[Bug 25327] New: Cannot access API spec
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Bug ID: 25327 Summary: Cannot access API spec Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: nick@bywatersolutions.com On matser, when I try to visit the API spec: http://localhost:8080/api/v1/.html http://localhost:8081/api/v1/.html I get an error: error "Authentication failure." -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |25045 Status|NEW |ASSIGNED --- Comment #1 from Tomás Cohen Arazi <tomascohen@gmail.com> --- This is caused by bug 25045. Do you think the spec should be subject to this check? Or always available? I vote for the latter, just gathering opinions while I write the solution. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 [Bug 25045] Add a way to restrict anonymous access to public routes (OpacPublic behaviour) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |minor -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@bugs.koha-c | |ommunity.org --- Comment #2 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Always available makes sense to me. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com Status|ASSIGNED |Needs Signoff Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 --- Comment #3 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 104318 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104318&action=edit Bug 25327: Regression tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 --- Comment #4 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 104319 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104319&action=edit Bug 25327: Do not call authenticate_api_request to render the spec The original code for Koha::REST::V1::Auth::under called authenticate_api_request when requesting the API spec. This didn't make sense, and recent changes on what conditions are tested for public routes, broke the route. We could add another condition, but it really doesn't make sense to call authenticate_api_request if it should be publicly available in any configuration, as discussed on the bug. This patch adds a trivial check and the requested route, and lets the request through in any case in 'under'. To test: 1. Point your browser to: http://kohadev.myDNSname.org:8080/api/v1/ http://kohadev.myDNSname.org:8080/api/v1/.html => FAIL: In both cases you get an authorization error. 2. Apply the regression tests patch 3. Run: $ kshell k$ prove t/db_dependent/api/v1/auth.t => FAIL: The tests reflect the situation, and fail 4. Apply this patch 5. Repeat 1 and 3 => SUCCESS: All good! 6. Sign off :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #104318|0 |1 is obsolete| | --- Comment #5 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 104489 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104489&action=edit Bug 25327: Regression tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #104319|0 |1 is obsolete| | --- Comment #6 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 104490 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104490&action=edit Bug 25327: Do not call authenticate_api_request to render the spec The original code for Koha::REST::V1::Auth::under called authenticate_api_request when requesting the API spec. This didn't make sense, and recent changes on what conditions are tested for public routes, broke the route. We could add another condition, but it really doesn't make sense to call authenticate_api_request if it should be publicly available in any configuration, as discussed on the bug. This patch adds a trivial check and the requested route, and lets the request through in any case in 'under'. To test: 1. Point your browser to: http://kohadev.myDNSname.org:8080/api/v1/ http://kohadev.myDNSname.org:8080/api/v1/.html => FAIL: In both cases you get an authorization error. 2. Apply the regression tests patch 3. Run: $ kshell k$ prove t/db_dependent/api/v1/auth.t => FAIL: The tests reflect the situation, and fail 4. Apply this patch 5. Repeat 1 and 3 => SUCCESS: All good! 6. Sign off :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #104489|0 |1 is obsolete| | Attachment #104490|0 |1 is obsolete| | --- Comment #7 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 104494 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104494&action=edit Bug 25327: Regression tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 --- Comment #8 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 104495 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=104495&action=edit Bug 25327: Do not call authenticate_api_request to render the spec The original code for Koha::REST::V1::Auth::under called authenticate_api_request when requesting the API spec. This didn't make sense, and recent changes on what conditions are tested for public routes, broke the route. We could add another condition, but it really doesn't make sense to call authenticate_api_request if it should be publicly available in any configuration, as discussed on the bug. This patch adds a trivial check and the requested route, and lets the request through in any case in 'under'. To test: 1. Point your browser to: http://kohadev.myDNSname.org:8080/api/v1/ http://kohadev.myDNSname.org:8080/api/v1/.html => FAIL: In both cases you get an authorization error. 2. Apply the regression tests patch 3. Run: $ kshell k$ prove t/db_dependent/api/v1/auth.t => FAIL: The tests reflect the situation, and fail 4. Apply this patch 5. Repeat 1 and 3 => SUCCESS: All good! 6. Sign off :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact| |jonathan.druart@bugs.koha-c | |ommunity.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |20.05.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 --- Comment #9 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Nice work everyone! Pushed to master for 20.05 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Joy Nelson <joy@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joy@bywatersolutions.com --- Comment #10 from Joy Nelson <joy@bywatersolutions.com> --- not backported to 19.11 - missing dependencies -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 --- Comment #11 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 106082 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106082&action=edit [19.11.x] Bug 25327: Regression tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 --- Comment #12 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 106083 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106083&action=edit [19.11.x] Bug 25327: Do not call authenticate_api_request to render the spec The original code for Koha::REST::V1::Auth::under called authenticate_api_request when requesting the API spec. This didn't make sense, and recent changes on what conditions are tested for public routes, broke the route. We could add another condition, but it really doesn't make sense to call authenticate_api_request if it should be publicly available in any configuration, as discussed on the bug. This patch adds a trivial check and the requested route, and lets the request through in any case in 'under'. To test: 1. Point your browser to: http://kohadev.myDNSname.org:8080/api/v1/ http://kohadev.myDNSname.org:8080/api/v1/.html => FAIL: In both cases you get an authorization error. 2. Apply the regression tests patch 3. Run: $ kshell k$ prove t/db_dependent/api/v1/auth.t => FAIL: The tests reflect the situation, and fail 4. Apply this patch 5. Repeat 1 and 3 => SUCCESS: All good! 6. Sign off :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |25411 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25411 [Bug 25411] Plugin routes cannot have anonymous access -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Aleisha Amohia <aleisha@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aleisha@catalyst.net.nz Status|Pushed to master |Pushed to stable -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Aleisha Amohia <aleisha@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to stable |Pushed to oldstable Version(s)|20.05.00 |20.05.00, 19.11.07 released in| | --- Comment #13 from Aleisha Amohia <aleisha@catalyst.net.nz> --- backported to 19.11.x for 19.11.07 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |victor@tuxayo.net --- Comment #14 from Victor Grousset/tuxayo <victor@tuxayo.net> --- Missing dependencies for 19.05.x, can't backport. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org