[koha-commits] main Koha release repository branch master updated. v17.11.00-1438-gdc300b6

Git repo owner gitmaster at git.koha-community.org
Wed May 9 18:06:42 CEST 2018


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  dc300b6547355019d9135c2023c444df7a7f3cff (commit)
       via  fe7e0d1e5257f266ea81370553d235164186c245 (commit)
       via  b8acd86231a3b63f311a1c6357acc8096bef06ed (commit)
       via  17e8acad70c778a1d544ad2cb22e0fc98ba2f312 (commit)
       via  432dd41418003494c6db24ef0fc9d81f83186ba3 (commit)
       via  763343a152b1e2a7a0c4fb6f6b8fd685843eb562 (commit)
       via  a8579ac6c4fac0a660b506949bc47fcc7faf7674 (commit)
       via  5cf8bbfb7aea34b6367dfbbfb9d73f88851507fb (commit)
       via  997a5705504b63cbaf9ae41f0487f5c1654c686f (commit)
       via  de0698076fee3061d3c37a8a922faf19a69336c8 (commit)
       via  027aa4f3495a5b1b3fd778470cdcd1c8f623233b (commit)
       via  0d96a9080dd2625229528adff8f35b9c2b8aebb9 (commit)
       via  c46439abda66bfbf9cd7a987346331f93670062c (commit)
       via  5bf71bb837239ca9e3fdf4703074caf5eff7ec52 (commit)
       via  8eb9239a340e662c42f8686a4d29154cc54ec5e4 (commit)
       via  ef7a900742cf8c7bc063cc6df74b922db235b8b6 (commit)
       via  2a8c3fad0a669870505d5b84b5fbaa7dd1c2a8a8 (commit)
       via  d2454d6868c357ee65dd683d80ab16f2cc2366fc (commit)
       via  0cb1020e0cdb63143d3d954d4d9ff3a4bd93e330 (commit)
       via  82edceb2ed583ae9beaa63fd6208b380cc184c28 (commit)
       via  45841d9ec7d013a6288fc5e543accf58d63f4c9b (commit)
       via  28a750fb7678f9d7a4a601cc3c0ff828a8b8f8bf (commit)
       via  45efd8e3ec7fa2e68d29bf97a454f0fd04faa272 (commit)
       via  175b7730517c738d09c180623a161c3052740213 (commit)
       via  b3f702625436a1b11e7740b6c53e26e68fa4184b (commit)
       via  b67e88f429fb926a9032893f343c05a15e856c37 (commit)
       via  37efe6ff7643e1bfee201a3e9b3473a82a0d656f (commit)
       via  9007b25d0920dff1d0f7f976f4de866a7e1f20f0 (commit)
       via  30b763040cef34f083e66d047e50b5dd20c5ec7c (commit)
       via  05101f0afa28d1de67d8d313963cb06cc5b3e1e1 (commit)
       via  3aa102d0c35058bc6f2350d97e3da11815d368f1 (commit)
       via  462dc01cee6f8edc76c686d36aac66ef90a5aad4 (commit)
       via  d012552ab636b23227990e3992e9dfe34733fcab (commit)
       via  714e55388921c3663dd65d0347e8b52d0664cc2d (commit)
       via  99b820653418f8d8ea57ef6e01f45879e783b0f8 (commit)
       via  3ada1214312d1bd904c7c98778a918a80c104740 (commit)
       via  a5c28cc24b857c050c1fc41e270a601772cc381d (commit)
       via  5b2aec72a98d770456169f0e01c23e85954493c8 (commit)
       via  5c7d12e4e0f813fb31a9ebe7b5c6e5aee71c6cfc (commit)
       via  996b100f1f46f574cc597d4fd2865c1db8e5f4e7 (commit)
       via  ccc034195ee8c3cd7d5e43b0b88cbbf98c865666 (commit)
       via  43a4b3c22c7a694975032a787c118fc1aeef5411 (commit)
       via  896bb7ec54d128d829ed34a06a85a64586e53bff (commit)
      from  8bb531b5308635d53345cd04617b47acb076970e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dc300b6547355019d9135c2023c444df7a7f3cff
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Wed May 9 12:55:31 2018 -0300

    Bug 20073: Update DBIC Schema changes
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit fe7e0d1e5257f266ea81370553d235164186c245
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed May 9 11:31:34 2018 -0300

    Bug 20734: Add warning to the about page if RESTOAuth2ClientCredentials and not Net::OAuth2::AuthorizationServer
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit b8acd86231a3b63f311a1c6357acc8096bef06ed
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue May 8 16:07:03 2018 -0300

    Bug 20624: DBRev 17.12.00.044
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 17e8acad70c778a1d544ad2cb22e0fc98ba2f312
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Tue May 8 14:58:55 2018 -0300

    Bug 20624: Net::OAuth2::AuthorizationServer is not a hard dependency
    
    While we get packaging sorted, Net::OAuth2::AuthorizationServer is not a
    hard dependency for Koha and the feature requiring it is disabled by
    default.
    
