From 950cfa1173676008b337b1439a237880321bbb2d Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 7 Jul 2022 19:28:38 +0200 Subject: [PATCH] Bug 28787: Don't send the notice if we are not waiting for 2FA If we are fully logged-in or haven't pass the password phase, don't send the notice! Signed-off-by: Marcel de Rooy Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- Koha/REST/V1/Auth.pm | 68 ++++++++++++++----------- t/db_dependent/api/v1/two_factor_auth.t | 12 ++++- 2 files changed, 48 insertions(+), 32 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index ae2488f212..ba90ac4ab4 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -223,42 +223,50 @@ sub authenticate_api_request { my ($status, $session) = check_cookie_auth( $cookie, undef, { remote_addr => $remote_addr }); - if ($status eq "ok") { - $user = Koha::Patrons->find( $session->param('number') ); - $cookie_auth = 1; - } - elsif ($status eq "anon") { - $cookie_auth = 1; - } - elsif ($status eq "additional-auth-needed") { - if ( $c->req->url->to_abs->path eq '/api/v1/auth/otp/token_delivery' ) { + + if ( $c->req->url->to_abs->path eq '/api/v1/auth/otp/token_delivery' ) { + if ( $status eq 'additional-auth-needed' ) { + $user = Koha::Patrons->find( $session->param('number') ); + $cookie_auth = 1; + } + elsif ( $status eq 'ok' ) { + Koha::Exceptions::Authentication->throw( + error => 'Cannot request a new token.' ); + } + else { + Koha::Exceptions::Authentication::Required->throw( + error => 'Authentication failure.' ); + } + } else { + if ($status eq "ok") { $user = Koha::Patrons->find( $session->param('number') ); $cookie_auth = 1; - } else { + } + elsif ($status eq "anon") { + $cookie_auth = 1; + } + elsif ($status eq "additional-auth-needed") { + } + elsif ($status eq "maintenance") { + Koha::Exceptions::UnderMaintenance->throw( + error => 'System is under maintenance.' + ); + } + elsif ($status eq "expired" and $authorization) { + Koha::Exceptions::Authentication::SessionExpired->throw( + error => 'Session has been expired.' + ); + } + elsif ($status eq "failed" and $authorization) { Koha::Exceptions::Authentication::Required->throw( error => 'Authentication failure.' ); } - } - elsif ($status eq "maintenance") { - Koha::Exceptions::UnderMaintenance->throw( - error => 'System is under maintenance.' - ); - } - elsif ($status eq "expired" and $authorization) { - Koha::Exceptions::Authentication::SessionExpired->throw( - error => 'Session has been expired.' - ); - } - elsif ($status eq "failed" and $authorization) { - Koha::Exceptions::Authentication::Required->throw( - error => 'Authentication failure.' - ); - } - elsif ($authorization) { - Koha::Exceptions::Authentication->throw( - error => 'Unexpected authentication status.' - ); + elsif ($authorization) { + Koha::Exceptions::Authentication->throw( + error => 'Unexpected authentication status.' + ); + } } } diff --git a/t/db_dependent/api/v1/two_factor_auth.t b/t/db_dependent/api/v1/two_factor_auth.t index ddda4fd0a0..402d78ac6c 100755 --- a/t/db_dependent/api/v1/two_factor_auth.t +++ b/t/db_dependent/api/v1/two_factor_auth.t @@ -38,7 +38,7 @@ my $t = Test::Mojo->new('Koha::REST::V1'); subtest 'send_otp_token' => sub { - plan tests => 7; + plan tests => 9; $schema->storage->txn_begin; @@ -63,7 +63,7 @@ subtest 'send_otp_token' => sub { $tx->req->env( { REMOTE_ADDR => $remote_address } ); # Patron is not authenticated yet - $t->request_ok($tx)->status_is(500); # FIXME Check the exception instead? + $t->request_ok($tx)->status_is(401); $session->param('waiting-for-2FA', 1); $session->flush; @@ -100,6 +100,14 @@ subtest 'send_otp_token' => sub { # Everything is ok, the email will be sent $t->request_ok($tx)->status_is(200); + $session->param('waiting-for-2FA', 0); + $session->flush; + $tx = $t->ua->build_tx( POST => "/api/v1/auth/otp/token_delivery" ); + $tx->req->cookies( { name => 'CGISESSID', value => $session->id } ); + $tx->req->env( { REMOTE_ADDR => $remote_address } ); + + $t->request_ok($tx)->status_is(401); + $schema->storage->txn_rollback; }; -- 2.39.5