated so code outside the Mojo part of Koha can use it (i.e. through the use of C4::Context->userenv). To test: 1. Apply the regression tests 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t \ t/db_dependent/api/v1/auth_basic.t => FAIL: Tests fail! 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart (cherry picked from commit 682d7896dd8e91fe846221d9605f79ca44d16360) Signed-off-by: Lucas Gass --- Koha/REST/V1/Auth.pm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index a4bb7ae233..b0966868b9 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -154,6 +154,7 @@ sub authenticate_api_request { my $spec = $c->openapi->spec || $c->match->endpoint->pattern->defaults->{'openapi.op_spec'}; $c->stash_embed({ spec => $spec }); + my $cookie_auth = 0; my $authorization = $spec->{'x-koha-authorization'}; @@ -222,6 +223,7 @@ sub authenticate_api_request { $user = Koha::Patrons->find( $session->param('number') ) unless $session->param('sessiontype') and $session->param('sessiontype') eq 'anon'; + $cookie_auth = 1; } elsif ($status eq "maintenance") { Koha::Exceptions::UnderMaintenance->throw( @@ -247,6 +249,11 @@ sub authenticate_api_request { $c->stash('koha.user' => $user); + if ( $user and !$cookie_auth ) { # cookie-auth sets this and more, don't mess with that + C4::Context->_new_userenv( $user->borrowernumber ); + C4::Context->set_userenv( $user->borrowernumber ); + } + if ( !$authorization and ( $params->{is_public} and ( C4::Context->preference('RESTPublicAnonymousRequests') or -- 2.39.5