    This patch:
    - Makes the dependency optional
    - Makes the unit tests for the OAuth2 client credentials flow skip if
      the dependency is not met.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 432dd41418003494c6db24ef0fc9d81f83186ba3
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Mon May 7 11:57:59 2018 -0300

    Bug 20624: (QA follow-up) Add missing POD in Koha::REST::V1::OAuth
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 763343a152b1e2a7a0c4fb6f6b8fd685843eb562
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Thu May 3 15:29:22 2018 -0300

    Bug 20624: (QA follow-up) Handle missing deps gracefuly
    
    This patch makes the /token endpoint and the authenticate_api_request
    method behave correctly in the event of missing deps for OAuth2.
    
    To test:
    - Run:
      $ kshell
     k$ prove t/db_dependent/api/v1/oauth.t
    => FAIL: The behaviour is not implemented
    - Apply this patch
    - Run:
     k$ prove t/db_dependent/api/v1/oauth.t
    => SUCCESS: Tests pass!
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit a8579ac6c4fac0a660b506949bc47fcc7faf7674
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Thu May 3 15:24:56 2018 -0300

    Bug 20624: (QA follow-up) Unit tests for missing deps situation
    
    This patch tests the situation in which Net::OAuth2::AuthorizationServer
    is missing. It mocks Module::Load::Conditional::can_load and expects the
    /token endpoint answers 'Unimplemented grant type' to all requests, and
    the 'authenticate_api_request' in 'under' exit with unauthorized (403)
    to requests in which the Authorization header is passed containing a
    Bearer token, but OAuth2 is not really available.
    
    To test:
    - Apply this patch
    - Run:
      $ kshell
     k$ prove t/db_dependent/api/v1/oauth.t
    => FAIL: Tests fail because our REST endpoints don't support this
    behaviour.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 5cf8bbfb7aea34b6367dfbbfb9d73f88851507fb
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed May 2 15:55:31 2018 -0300

    Bug 20624: Make staff client respect RESTOAuth2ClientCredentials
    
    This patch makes the staff client UI respect the
    RESTOAuth2ClientCredentials syspref.
    
    To test:
    - Make sure RESTOAuth2ClientCredentials is "Don't enable"
    - Go to a patron's detail page
    => SUCCESS: The 'More' dropdown doesn't show the API keys management
    link.
    - Enable RESTOAuth2ClientCredentials
    - Reload
    => SUCCESS: The 'More' dropdown shows the API keys management link
    - Click on the API keys management link
    => SUCCESS: You can edit the api keys
    - Disable the syspref
    - Reload
    => SUCCESS: You are presented an error 400 page.
    - Sign off :-D
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 997a5705504b63cbaf9ae41f0487f5c1654c686f
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed May 2 15:51:38 2018 -0300

    Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials
    
    This patch makes the /api/v1/oauth/token enpoint respect the
    RESTOAuth2ClientCredentials syspref. It will return 400 (with
    'Unimplemented grant type' error message) on the event of the syspref
    being disabled and the grant_type => 'client_credentials' value passed.
    
    To test:
    - Run:
      $ kshell
     k$ prove t/db_dependent/api/v1/oauth.t
    => FAIL: It fails because the off-switch is not implemented
    - Apply this patch
    - Run:
      k$ prove t/db_dependent/api/v1/oauth.t
    => SUCCESS: Tests pass!
    - Sign off :-D
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit de0698076fee3061d3c37a8a922faf19a69336c8
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed May 2 15:21:53 2018 -0300

    Bug 20624: Unit tests
    
    This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials syspref
    makes any request on the /api/v1/oauth/token using the
    'client_credentials' grant fail with 'grant not implemented'.
    
