[Koha-bugs] [Bug 31378] Add a generic OAuth2/OIDC client implementation
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 25 04:59:10 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31378
--- Comment #87 from David Cook <dcook at prosentient.com.au> ---
Comment on attachment 141807
--> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141807
Bug 31378: Add Auth mojo plugin
Review of attachment 141807:
--> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=31378&attachment=141807)
-----------------------------------------------------------------
::: Koha/REST/Plugin/Auth.pm
@@ +83,5 @@
> + 'auth.session' => sub {
> + my ( $c, $patron ) = @_;
> + my $userid = $patron->userid;
> + my $cardnumber = $patron->cardnumber;
> + my $cgi = CGI->new;
I don't think that we should be using the CGI module in the Mojolicious REST
API, since we're not using CGI. This is hacky.
@@ +89,5 @@
> + $cgi->param( userid => $userid );
> + $cgi->param( cardnumber => $cardnumber );
> + $cgi->param( auth_client_login => 1 );
> +
> + my ( $status, $cookie, $session_id ) = C4::Auth::check_api_auth($cgi);
This is a suboptimal design for at least a couple of reasons: 1) it requires a
CGI object; 2) it creates a session for the API interface rather than the
OPAC/Staff interfaces; 3) it's not to purpose - we're not checking auth. We
know that we're just creating a new session.
I've been saying for years that we need to standardize session creation, and
it's still true.
In the meantime, a minimal session can be created as simply as this:
$session->param( 'number', $patron->borrowernumber );
$session->param( 'id', $patron->userid );
$session->param( 'cardnumber', $patron->cardnumber );
$session->param( 'firstname', $patron->firstname );
$session->param( 'surname', $patron->surname );
$session->param( 'branch', $patron->branchcode );
$session->param( 'branchname', $patron->library->branchname );
$session->param( 'flags', $patron->flags );
$session->param( 'emailaddress', $patron->email );
$session->param( 'ip', $session->remote_addr() );
$session->param( 'lasttime', time() );
$session->param( 'interface', $type);
Then you can either pass the $session object or the session ID as the return
value.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list