[Bug 39160] New: Mojolicious::Plugin::OAuth2 is loaded suboptimally
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 Bug ID: 39160 Summary: Mojolicious::Plugin::OAuth2 is loaded suboptimally Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org This is a deep cut, but the following line is not optimal: $self->plugin( 'Mojolicious::Plugin::OAuth2' => $oauth_configuration ); Mojolicious will first try to load that as Mojolicious::Plugin::Mojolicious::Plugin::OAuth2 before it realises that we've already loaded Mojolicious::Plugin::OAuth2 earlier in Koha::REST::V1. I reckon that should say: $self->plugin( 'OAuth2' => $oauth_configuration ); -- In the grand scheme of things, it's not a big deal, but we can save ourselves 26 system calls by changing 1 line. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- Created attachment 178304 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=178304&action=edit Bug 39160: Use optimal Mojolicious plugin name This change uses "OAuth2" instead of "Mojolicious::Plugin::OAuth2" when setting the plugin, so that Mojolicious can find the plugin faster. Test plan: 0. Apply the patch 1. koha-plack --restart kohadev 2. Run through "Testing SSO" from the Koha Wiki 3. Confirm that you can log into Koha using the Keycloak OIDC -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |dcook@prosentient.com.au |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 --- Comment #2 from David Cook <dcook@prosentient.com.au> --- If you *really* want to confirm this does what I say it does, you're going to have to use "strace" to examine the kernel syscalls the starman worker is making when it starts up. Specifically, you'll be looking to make sure that it doesn't do things like this: newfstatat(AT_FDCWD, "/usr/local/lib/site_perl/Mojolicious/Plugin/Mojolicious/Plugin/OAuth2.pm", 0x7ffd205204e0, 0) = -1 ENOENT (No such file or directory) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 Magnus Enger <magnus@libriotech.no> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |magnus@libriotech.no --- Comment #3 from Magnus Enger <magnus@libriotech.no> --- When spinning up ktd with --sso to test this, I was getting this: kohadev-sso-1 | Unknown option: '--proxy' kohadev-sso-1 | Possible solutions: --proxy-headers, --proxy-protocol-enabled, --proxy-trusted-addresses kohadev-sso-1 | Try 'kc.sh start-dev --help' for more information on the available options. kohadev-sso-1 exited with code 2 It looks like changing koha-testing-docker from this: command: - start-dev - --proxy=edge - --http-port=8082 - --http-relative-path=/auth to this: command: - start-dev - --http-port=8082 - --http-relative-path=/auth might have solved it. Not sure if that will create trouble later, though. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 --- Comment #4 from Magnus Enger <magnus@libriotech.no> --- I *think* I did all the steps in "Testing SSO", but when I try to sign in to the OPAC, I get "No configuration found for your provider", even though I do have a configuration called "test" and the "Log in with Test" link points to http://localhost:8080/api/v1/public/oauth/login/test/opac. The error comes from this code: unless ( $provider_config && $provider_config->{authorize_url} ) { my $error = "No configuration found for your provider"; return $c->redirect_to( $uri . "?auth_error=$error" ); } If I dump the $provider_config I get this: $VAR1 = { 'scope' => 'openid email', 'key' => 'kohaoidc', 'secret' => 'tYgrpU0KXt2EtPu5b437Oj6viMImMoqK', 'well_known_url' => 'http://localhost:8082/auth/realms/test/.well-known/openid-configuration' }; So there is no authorize_url there, but I am not sure why. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 --- Comment #5 from David Cook <dcook@prosentient.com.au> --- Hmm sounds unrelated to this change. Sounds like we might need to tweak the Keycloak Docker Compose config. We must be using "latest" and it must have a change. As for your error, I think you need to use http://sso:8082/auth/realms/test/.well-known/openid-configuration rather than http://localhost:8082/auth/realms/test/.well-known/openid-configuration because the Keycloak isn't on the same "localhost" as Koha. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jake.deery@openfifth.co.uk --- Comment #6 from David Cook <dcook@prosentient.com.au> --- Just noticed that Jake updated the "Testing SSO" to use "localhost" instead of "sso" as the hostname, but surely that can't be right. I was writing an OIDC integration against Keycloak for another app just yesterday and at least when testing using Keycloak in a different container, it needs to be an address or hostname for the Keycloak container reachable in the same way by both the Koha container and the end user's browser. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |martin.renvoize@openfifth.c |y.org |o.uk CC| |martin.renvoize@openfifth.c | |o.uk -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Patch doesn't apply CC| |david@davidnind.com --- Comment #7 from David Nind <david@davidnind.com> --- The patch no longer applies, so I have changed the status. Once this is fixed up, could we get some clarification around setting up the "Testing SSO" instructions? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #178304|0 |1 is obsolete| | --- Comment #8 from David Cook <dcook@prosentient.com.au> --- Created attachment 191336 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=191336&action=edit Bug 39160: Use optimal Mojolicious plugin name This change uses "OAuth2" instead of "Mojolicious::Plugin::OAuth2" when setting the plugin, so that Mojolicious can find the plugin faster. Test plan: 0. Apply the patch 1. koha-plack --restart kohadev 2. Run through OpenID Connect setup from "Testing SSO" on Koha Wiki https://wiki.koha-community.org/wiki/Testing_SSO 3. Confirm that you can log into Koha using the Keycloak OIDC -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39160 --- Comment #9 from David Cook <dcook@prosentient.com.au> --- (In reply to David Nind from comment #7)
The patch no longer applies, so I have changed the status.
Thanks, David!
Once this is fixed up, could we get some clarification around setting up the "Testing SSO" instructions?
Sure, I'm referring to https://wiki.koha-community.org/wiki/Testing_SSO I think out of the box the Keycloak is started with KTD these days. And every step should be followed except for the SAML ones. If you have any questions or need any clarifications, I'm happy to add them here and to update the wiki. Thanks! -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org