From 977130c7ae3c3ee095e5219d88592962c92eeb96 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Fri, 5 Jun 2020 09:16:16 -0300 Subject: [PATCH] Bug 24003: Make the API set userenv on authentication This patch makes the authentication step stash the user that got authenticated so code outside the Mojo part of Koha can use it (i.e. through the use of C4::Context->userenv). To test: 1. Apply the regression tests 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t \ t/db_dependent/api/v1/auth_basic.t => FAIL: Tests fail! 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize Signed-off-by: Aleisha Amohia --- Koha/REST/V1/Auth.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 2679a76149..05126ca8c9 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -150,6 +150,8 @@ sub authenticate_api_request { # TODO: remove the latter 'openapi.op_spec' if minimum version is bumped to at least 1.17. my $spec = $c->openapi->spec || $c->match->endpoint->pattern->defaults->{'openapi.op_spec'}; + my $cookie_auth = 0; + my $authorization = $spec->{'x-koha-authorization'}; my $authorization_header = $c->req->headers->authorization; @@ -217,6 +219,7 @@ sub authenticate_api_request { $user = Koha::Patrons->find( $session->param('number') ) unless $session->param('sessiontype') and $session->param('sessiontype') eq 'anon'; + $cookie_auth = 1; } elsif ($status eq "maintenance") { Koha::Exceptions::UnderMaintenance->throw( @@ -242,6 +245,11 @@ sub authenticate_api_request { $c->stash('koha.user' => $user); + if ( $user and !$cookie_auth ) { # cookie-auth sets this and more, don't mess with that + C4::Context->_new_userenv( $user->borrowernumber ); + C4::Context->set_userenv( $user->borrowernumber ); + } + if ( !$authorization and ( $params->{is_public} and ( C4::Context->preference('RESTPublicAnonymousRequests') or -- 2.20.1