[Koha-devel] REST API not working in koha-testing-docker?

Tomas Cohen Arazi tomascohen at gmail.com
Thu Mar 12 23:51:40 CET 2020 

Hi all.

Cookie auth shouldn't be a problem per se. We only use the cookie for
getting the user and then the code is the same no matter the autentication
method.

But

There's always a 'but', right?

I've been fighting some devs that introduce the use of C4::Context->userenv
and then probably have side effects of a cookie is found ... Even if the
api is called using (say) oauth.

We should get rid of this side effects from our codebase. In the meantime,
share some more info on the endpoint you're hitting so we can debug it and
fix it!

Cheers

PS I need to submit some work I did for handling unhandled exceptions in a
more useful way. I suggest you concat $_ to the case of 500 on the endpoint
you're using to get more info.

El jue., 12 de marzo de 2020 19:31, <dcook at prosentient.com.au> escribió:

> Hi Arthur,
>
>
>
> Thanks for your comprehensive reply. Sorry I just noticed it after
> replying to everyone else who CCed me directly.
>
>
>
> I’m not interested in using browser extensions, but thanks for sharing
> your experience.
>
>
>
> It looks like the 500 Internal Server Errors probably related to Koha not
> handling a cookie/browser session as expected. The errors went away if I
> used a different browser or an Incognito mode. (Hence why it also worked
> with curl.) I suppose that could be a bug in Koha, but probably not a
> significant enough one to deal with right now.
>
> Sure enough, when I log into the http://localhost:8080, I can now get the
> output of http://localhost:8080/api/v1/libraries because of the cookie
> indicating my browser session. If I log out, I now get ‘{"error":"Something
> went wrong, check the logs."}’, when really I should probably get a 401.
> Raised this issue for it
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24862.
>
>
>
> The RESTPublicAPI thing also looks like a bug as I keep getting this
> error: {"error":"Authorization failure. Missing required
> permission(s).","required_permissions":null}. At least when I try using
> RESTBasicAuth. I haven’t tried with RESTOAuth2ClientCredentials or cookie
> authentication. I’ll probably just end up blocking RESTPublicAPI anyway,
> but I’ve raised a ticket anyway
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24861.
>
>
>
> David Cook
>
> Systems Librarian
>
> Prosentient Systems
>
> 72/330 Wattle St
>
> Ultimo, NSW 2007
>
> Australia
>
>
>
> Office: 02 9212 0899
>
> Direct: 02 8005 0595
>
>
>
> *From:* Koha-devel <koha-devel-bounces at lists.koha-community.org> *On
> Behalf Of *Arthur Suzuki
> *Sent:* Thursday, 12 March 2020 8:23 PM
> *To:* koha-devel at lists.koha-community.org
> *Subject:* Re: [Koha-devel] REST API not working in koha-testing-docker?
>
>
>
> Hi David,
>
> To test Rest API I strongly recommend the use of "RESTer" which is an
> extension for Firefox.
>
> I'm sending here the "requests collection" I've made for my own use.
>
> When you open RESTer, there is a menu on the right (if not, click on the
> top left 3-bar icon).
>
> First thing is to go on "Organize" and import the request collection.
>
> 2nd step : Click on "Environment", then + button in the lower right corner.
>
> For the requests in the collection to work you'll want to define an
> environment called "koha" with a key called "baseurl" containing... the
> base url of the koha instance you want to test, for koha-testing-docker
> this is http://localhost:8080
>
> This setup allow to quickly change the baseurl for another one (let say a
> client in prodution) for all the requests in the collection.
>
> 401 is Authentication Failure error, this is how I solved :
>
> 3rd step : click on a request from the "KohaTest" group.  You'll get a
> panel with "Headers/Body/Auth/Var" tabs where you can provide data to forge
> the request.
>
> Go to Auth tab, click on "Generate new Token" -> "Basic" and provide
> credentials (koha/koha)
>
> To use basic Auth of course you'll have to enable BasicAuth in the Syspref.
>
> Click on the newly generated token so that it has a tick on its left.
>
> If you want to use curl, then you can easily export stuffs from RESTer to
> Curl, click on the top-right "3-point vertical" button and select "Show
> curl command" -> gives the curl stuff.
>
> I find this way of working very useful to maintain the collection of curl
> commands.
>
> Sry that this email is a bit long, it may not directly solve your issue
> but I hope it may :)
>
> If there is any interest I can maybe make a screencast to show how to
> setup the whole thing.
>
> I'm now just pulling the last koha-testing-docker env to verify if I get
> same errors as you have (taking some time given my very poor bandwidth in
> the middle of nowhere ^^)
>
> Best regards,
>
> Arthur
>
> On 12/03/2020 05:41, dcook at prosentient.com.au wrote:
>
> Hi all,
>
>
>
> I’m finally getting around to playing with the REST API, but it’s not
> quite working as expected.
>
>
>
> In koha-testing-docker (with the latest koha-testing-docker git repo and
> Docker images as of this writing), I’m getting the following in the browser:
>
>
>
>    1. 200 OK
>
>
>    1. http://localhost:8080/api/v1/.html
>       2. http://localhost:8080/api/v1/ or
>       http://localhost:8080/api/v1/.json
>
>
>    1. 500 Internal Server error (with no obvious messages in the server
>    logs other than a missing “Routing to a callback”)
>
>
>    1. http://localhost:8080/api/v1/items
>       2. http://localhost:8080/api/v1/patrons
>       3. http://localhost:8080/api/v1/libraries
>
>
>
> If I use “curl” or a Perl script, then I get a 401 error instead of a 500
> error. (Although in Koha 19.11, I can get JSON results in either the
> browser or with curl for those endpoints, but that’s a whole other matter.)
>
>
>
> RESTBasicAuth = 1 means I can use the API via curl, but still nothing via
> the browser. Which is fine I guess in practice but it’s not really what
> you’d expect. I often use browser requests to test out GET requests for
> APIs.
>
>
>
> I don’t really get how RESTPublicAPI works either. If it’s disabled, it
> says ‘{"error":"Configuration prevents the usage of this endpoint by
> unprivileged users"}’, but that doesn’t seem accurate, since disabling that
> system preference blocks the /public APIs in general, right? Even if you
> use a privileged user, it still doesn’t work.
>
>
>
> Actually, even with RESTPublicAPI enabled, I can’t get the /public
> endpoints to work. I get errors like this ‘{"error":"Authorization failure.
> Missing required permission(s).","required_permissions":null}’.
>
>
>
> This email is getting a bit long and I think I have a million other API
> problems, so I might just work through one by one and open Bugzilla tickets
> as I go…
>
>
>
> David Cook
>
> Systems Librarian
>
> Prosentient Systems
>
> 72/330 Wattle St
>
> Ultimo, NSW 2007
>
> Australia
>
>
>
> Office: 02 9212 0899
>
> Direct: 02 8005 0595
>
>
>
>
>
> _______________________________________________
>
> Koha-devel mailing list
>
> Koha-devel at lists.koha-community.org
>
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>
> website : http://www.koha-community.org/
>
> git : http://git.koha-community.org/
>
> bugs : http://bugs.koha-community.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20200312/30e5feb7/attachment.html>

More information about the Koha-devel mailing list