# This file is part of Koha.
#
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 3 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
#
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along
-# with Koha; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
+use Koha::ApiKeys;
use Koha::OAuthAccessTokens;
=head1 NAME
};
}
-=head3 _verify_client_db
+=head3 _verify_client_cb
A callback to verify if the client asking for authorization is known to the authorization server
and allowed to get authorization.
sub _verify_client_cb {
my (%args) = @_;
- my ($client_id, $client_secret)
- = @args{ qw/ client_id client_secret / };
+ my ($client_id, $client_secret) = @args{ qw/ client_id client_secret / };
- return (0, 'unauthorized_client') unless $client_id;
+ my $api_key;
- my $clients = C4::Context->config('api_client');
- $clients = [ $clients ] unless ref $clients eq 'ARRAY';
- my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
- return (0, 'unauthorized_client') unless $client;
+ if ($client_id) {
+ $api_key = Koha::ApiKeys->find( $client_id );
+ }
+
+ # client_id mandatory and exists on the DB
+ return (0, 'unauthorized_client') unless $api_key && $api_key->active;
- return (0, 'access_denied') unless $client_secret eq $client->{client_secret};
+ return (0, 'access_denied') unless $api_key->secret eq $client_secret;
return (1, undef, []);
}