[Koha-bugs] [Bug 24861] Unable to setPatronPasswordPublic using REST API
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Apr 8 01:25:43 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24861
--- Comment #5 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
(In reply to David Cook from comment #3)
>
> What's the difference between a "public" and "non-public" Koha API endpoint?
> I haven't been able to observe any difference.
Public routes are not expected to have 'permissions' required (i.e. they don't
need privileged access). For example, a patron should be able to see some of
its checkouts information, but can only see others if it has admin rights to
see that. A possible approach was to have a big IF in the controller for
/checkouts, but we decided to have /public/patrons/:patron_id/checkouts which
wouldn't require 'permissions' (in Koha's sense) but requires the requestor to
be the resources owner (i.e. identified as a real patron and matching the
patron_id with its borrowernumber).
> > > With RESTBasicAuth enabled and using the username and password for patron
> > > #42:
> > >
> > > curl -u <username:password>
> > > http://localhost:8080/api/v1/public/patrons/42/password -d
> > > '{"old_password":"OLD","password":"NEW","password_repeated":"NEW"}'
> > >
> > > {"error":"Authorization failure. Missing required
> > > permission(s).","required_permissions":null}
> > >
> > > Perhaps I'm doing something wrong but this looks like a bug to me?
> >
> > It works for me on master.
>
> With that same syntax? The documentation isn't clear.
You shouldn't need any different syntax. How are you testing this? cURL?
Postman? Try Postman with Basic authentication, just in case.
> I'll have to try again. I've noticed RESTBasicAuth doesn't work with CGI, so
> maybe I was trying it on a non-Plack Koha, and that's why it was failing.
I submitted a patch to fix your non-Plack issue, or I meant to and forgot. Can
you double check?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list