From c0864cfdeac9d1be99ada15b14e4fb433d9a40f8 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Mon, 27 Jun 2022 11:06:34 +0000 Subject: [PATCH] Bug 28787: (follow-up) Changes in API auth, moved otp out of Letters Signed-off-by: Marcel de Rooy Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi --- C4/Letters.pm | 5 ----- Koha/REST/V1/Auth.pm | 7 ++++--- Koha/REST/V1/TwoFactorAuth.pm | 2 ++ api/v1/swagger/paths/auth.yaml | 3 +++ 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/C4/Letters.pm b/C4/Letters.pm index 134658ff96..53cde01237 100644 --- a/C4/Letters.pm +++ b/C4/Letters.pm @@ -1610,11 +1610,6 @@ sub _process_tt { $content = add_tt_filters( $content ); $content = qq|[% USE KohaDates %][% USE Remove_MARC_punctuation %]$content|; - if ( $content =~ m|\[% otp_token %\]| ) { - my $patron = Koha::Patrons->find(C4::Context->userenv->{number}); - $tt_params->{otp_token} = Koha::Auth::TwoFactorAuth->new({patron => $patron})->code; - } - my $output; my $schema = Koha::Database->new->schema; $schema->txn_begin; diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 4fac9237c6..84e0592046 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -82,7 +82,6 @@ sub under { } if ( $c->req->url->to_abs->path eq '/api/v1/oauth/token' ) { - #|| $c->req->url->to_abs->path eq '/api/v1/auth/send_otp_token' ) { # Requesting a token shouldn't go through the API authenticaction chain $status = 1; } @@ -235,7 +234,10 @@ sub authenticate_api_request { if ( $c->req->url->to_abs->path eq '/api/v1/auth/send_otp_token' ) { $user = Koha::Patrons->find( $session->param('number') ); $cookie_auth = 1; - $pending_auth = 1; + } else { + Koha::Exceptions::Authentication::Required->throw( + error => 'Authentication failure.' + ); } } elsif ($status eq "maintenance") { @@ -271,7 +273,6 @@ sub authenticate_api_request { ( $params->{is_public} and ( C4::Context->preference('RESTPublicAnonymousRequests') or $user) or $params->{is_plugin} ) - or $pending_auth ) { # We do not need any authorization # Check the parameters diff --git a/Koha/REST/V1/TwoFactorAuth.pm b/Koha/REST/V1/TwoFactorAuth.pm index 35479228e5..e62136ac26 100644 --- a/Koha/REST/V1/TwoFactorAuth.pm +++ b/Koha/REST/V1/TwoFactorAuth.pm @@ -45,10 +45,12 @@ sub send_otp_token { return try { + my $code = Koha::Auth::TwoFactorAuth->new({patron => $patron})->code; my $letter = C4::Letters::GetPreparedLetter( module => 'members', letter_code => '2FA_OTP_TOKEN', branchcode => $patron->branchcode, + substitute => { otp_token => $code }, tables => { borrowers => $patron->unblessed, } diff --git a/api/v1/swagger/paths/auth.yaml b/api/v1/swagger/paths/auth.yaml index 3e0ac45083..43b0decbb5 100644 --- a/api/v1/swagger/paths/auth.yaml +++ b/api/v1/swagger/paths/auth.yaml @@ -36,3 +36,6 @@ * `internal_server_error` schema: $ref: "../swagger.yaml#/definitions/error" + x-koha-authorization: + permissions: + catalogue: "1" -- 2.39.5