https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402 --- Comment #50 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Comment on attachment 74380 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74380 Bug 20402: Implement OAuth2 authentication for REST API Review of attachment 74380: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=20402&attachment=74380) ----------------------------------------------------------------- Generally looks good.. moving onto the next patchset ::: Koha/OAuth.pm @@ +21,5 @@
+ return (0, 'unauthorized_client') unless $client_id; + + my $clients = C4::Context->config('api_client'); + $clients = [ $clients ] unless ref $clients eq 'ARRAY'; + my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
'any' would be more performant than 'grep' here: https://perldoc.perl.org/List/Util.html#any @@ +50,5 @@
+ my (%args) = @_; + + my $access_token = $args{access_token}; + + my $at = Koha::OAuthAccessTokens->find($access_token);
Personally, I would wrap this in caching.. this will be called with literally every API request and as such will become a fairly heavy use of the DB. ::: Koha/REST/V1/Auth.pm @@ +115,5 @@
+ + if (my $oauth = $c->oauth) { + my $clients = C4::Context->config('api_client'); + $clients = [ $clients ] unless ref $clients eq 'ARRAY'; + my ($client) = grep { $_->{client_id} eq $oauth->{client_id} } @$clients;
Another case where 'any' would be more performant than 'grep' ;) ::: Koha/REST/V1/OAuth.pm @@ +47,5 @@
+ access_token => $token, + expires_in => $expires_in, + ); + + my $at = Koha::OAuthAccessTokens->search({ access_token => $token })->next;
search->next is generally a bad idiom when changed.. `->next` should really only be used inside a loop where you're expecting a set of results.. when chained it it raises warning signals to me that you really want to use either ->find or ->search( {},{order_by => 'something', rows => 1})->single to get THE explicit result you're after. -- You are receiving this mail because: You are watching all bug changes.