https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23146 --- Comment #8 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 90801 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90801&action=edit Bug 23146: (QA follow-up) Make sure we use the absolute path When making a request using any tool (like cUrl or Postman) you get a 'Basic authentication disabled' error (if it is actually disabled) or an 'invalid password' error if it is disabled. This is because the comparisson of the path we do passes on oauth.t but fails on external tools. This is probably related to our stack including Apache URL mappings and then in the plack.psgi file. The safest way is to just ask Mojo::URL the absolute path to be sure. To test: - Having the rest of the patches applied and plack restarted, run: [1] $ curl -X POST -H 'Authorization: Basic ZGQ2NjlmNGUtZmI1NS00Y2YzLWE4ZmYtYmFiYzJiNDIwNWY1OmM0ZDJmYmYzLWYwOWMtNGJkZi1iNWE4LTgxMDJmNjcwYTI1Mw' -i 'http://kohadev.myDNSname.org:8081/api/v1/oauth/token' --data grant_type=client_credentials => FAIL: It fails saying Basic auth is disabled - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass - Apply this patch - Replicate your curl/postman test => SUCCESS: It now works as expected - Run: k$ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests still pass! - Sign off :-D [1] You need to generate a client_id and client_secret, and encode them using: encode_base64url( "$client_id:$client_secret" ); Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.