[Koha-bugs] [Bug 30962] REST API: Add endpoint /auth/password/validation
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jan 27 17:01:27 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30962
Katrin Fischer <katrin.fischer at bsz-bw.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |32739
Status|Signed Off |Failed QA
--- Comment #26 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
1) Unit tests pass
2) QA test tools pass
3) Test plan
I followed the test plan and while I have the replies 204 and 400, I don't see
the error as described:
error message {"error":"Validation failed"}
4) Postman
I also tried to test this with Postman.
* Verified that BasicAuth worked as expected by listing patrons
* Tried: localhost:8081/api/v1/auth/password/validation
* Params: username, password
* Verb: POST
* Body: { "username": "...", "password": "..." }
a) Matching username + password
* cardnumber + correct password = 400 - Bad request
* username + correct password = 204 - No Content (that's a success?)
* username + incorrect password = 400 - Bad Request - error: Validation failed
* username + incorrect password so many times to make the account lock: 400 -
Bad Request - error: Validation failed
Notes:
* The login page in Koha allows for cardnumber + password AND userid + password
at the same time. I think we should extend this route in a separate bug to also
support cardnumber/both to make this easier to use and also mimick what ILS-DI
and SIP do as well.
I've filed: Bug 32739 - REST API: Extend endpoint /auth/password/validation for
cardnumber
* We do want the account to lock with too many attempts, which it does. The
error stays the same, but I think that's good too and matches what we do on the
OPAC, we don't want to give away too much information. *thumbs up*
QA fail:
* The route users username, but the patrons api uses user_id. We should make
things match and use user_id here as well.
Almost ready to PQA, please fix!
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32739
[Bug 32739] REST API: Extend endpoint /auth/password/validation for cardnumber
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list