[Koha-bugs] [Bug 23146] Add support for Basic auth on the OAuth2 token endpoint

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23146

--- Comment #8 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
Created attachment 90801
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=90801&action=edit
Bug 23146: (QA follow-up) Make sure we use the absolute path

When making a request using any tool (like cUrl or Postman) you get a
'Basic authentication disabled' error (if it is actually disabled) or an
'invalid password' error if it is disabled. This is because the
comparisson of the path we do passes on oauth.t but fails on external
tools. This is probably related to our stack including Apache URL
mappings and then in the plack.psgi file. The safest way is to just ask
Mojo::URL the absolute path to be sure.

To test:
- Having the rest of the patches applied and plack restarted, run: [1]
  $ curl -X POST -H 'Authorization: Basic
ZGQ2NjlmNGUtZmI1NS00Y2YzLWE4ZmYtYmFiYzJiNDIwNWY1OmM0ZDJmYmYzLWYwOWMtNGJkZi1iNWE4LTgxMDJmNjcwYTI1Mw'
-i 'http://kohadev.myDNSname.org:8081/api/v1/oauth/token' --data
grant_type=client_credentials
=> FAIL: It fails saying Basic auth is disabled
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass
- Apply this patch
- Replicate your curl/postman test
=> SUCCESS: It now works as expected
- Run:
 k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests still pass!
- Sign off :-D

[1] You need to generate a client_id and client_secret, and encode them
using: encode_base64url( "$client_id:$client_secret" );

Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>

-- 
You are receiving this mail because:
You are watching all bug changes.