    To test:
    - Apply this patch
    - Run:
      $ kshell
     k$ prove t/db_dependent/api/v1/oauth.t
    => FAIL: Tests fail because the change is not implemented!
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 027aa4f3495a5b1b3fd778470cdcd1c8f623233b
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed May 2 11:20:37 2018 -0300

    Bug 20624: Add RESTOAuth2ClientCredentials syspref
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 0d96a9080dd2625229528adff8f35b9c2b8aebb9
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Thu May 3 15:53:16 2018 -0300

    Bug 20612: (QA follow-up) Fix typo in method POD
    
    As Martin correctly highlighted, the method name is not correctly
    spelled in POD. This patch fixes it.
    
    To test:
    - Look carefully
    => FAIL: Method name is _verify_client_cb but POD says _verify_client_db
    - Apply this patch
    - Look carefully
    => SUCCESS: Notice the POD is fixed!
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit c46439abda66bfbf9cd7a987346331f93670062c
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 13:40:13 2018 -0300

    Bug 20612: koha-conf.xml cleanup
    
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at deichman.no>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 5bf71bb837239ca9e3fdf4703074caf5eff7ec52
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 13:34:18 2018 -0300

    Bug 20612: Make OAuth2 use patron's client_id/secret pairs
    
    This patch wires the OAuth related code so it leverages on the new
    Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the
    hardcoded entries in koha-conf.xml originally proposed by bug 20402.
    
    To test revisit the test plan for bug 20402, and verify that it works.
    But create API key pairs instead of writing them down in koha-conf.xml.
    Also:
    - Run:
      $ prove t/db_dependent/api/v1/oauth.t
    => SUCCESS: Tests pass!
    - Sign off :-D
    
    Sponsored-by: ByWater Solutions
    
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at deichman.no>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 8eb9239a340e662c42f8686a4d29154cc54ec5e4
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 13:32:34 2018 -0300

    Bug 20612: Unit tests
    
    This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s)
    classes. It adds tests for expired tokens too.
    
    To test:
    - Apply this patch
    - Run:
      $ kshell
     k$ prove t/db_dependent/api/v1/oauth.t
    => FAIL: Tests should fail without the rest of the patches.
    
    Sponsored-by: ByWater Solutions
    
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    Signed-off-by: Benjamin Rokseth <benjamin.rokseth at deichman.no>
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit ef7a900742cf8c7bc063cc6df74b922db235b8b6
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue May 8 16:06:22 2018 -0300

    Bug 20568: DBRev 17.12.00.043
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 2a8c3fad0a669870505d5b84b5fbaa7dd1c2a8a8
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue May 8 16:27:54 2018 -0300

    Bug 20568: fix shebang
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit d2454d6868c357ee65dd683d80ab16f2cc2366fc
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue May 8 16:15:54 2018 -0300

    Bug 20568: Fix bad resolution conflict with bug 18403
    
    borrowers module permission has now several subpermissions
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 0cb1020e0cdb63143d3d954d4d9ff3a4bd93e330
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Thu May 3 15:51:15 2018 -0300

    Bug 20568: (QA follow-up) Remove unused vars
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 82edceb2ed583ae9beaa63fd6208b380cc184c28
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed May 2 11:05:05 2018 -0300

    Bug 20568: (QA follow-up) Remove api-key management from OPAC
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 45841d9ec7d013a6288fc5e543accf58d63f4c9b
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 14:38:02 2018 -0300

    Bug 20568: CSRF protection
    
    Edit: fix warning introduced by this patch
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 28a750fb7678f9d7a4a601cc3c0ff828a8b8f8bf
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Sat Apr 14 14:50:23 2018 -0300

    Bug 20568: (QA follow-up) Get rid of the id column
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 45efd8e3ec7fa2e68d29bf97a454f0fd04faa272
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 13:56:28 2018 -0300

    Bug 20568: (QA follow-up) Make sure client_id and secret are not overwritten on store
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 175b7730517c738d09c180623a161c3052740213
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 13:56:00 2018 -0300

    Bug 20568: (QA follow-up) Test client_id and secret are not overwritten
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit b3f702625436a1b11e7740b6c53e26e68fa4184b
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Wed Apr 18 10:55:43 2018 -0300

    Bug 20568: (follow-up) Atomic update fix
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit b67e88f429fb926a9032893f343c05a15e856c37
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Mon Apr 16 16:04:26 2018 -0300

    Bug 20568: Move value => client_id + secret
    
    This patch addresses the request from Julian that api keys are expected
    to be client id/secret pairs.
    
