[Bug 36420] New: REST API Basic Auth does not support cardnumbers, only userid
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Bug ID: 36420 Summary: REST API Basic Auth does not support cardnumbers, only userid Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: kyle@bywatersolutions.com CC: tomascohen@gmail.com Every other part of Koha supports logging in either a userid or cardnumber. The REST API should support this for basic auth as well. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=36421 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 --- Comment #1 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 163984 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163984&action=edit Bug 36420: Unit tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 163985 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163985&action=edit Bug 36420: Allow Basic authentication using `cardnumber` This patch makes the API Basic authentication work with cardnumbers. The used `checkpw_internal` method already does the fallback check. To test: 1. Apply the unit tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/auth_basic.t => FAIL: Tests explode! [1] 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D [1] This highlights an underlying bug! Instead of getting 403, etc we get a 500. This is because of the internal fallback mechanism allowing the cardnumber+password combination, but then the Koha::Patron->find... not finding :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163984|0 |1 is obsolete| | Attachment #163985|0 |1 is obsolete| | --- Comment #3 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 163991 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163991&action=edit Bug 36420: Allow Basic authentication using `cardnumber` This patch makes the API Basic authentication work with cardnumbers. The used `checkpw_internal` method already does the fallback check. To test: 1. Apply the unit tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/auth_basic.t => FAIL: Tests explode! [1] 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D [1] This highlights an underlying bug! Instead of getting 403, etc we get a 500. This is because of the internal fallback mechanism allowing the cardnumber+password combination, but then the Koha::Patron->find... not finding :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163991|0 |1 is obsolete| | --- Comment #4 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 163992 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163992&action=edit Bug 36420: Unit tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 --- Comment #5 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 163993 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163993&action=edit Bug 36420: Allow Basic authentication using `cardnumber` This patch makes the API Basic authentication work with cardnumbers. The used `checkpw_internal` method already does the fallback check. To test: 1. Apply the unit tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/auth_basic.t => FAIL: Tests explode! [1] 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D [1] This highlights an underlying bug! Instead of getting 403, etc we get a 500. This is because of the internal fallback mechanism allowing the cardnumber+password combination, but then the Koha::Patron->find... not finding :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #163992|0 |1 is obsolete| | Attachment #163993|0 |1 is obsolete| | --- Comment #6 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 164256 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=164256&action=edit Bug 36420: Unit tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 --- Comment #7 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 164257 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=164257&action=edit Bug 36420: Allow Basic authentication using `cardnumber` This patch makes the API Basic authentication work with cardnumbers. The used `checkpw_internal` method already does the fallback check. To test: 1. Apply the unit tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/auth_basic.t => FAIL: Tests explode! [1] 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D [1] This highlights an underlying bug! Instead of getting 403, etc we get a 500. This is because of the internal fallback mechanism allowing the cardnumber+password combination, but then the Koha::Patron->find... not finding :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #164256|0 |1 is obsolete| | --- Comment #8 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 165006 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=165006&action=edit Bug 36420: Unit tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #164257|0 |1 is obsolete| | --- Comment #9 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 165007 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=165007&action=edit Bug 36420: Allow Basic authentication using `cardnumber` This patch makes the API Basic authentication work with cardnumbers. The used `checkpw_internal` method already does the fallback check. To test: 1. Apply the unit tests patch 2. Run: $ ktd --shell k$ prove t/db_dependent/api/v1/auth_basic.t => FAIL: Tests explode! [1] 3. Apply this patch 4. Repeat 2 => SUCCESS: Tests pass! 5. Sign off :-D [1] This highlights an underlying bug! Instead of getting 403, etc we get a 500. This is because of the internal fallback mechanism allowing the cardnumber+password combination, but then the Koha::Patron->find... not finding :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com QA Contact| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA --- Comment #10 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- This works in the same way our other auth fallbacks work. QA scripts are happy, we have unit tests. Passing QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |24.05.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 --- Comment #11 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Pushed for 24.05! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m --- Comment #12 from Fridolin Somers <fridolin.somers@biblibre.com> --- Maybe we should create a central method Koha::Patrons->find_by_identifier, managing userid/cadnumber. Would make it easier to disable. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to main |Pushed to stable Version(s)|24.05.00 |24.05.00,23.11.06 released in| | --- Comment #13 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to 23.11.x for 23.11.06 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Lucas Gass <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)|24.05.00,23.11.06 |24.05.00,23.11.06,23.05.12 released in| | Status|Pushed to stable |Pushed to oldstable CC| |lucas@bywatersolutions.com --- Comment #14 from Lucas Gass <lucas@bywatersolutions.com> --- Backported to 23.05.x for upcoming 23.05.12 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|martin.renvoize@ptfs-europe | |.com | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36420 Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|Pushed to oldstable |RESOLVED CC| |wainuiwitikapark@catalyst.n | |et.nz --- Comment #15 from Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz> --- Not backporting to 22.11 unless requested -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org