[Bug 20612] New: Make OAuth2 use patron's client_id/secret pairs
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Bug ID: 20612 Summary: Make OAuth2 use patron's client_id/secret pairs Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Bug 20568 implements a way to define client_id/secret API keys for patrons. We should use those instead of the hardcoded ones in koha-conf.xml -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |20402, 20568 Change sponsored?|--- |Sponsored Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402 [Bug 20402] Implement OAuth2 authentication for REST API https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20568 [Bug 20568] Add API key management interface for patrons -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #1 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74473 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74473&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/acquisitions_orders.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74474 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74474&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #3 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74475 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74475&action=edit Bug 20612: koha-conf.xml cleanup -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |benjamin.rokseth@deichman.n | |o, | |julian.maurice@biblibre.com | |, | |martin.renvoize@ptfs-europe | |.com Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74473|0 |1 is obsolete| | --- Comment #4 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74483 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74483&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/acquisitions_orders.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74474|0 |1 is obsolete| | --- Comment #5 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74484 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74484&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74475|0 |1 is obsolete| | --- Comment #6 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74485 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74485&action=edit Bug 20612: koha-conf.xml cleanup -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74483|0 |1 is obsolete| | --- Comment #7 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 74497 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74497&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74484|0 |1 is obsolete| | --- Comment #8 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 74498 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74498&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74485|0 |1 is obsolete| | --- Comment #9 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 74499 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74499&action=edit Bug 20612: koha-conf.xml cleanup Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Benjamin Rokseth <benjamin.rokseth@deichman.no> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74497|0 |1 is obsolete| | --- Comment #10 from Benjamin Rokseth <benjamin.rokseth@deichman.no> --- Created attachment 74521 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74521&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Benjamin Rokseth <benjamin.rokseth@deichman.no> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74498|0 |1 is obsolete| | --- Comment #11 from Benjamin Rokseth <benjamin.rokseth@deichman.no> --- Created attachment 74522 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74522&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Benjamin Rokseth <benjamin.rokseth@deichman.no> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74499|0 |1 is obsolete| | --- Comment #12 from Benjamin Rokseth <benjamin.rokseth@deichman.no> --- Created attachment 74523 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74523&action=edit Bug 20612: koha-conf.xml cleanup Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74521|0 |1 is obsolete| | Attachment #74522|0 |1 is obsolete| | Attachment #74523|0 |1 is obsolete| | --- Comment #13 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 74531 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74531&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74531|0 |1 is obsolete| | --- Comment #14 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 74532 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74532&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #15 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 74533 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74533&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #16 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 74534 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74534&action=edit Bug 20612: koha-conf.xml cleanup Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74532|0 |1 is obsolete| | --- Comment #17 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74550 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74550&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74533|0 |1 is obsolete| | --- Comment #18 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74551 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74551&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74534|0 |1 is obsolete| | --- Comment #19 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 74552 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74552&action=edit Bug 20612: koha-conf.xml cleanup Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@bugs.koha-c | |ommunity.org --- Comment #20 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Please write a wiki page about these changes. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #21 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Could we have a global switch to turn on/off the whole REST API stuffs? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #22 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Should we really remove a deleted key from the DB table? I would flag it as inactive instead, it would permit to keep track of the different requests and associate it to a user. Disclaimer: This may be a very stupid idea. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #23 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Jonathan Druart from comment #22)
Should we really remove a deleted key from the DB table? I would flag it as inactive instead, it would permit to keep track of the different requests and associate it to a user. Disclaimer: This may be a very stupid idea.
I thought about it too. That would mean an extra column: deleted TINYINT (1), and it makes sense. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #24 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Jonathan Druart from comment #21)
Could we have a global switch to turn on/off the whole REST API stuffs?
s/REST API/OAuth server -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20624 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624 [Bug 20624] Allow switching off the OAuth2 client credentials grant -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |20627 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20627 [Bug 20627] Prevent leakages of user permissions to api access tokens -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on|20627 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20627 [Bug 20627] Prevent leakages of user permissions to api access tokens -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20627 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20627 [Bug 20627] Prevent leakages of user permissions to api access tokens -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #25 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 75024 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75024&action=edit Bug 20612: (QA follow-up) Fix typo in method POD As Martin correctly highlighted, the method name is not correctly spelled in POD. This patch fixes it. To test: - Look carefully => FAIL: Method name is _verify_client_cb but POD says _verify_client_db - Apply this patch - Look carefully => SUCCESS: Notice the POD is fixed! Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74550|0 |1 is obsolete| | --- Comment #26 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 75034 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75034&action=edit Bug 20612: Unit tests This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s) classes. It adds tests for expired tokens too. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/api/v1/oauth.t => FAIL: Tests should fail without the rest of the patches. Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74551|0 |1 is obsolete| | --- Comment #27 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 75035 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75035&action=edit Bug 20612: Make OAuth2 use patron's client_id/secret pairs This patch wires the OAuth related code so it leverages on the new Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the hardcoded entries in koha-conf.xml originally proposed by bug 20402. To test revisit the test plan for bug 20402, and verify that it works. But create API key pairs instead of writing them down in koha-conf.xml. Also: - Run: $ prove t/db_dependent/api/v1/oauth.t => SUCCESS: Tests pass! - Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #74552|0 |1 is obsolete| | --- Comment #28 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 75036 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75036&action=edit Bug 20612: koha-conf.xml cleanup Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #75024|0 |1 is obsolete| | --- Comment #29 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 75037 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75037&action=edit Bug 20612: (QA follow-up) Fix typo in method POD As Martin correctly highlighted, the method name is not correctly spelled in POD. This patch fixes it. To test: - Look carefully => FAIL: Method name is _verify_client_cb but POD says _verify_client_db - Apply this patch - Look carefully => SUCCESS: Notice the POD is fixed! Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #30 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Jonathan Druart from comment #20)
Please write a wiki page about these changes.
See https://wiki.koha-community.org/wiki/APIs_and_protocols_supported_by_Koha#OA... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20733 --- Comment #31 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Tomás Cohen Arazi from comment #23)
(In reply to Jonathan Druart from comment #22)
Should we really remove a deleted key from the DB table? I would flag it as inactive instead, it would permit to keep track of the different requests and associate it to a user. Disclaimer: This may be a very stupid idea.
I thought about it too. That would mean an extra column: deleted TINYINT (1), and it makes sense.
See bug 20733. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20733 [Bug 20733] Delete api key or add a deleted flag? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20734 --- Comment #32 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Please take care of bug 20734 before the end of the week. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20734 [Bug 20734] Add warning to the about page if RESTOAuth2ClientCredentials and not Net::OAuth2::AuthorizationServer -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #33 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Jonathan Druart from comment #30)
(In reply to Jonathan Druart from comment #20)
Please write a wiki page about these changes.
See https://wiki.koha-community.org/wiki/ APIs_and_protocols_supported_by_Koha#OAuth2
Done. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 --- Comment #34 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Jonathan Druart from comment #32)
Please take care of bug 20734 before the end of the week.
Done! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|20734 | See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=20734 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20734 [Bug 20734] Add warning to the about page if RESTOAuth2ClientCredentials and not Net::OAuth2::AuthorizationServer -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master --- Comment #35 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 18.05, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|Pushed to Master |RESOLVED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Bug 20612 depends on bug 20568, which changed state. Bug 20568 Summary: Add API key management interface for patrons https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20568 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612 Bug 20612 depends on bug 20402, which changed state. Bug 20402 Summary: OAuth2 client credentials grant for REST API https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org