    It does so by
    - Adding 'client_id' and 'secret' columns
    - Removing 'value'
    
    Tests got adjusted and so controller scripts and templates.
    Both libs and tests changes have been squashed. This ones remain in
    order to keep Owen's attribution on the template changes and avoid
    rebase conflicts.
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 37efe6ff7643e1bfee201a3e9b3473a82a0d656f
Author: Owen Leonard <oleonard at myacpl.org>
Date:   Mon Apr 16 15:23:50 2018 +0000

    Bug 20568: (follow-up) Interface and markup changes
    
    This patch makes some interface changes to bring things better in line
    with existing interface patterns. This patch also re-indents the
    modified templates with 4 spaces instead of 2 and makes <input>s
    self-closing.
    
    Also changed: Corrected system preference check in opac-apikeys.pl.
    
    To test, apply the patch and:
    
    In the staff client:
    
     - Open a patron record and choose More -> Manage API keys.
       - There should be a standard message dialog containing a link to
         "Generate a new key."
         - Clicking the link should show the form for adding a new key.
         - Test that clicking the "Cancel" link hides the form.
         - Test that creating the new key works correctly.
       - You should now see a table showing existing keys and a "Generate a
         new key" button above it.
         - Test that the "Delete" button asks for confirmation, and that
           confirming and denying both work correctly.
         - Test that "Revoke" and "Activate" actions still work correctly.
    
    In the OPAC:
    
     - Set the AllowPatronsManageAPIKeysInOPAC system preference to "Allow."
     - Log in to the OPAC and click the "your API keys" link in the sidebar.
       - Clicking the "Generate new key" button should display the form for
         adding a new key.
         - Clicking the "cancel" link should hide the form.
         - Submitting the form should add a new key.
       - You should now see a table showing existing keys.
         - Test that the "Delete" link asks for confirmation, and that
           confirming and denying both work correctly.
         - Test that "Revoke" and "Activate" actions still work correctly.
     - Set the AllowPatronsManageAPIKeysInOPAC system preference to "Don't
       allow."
       - Log in to the OPAC and confirm that the "your API keys" link in the
         sidebar is no longer visible.
         - Confirm that navigating directly to /cgi-bin/koha/opac-apikeys.pl
           results in a 404 error.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 9007b25d0920dff1d0f7f976f4de866a7e1f20f0
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Sat Apr 14 17:38:03 2018 -0300

    Bug 20568: API key management for OPAC users
    
    This patch makes the OPAC interface for API keys management work
    with the new lib. Verify all actions work for a logged user.
    
    Users without login should be redirected to an error page.
    
    The AllowPatronsManageAPIKeysInOPAC syspref is added to control if the
    OPAC feature is enabled or not.
    
    To test:
    - Verify the syspref works
    - Verify users can manage their API keys
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 30b763040cef34f083e66d047e50b5dd20c5ec7c
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Sat Apr 14 17:37:56 2018 -0300

    Bug 20568: Unit tests
    
    This patch adds unit tests for the introduced classes: Koha::ApiKey(s).
    
    To test:
    - Apply this patch
    - Run
      $ kshell
     k$ prove t/db_dependent/Koha/ApiKeys.t
    => FAIL: Tests fail because the feature is not implemented.
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 05101f0afa28d1de67d8d313963cb06cc5b3e1e1
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Thu Apr 12 14:38:47 2018 -0300

    Bug 20568: Add mandatory description field for api keys
    
    This patch changes the table structure adding fields usually found on
    this kind of api management pages.
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 3aa102d0c35058bc6f2350d97e3da11815d368f1
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Mon Mar 23 20:14:23 2015 +0100

    Bug 20568: API keys management in interface
    
    This introduces the concept of API keys for use in the new REST API.
    A key is a string of 32 alphanumerical characters (32 is purely
    arbitrary, it can be changed easily).
    A user can have multiple keys (unlimited at the moment)
    Keys can be generated automatically, and then we have the possibility to
    delete or revoke each one individually.
    
    Test plan:
    1/ Go to staff interface
    2/ Go to a borrower page
    3/ In toolbar, click on More -> Manage API keys
    4/ Click on "Generate new key" multiple times, check that they are
       correctly displayed under the button, and they are active by default
    5/ Revoke some keys, check that they are not active anymore
    6/ Delete some keys, check that they disappear from table
    7/ Go to opac interface, log in
    8/ In your user account pages, you now have a new tab to the left "your
       API keys". Click on it.
    9/ Repeat steps 4-6
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    Signed-off-by: Julian Maurice <julian.maurice at biblibre.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 462dc01cee6f8edc76c686d36aac66ef90a5aad4
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Wed May 9 12:54:57 2018 -0300

