[Koha-bugs] [Bug 25045] Add a way to restrict anonymous access to public routes (OpacPublic behaviour)

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Thu Jun 18 23:34:44 CEST 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045

--- Comment #31 from Aleisha Amohia <aleisha at catalyst.net.nz> ---
I have tried to apply but tests fail on my devbox for 19.11.x.

$ prove -v t/db_dependent/api/v1/auth_authenticate_api_request.t 
t/db_dependent/api/v1/auth_authenticate_api_request.t .. 
1..3
# Subtest: token-based tests
    1..10
[2020-06-19 09:33:05.84026] [12653] [debug] POST "/api/v1/oauth/token"
(5ef232ce)
[2020-06-19 09:33:05.84638] [12653] [debug] Routing to controller
"Koha::REST::V1::Auth" and action "under"
[2020-06-19 09:33:05.84791] [12653] [debug] Routing to controller
"Koha::REST::V1::OAuth" and action "token"
[2020-06-19 09:33:05.86256] [12653] [debug] 200 OK (0.022287s, 44.869/s)
    ok 1 - POST /api/v1/oauth/token
    ok 2 - 200 OK
    ok 3 - exact match for JSON Pointer "/expires_in"
    ok 4 - exact match for JSON Pointer "/token_type"
    ok 5 - has value for JSON Pointer "/access_token"
[2020-06-19 09:33:05.86597] [12653] [debug] GET "/api/v1/patrons" (01e901a8)
[2020-06-19 09:33:05.86677] [12653] [debug] Routing to controller
"Koha::REST::V1::Auth" and action "under"
[2020-06-19 09:33:05.88419] [12653] [debug] Routing to controller
"Koha::REST::V1::Patrons" and action "list"
[2020-06-19 09:33:06.11926] [12653] [debug] 200 OK (0.253264s, 3.948/s)
    ok 6 - GET /api/v1/patrons
    ok 7 - 200 OK
    ok 8 - The 'koha.user' object is defined in the stash
    ok 9 - Stashed koha.user object type is Koha::Patron
    ok 10 - The stashed user is the right one
ok 1 - token-based tests
# Subtest: cookie-based tests
    1..5
[2020-06-19 09:33:06.29506] [12653] [debug] GET "/api/v1/patrons" (4f027938)
[2020-06-19 09:33:06.29565] [12653] [debug] Routing to controller
"Koha::REST::V1::Auth" and action "under"
[2020-06-19 09:33:06.29736] [12653] [debug] 503 Service Unavailable (0.00229s,
436.681/s)
    ok 1 - GET /api/v1/patrons
    not ok 2 - 200 OK

    #   Failed test '200 OK'
    #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 112.
    #          got: '503'
    #     expected: '200'
    not ok 3 - The 'koha.user' object is defined in the stash

    #   Failed test 'The 'koha.user' object is defined in the stash'
    #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 115.
    # Looks like you planned 5 tests but ran 3.
    # Looks like you failed 2 tests of 3 run.
not ok 2 - cookie-based tests

#   Failed test 'cookie-based tests'
#   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 120.
# Subtest: anonymous requests to public API
    1..4
[2020-06-19 09:33:06.54596] [12653] [debug] GET "/api/v1/public/biblios/3"
(1a0aa1cd)
[2020-06-19 09:33:06.54737] [12653] [debug] Routing to controller
"Koha::REST::V1::Auth" and action "under"
[2020-06-19 09:33:06.54867] [12653] [debug] 503 Service Unavailable (0.002694s,
371.195/s)
    ok 1 - GET /api/v1/public/biblios/3
    not ok 2 - Unauthorized anonymous attempt to access a resource

    #   Failed test 'Unauthorized anonymous attempt to access a resource'
    #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 143.
    #          got: '503'
    #     expected: '401'
[2020-06-19 09:33:06.55176] [12653] [debug] GET "/api/v1/public/biblios/3"
(ece5c188)
[2020-06-19 09:33:06.55231] [12653] [debug] Routing to controller
"Koha::REST::V1::Auth" and action "under"
[2020-06-19 09:33:06.55343] [12653] [debug] 503 Service Unavailable (0.001661s,
602.047/s)
    ok 3 - GET /api/v1/public/biblios/3
    not ok 4 - Successfull anonymous access to a resource

    #   Failed test 'Successfull anonymous access to a resource'
    #   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 149.
    #          got: '503'
    #     expected: '200'
    # Looks like you failed 2 tests of 4.
not ok 3 - anonymous requests to public API

#   Failed test 'anonymous requests to public API'
#   at t/db_dependent/api/v1/auth_authenticate_api_request.t line 153.
# Looks like you failed 2 tests of 3.
Dubious, test returned 2 (wstat 512, 0x200)
Failed 2/3 subtests 

Test Summary Report
-------------------
t/db_dependent/api/v1/auth_authenticate_api_request.t (Wstat: 512 Tests: 3
Failed: 2)
  Failed tests:  2-3
  Non-zero exit status: 2
Files=1, Tests=3,  8 wallclock secs ( 0.02 usr  0.01 sys +  3.77 cusr  1.14
csys =  4.94 CPU)
Result: FAIL

Please fix up and I will backport!

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list