[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sun Aug 28 21:02:24 CEST 2016


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jiri Kozlovsky <mail at jkozlovsky.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #54068|0                           |1
        is obsolete|                            |
  Attachment #54711|0                           |1
        is obsolete|                            |

--- Comment #14 from Jiri Kozlovsky <mail at jkozlovsky.cz> ---
Created attachment 54953
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54953&action=edit
Bug 17004: Add API route to authenticate patron (CGISESSID) including logout

POST /auth/session (login)
DELETE /auth/session (logout)

Required POST data:
- "password"
- either "userid" or "cardnumber".

To test:
1. Make sure you are logged out from Koha.
2. Make a POST request to http://yourlibrary/api/v1/auth/session with form data
   "userid" => <your_user_id> and "password" => <your_password>.
3. If your userid and password is correct, you should be returned with most
   basic patron data and your CGISESSID.
4. Also attempt with invalid login to get an error.
5. Send a DELETE request to /auth/session
6. Observe that you are no longer logged-in in Koha.
7. Run tests at b/t/db_dependent/api/v1/auth.t

You may find this cURL useful:
curl -X DELETE http://lib/api/v1/auth/session --cookie
'CGISESSID=88e735aaf7c6cf194a775425cbd00570'
(replace CGISESSID=... with your CGISESSID)

----

I've rebased both attachments to master (restructuralized swagger
definitions).

And added proposed permissions as proposed by Benjamin Rokseth.

Btw, very nice work Lari!

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.


More information about the Koha-bugs mailing list