From 5bf71bb837239ca9e3fdf4703074caf5eff7ec52 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Wed, 18 Apr 2018 13:34:18 -0300 Subject: [PATCH] Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice Signed-off-by: Benjamin Rokseth Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart --- Koha/OAuth.pm | 18 ++++++++++-------- Koha/REST/V1/Auth.pm | 9 ++++----- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Koha/OAuth.pm b/Koha/OAuth.pm index e322206925..fb1f1e4d7f 100644 --- a/Koha/OAuth.pm +++ b/Koha/OAuth.pm @@ -17,6 +17,7 @@ package Koha::OAuth; use Modern::Perl; +use Koha::ApiKeys; use Koha::OAuthAccessTokens; =head1 NAME @@ -53,17 +54,18 @@ and allowed to get authorization. sub _verify_client_cb { my (%args) = @_; - my ($client_id, $client_secret) - = @args{ qw/ client_id client_secret / }; + my ($client_id, $client_secret) = @args{ qw/ client_id client_secret / }; - return (0, 'unauthorized_client') unless $client_id; + my $api_key; - my $clients = C4::Context->config('api_client'); - $clients = [ $clients ] unless ref $clients eq 'ARRAY'; - my ($client) = grep { $_->{client_id} eq $client_id } @$clients; - return (0, 'unauthorized_client') unless $client; + if ($client_id) { + $api_key = Koha::ApiKeys->find( $client_id ); + } + + # client_id mandatory and exists on the DB + return (0, 'unauthorized_client') unless $api_key && $api_key->active; - return (0, 'access_denied') unless $client_secret eq $client->{client_secret}; + return (0, 'access_denied') unless $api_key->secret eq $client_secret; return (1, undef, []); } diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 65f0e719c9..1df26e49cf 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -26,10 +26,12 @@ use Net::OAuth2::AuthorizationServer; use C4::Auth qw( check_cookie_auth get_session haspermission ); use C4::Context; +use Koha::ApiKeys; use Koha::Account::Lines; use Koha::Checkouts; use Koha::Holds; use Koha::OAuth; +use Koha::OAuthAccessTokens; use Koha::Old::Checkouts; use Koha::Patrons; @@ -125,11 +127,8 @@ sub authenticate_api_request { ); if ($valid_token) { - my $clients = C4::Context->config('api_client'); - $clients = [ $clients ] unless ref $clients eq 'ARRAY'; - my ($client) = grep { $_->{client_id} eq $valid_token->{client_id} } @$clients; - - my $patron = Koha::Patrons->find($client->{patron_id}); + my $patron_id = Koha::ApiKeys->find( $valid_token->{client_id} )->patron_id; + my $patron = Koha::Patrons->find($patron_id); my $permissions = $authorization->{'permissions'}; # Check if the patron is authorized if ( haspermission($patron->userid, $permissions) -- 2.39.5