[Koha-bugs] [Bug 20402] Implement OAuth2 authentication for REST API

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

--- Comment #55 from Julian Maurice <julian.maurice at biblibre.com> ---
(In reply to Martin Renvoize from comment #50)
> Comment on attachment 74380 [details] [review]
> ::: Koha/OAuth.pm
> @@ +21,5 @@
> > +    return (0, 'unauthorized_client') unless $client_id;
> > +
> > +    my $clients = C4::Context->config('api_client');
> > +    $clients = [ $clients ] unless ref $clients eq 'ARRAY';
> > +    my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
> 
> 'any' would be more performant than 'grep' here:
> https://perldoc.perl.org/List/Util.html#any
> 
'any' returns a boolean value, we're looking for the $client hashref here

> @@ +50,5 @@
> > +    my (%args) = @_;
> > +
> > +    my $access_token = $args{access_token};
> > +
> > +    my $at = Koha::OAuthAccessTokens->find($access_token);
> 
> Personally, I would wrap this in caching.. this will be called with
> literally every API request and as such will become a fairly heavy use of
> the DB.
I don't think we should cache the access token, because it can expire

> ::: Koha/REST/V1/OAuth.pm
> @@ +47,5 @@
> > +        access_token => $token,
> > +        expires_in   => $expires_in,
> > +    );
> > +
> > +    my $at = Koha::OAuthAccessTokens->search({ access_token => $token })->next;
> 
> search->next is generally a bad idiom when changed.. `->next` should really
> only be used inside a loop where you're expecting a set of results.. when
> chained it it raises warning signals to me that you really want to use
> either ->find or ->search( {},{order_by => 'something', rows => 1})->single
> to get THE explicit result you're after.

Actually, we should use ->find, since access_token is a primary key (->find is
used at other places in the code, I forgot to change this one)

-- 
You are receiving this mail because:
You are watching all bug changes.