    Bug 20402: Update DBIX schema
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit d012552ab636b23227990e3992e9dfe34733fcab
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue May 8 16:05:04 2018 -0300

    Bug 20402: DBRev 17.12.00.042
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 714e55388921c3663dd65d0347e8b52d0664cc2d
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue May 8 16:44:42 2018 -0300

    Bug 20402: only output if verbose flag is set
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 99b820653418f8d8ea57ef6e01f45879e783b0f8
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Fri Apr 20 10:37:37 2018 +0200

    Bug 20402: Remove useless call to Koha::OAuthAccessTokens->search
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 3ada1214312d1bd904c7c98778a918a80c104740
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Tue Apr 17 16:23:56 2018 -0300

    Bug 20402: Add missing POD
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit a5c28cc24b857c050c1fc41e270a601772cc381d
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Tue Apr 17 16:23:36 2018 -0300

    Bug 20402: Atomic update and kohastructure.sql fixes
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 5b2aec72a98d770456169f0e01c23e85954493c8
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Tue Apr 17 19:07:47 2018 +0200

    Bug 20402: Use TestBuilder->build_object in oauth.t
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 5c7d12e4e0f813fb31a9ebe7b5c6e5aee71c6cfc
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Tue Apr 17 19:07:01 2018 +0200

    Bug 20402: Remove dependency on Mojo::Plugin::OAuth2::Server
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 996b100f1f46f574cc597d4fd2865c1db8e5f4e7
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Thu Apr 12 14:48:58 2018 +0200

    Bug 20402: Don't look at cookies if OAuth2 is attempted and has failed
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit ccc034195ee8c3cd7d5e43b0b88cbbf98c865666
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Thu Apr 12 09:17:43 2018 +0200

    Bug 20402: Fix oauth.t
    
    GET /patrons now requires { "borrowers": 1 } instead of
    { "borrowers": "edit_borrowers" }
    
    Signed-off-by: Josef Moravec <josef.moravec at gmail.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 43a4b3c22c7a694975032a787c118fc1aeef5411
Author: Julian Maurice <julian.maurice at biblibre.com>
Date:   Tue Mar 13 13:17:12 2018 +0100

    Bug 20402: Implement OAuth2 authentication for REST API
    
    It implements only the "client credentials" flow with no scopes
    support. API clients are tied to an existing patron and have the same
    permissions as the patron they are tied to.
    API Clients are defined in $KOHA_CONF.
    
    Test plan:
    0. Install Net::OAuth2::AuthorizationServer 0.16
    1. In $KOHA_CONF, add an <api_client> element under <config>:
         <api_client>
           <client_id>$CLIENT_ID</client_id>
           <client_secret>$CLIENT_SECRET</client_secret>
           <patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
         </api_client>
    2. Apply patch, run updatedatabase.pl and reload starman
    3. Install Firefox extension RESTer [1]
    4. In RESTer, go to "Authorization" tab and create a new OAuth2
       configuration:
       - OAuth flow: Client credentials
       - Access Token Request Method: POST
       - Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
       - Access Token Request Client Authentication: Credentials in request
         body
       - Client ID: $CLIENT_ID
       - Client Secret: $CLIENT_SECRET
    5. Click on the newly created configuration to generate a new token
       (which will be valid only for an hour)
    6. In RESTer, set HTTP method to GET and url to
       http://$KOHA_URL/api/v1/patrons then click on SEND
       If patron X has permission 'borrowers', it should return 200 OK
       with the list of patrons
       Otherwise it should return 403 with the list of required permissions
       (Please test both cases)
    7. Wait an hour (or run the following SQL query:
       UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
       You should have a 403 Forbidden status, and the token must have been
       removed from the database.
    8. Create a bunch of tokens using RESTer, make some of them expires
       using the previous SQL query, and run the following command:
         misc/cronjobs/cleanup_database.pl --oauth-tokens
       Verify that expired tokens were removed, and that the others are
       still there
    9. prove t/db_dependent/api/v1/oauth.t
    
    [1] https://addons.mozilla.org/en-US/firefox/addon/rester/
    
    Signed-off-by: Josef Moravec <josef.moravec at gmail.com>
    Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

commit 896bb7ec54d128d829ed34a06a85a64586e53bff
Author: Tomas Cohen Arazi <tomascohen at theke.io>
Date:   Thu Apr 5 11:07:30 2018 -0300

    Bug 20525: Add --timezone switch to koha-create
    
    This patch adds a --timezone switch to koha-create so the timezone can
    be set on creation time. It defaults to empty (i.e. using the server's
    local time).
    
