[Koha-bugs] [Bug 20402] Implement OAuth2 authentication for REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 20 10:29:28 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402
--- Comment #55 from Julian Maurice <julian.maurice at biblibre.com> ---
(In reply to Martin Renvoize from comment #50)
> Comment on attachment 74380 [details] [review]
> ::: Koha/OAuth.pm
> @@ +21,5 @@
> > + return (0, 'unauthorized_client') unless $client_id;
> > +
> > + my $clients = C4::Context->config('api_client');
> > + $clients = [ $clients ] unless ref $clients eq 'ARRAY';
> > + my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
>
> 'any' would be more performant than 'grep' here:
> https://perldoc.perl.org/List/Util.html#any
>
'any' returns a boolean value, we're looking for the $client hashref here
> @@ +50,5 @@
> > + my (%args) = @_;
> > +
> > + my $access_token = $args{access_token};
> > +
> > + my $at = Koha::OAuthAccessTokens->find($access_token);
>
> Personally, I would wrap this in caching.. this will be called with
> literally every API request and as such will become a fairly heavy use of
> the DB.
I don't think we should cache the access token, because it can expire
> ::: Koha/REST/V1/OAuth.pm
> @@ +47,5 @@
> > + access_token => $token,
> > + expires_in => $expires_in,
> > + );
> > +
> > + my $at = Koha::OAuthAccessTokens->search({ access_token => $token })->next;
>
> search->next is generally a bad idiom when changed.. `->next` should really
> only be used inside a loop where you're expecting a set of results.. when
> chained it it raises warning signals to me that you really want to use
> either ->find or ->search( {},{order_by => 'something', rows => 1})->single
> to get THE explicit result you're after.
Actually, we should use ->find, since access_token is a primary key (->find is
used at other places in the code, I forgot to change this one)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list