[Koha-bugs] [Bug 18315] authentication and authorization refactoring
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Apr 4 15:02:11 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18315
Olli-Antti Kivilahti <olli-antti.kivilahti at jns.fi> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |olli-antti.kivilahti at jns.fi
--- Comment #5 from Olli-Antti Kivilahti <olli-antti.kivilahti at jns.fi> ---
Hi!
Check out
https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/Koha/Auth/PermissionManager.pm
https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/Koha/Auth.pm
https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/Koha/Auth/Route/Password.pm
https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/C4/Auth.pm#L1713
I rewrote the permission system and authentication system some time ago. Nobody
is interested about it, even thought the horrible way of managing permissions
is a blocker for writing smooth user interface tests (or REST API tests). Not a
lot of people care about user interface tests either.
We have been indecisive should we drop my authentication rewrite and revert to
the community system, but it is so stale and in a need of a rewrite that we
couldn't get back into it.
I hope you can work on top of my solution and improve it, instead of
reinventing the wheel.
It would be great to get best of both worlds.
My solution has a compatibility layer between CGI and Mojolicious, normalizing
the way HTTP request headers/cookies/parameters are fetched.
It would be bestest to get rid of CGI completely and just rewrite everything as
a Mojolicious application.
Also ashimema and tcohen are working with OAuth2.0 and replacing CGISESSID with
JWT. Not sure how they can do it with the current C4::Auth. Maybe they will
provide a third and a fourth rewrite :) (I hope not)
BTW: Where is your code? I see no attachments?
My work in Bugzilla: Bug 7174 - Authentication rewriting
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list