    To test:
    - Create an instance:
      $ sudo koha-create --create-db timezone1
    => SUCCESS: /etc/koha/sites/timezone1/koha-conf.xml contains an empty
    <timezone> entry.
    - Apply this patch
    - Run:
      $ perl misc4dev/cp_debian_files.pl
    - Create a new instance:
      $ sudo koha-create --create-db timezone2
    => SUCCESS: /etc/koha/sites/timezone2/koha-conf.xml contains an empty
    <timezone> entry (i.e. the current behaviour is preserved).
    - Create a new instance:
      $ sudo koha-create --create-db --timezone Your/Timezone timezone3
    => SUCCESS: /etc/koha/sites/timezone3/koha-conf.xml contains
        <timezone>Your/Timezone</timezone> (i.e. introduced behaviour works)
    - Sign off :-D
    
    Sponsored-by: ByWater Solutions
    
    Signed-off-by: Mark Tompsett <mtompset at hotmail.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
    
    Signed-off-by: Jonathan Druart <jonathan.druart at bugs.koha-community.org>

-----------------------------------------------------------------------

Summary of changes:
 C4/Installer/PerlDependencies.pm                   |    5 +
 Koha.pm                                            |    2 +-
 Koha/ApiKey.pm                                     |   95 ++++++++++++
 Koha/{CsvProfiles.pm => ApiKeys.pm}                |   19 ++-
 Koha/OAuth.pm                                      |  121 +++++++++++++++
 Koha/{Acquisition/Fund.pm => OAuthAccessToken.pm}  |    8 +-
 Koha/{Authority/Tags.pm => OAuthAccessTokens.pm}   |   18 +--
 Koha/REST/V1/Auth.pm                               |   55 +++++++
 Koha/REST/V1/OAuth.pm                              |   96 ++++++++++++
 Koha/Schema/Result/ApiKey.pm                       |  123 +++++++++++++++
 Koha/Schema/Result/Borrower.pm                     |   19 ++-
 Koha/Schema/Result/OauthAccessToken.pm             |   72 +++++++++
 Koha/Schema/Result/SearchField.pm                  |   10 +-
 about.pl                                           |    8 +
 api/v1/swagger/paths.json                          |    3 +
 api/v1/swagger/paths/oauth.json                    |   64 ++++++++
 debian/docs/koha-create.xml                        |    8 +
 debian/scripts/koha-create                         |   13 +-
 debian/templates/koha-conf-site.xml.in             |    2 +-
 installer/data/mysql/kohastructure.sql             |   32 ++++
 installer/data/mysql/sysprefs.sql                  |    1 +
 installer/data/mysql/updatedatabase.pl             |   57 +++++++
 .../prog/en/includes/members-toolbar.inc           |   10 ++
 koha-tmpl/intranet-tmpl/prog/en/modules/about.tt   |    9 +-
 .../en/modules/admin/preferences/web_services.pref |    8 +-
 .../prog/en/modules/members/apikeys.tt             |  111 +++++++++++++
 .../opac-tmpl/bootstrap/en/includes/usermenu.inc   |    2 +
 members/apikeys.pl                                 |  124 +++++++++++++++
 misc/cronjobs/cleanup_database.pl                  |   11 ++
 t/db_dependent/Koha/ApiKeys.t                      |   90 +++++++++++
 t/db_dependent/api/v1/oauth.t                      |  164 ++++++++++++++++++++
 31 files changed, 1326 insertions(+), 34 deletions(-)
 create mode 100644 Koha/ApiKey.pm
 copy Koha/{CsvProfiles.pm => ApiKeys.pm} (80%)
 create mode 100644 Koha/OAuth.pm
 copy Koha/{Acquisition/Fund.pm => OAuthAccessToken.pm} (87%)
 copy Koha/{Authority/Tags.pm => OAuthAccessTokens.pm} (78%)
 create mode 100644 Koha/REST/V1/OAuth.pm
 create mode 100644 Koha/Schema/Result/ApiKey.pm
 create mode 100644 Koha/Schema/Result/OauthAccessToken.pm
 create mode 100644 api/v1/swagger/paths/oauth.json
 create mode 100644 koha-tmpl/intranet-tmpl/prog/en/modules/members/apikeys.tt
 create mode 100755 members/apikeys.pl
 create mode 100755 t/db_dependent/Koha/ApiKeys.t
 create mode 100755 t/db_dependent/api/v1/oauth.t


hooks/post-receive
-- 
main Koha release repository


More information about the koha-commits mailing list