#
# This file is part of Koha.
#
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 3 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
#
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along
-# with Koha; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
"Configuration prevents the usage of this endpoint by unprivileged users");
}
- $status = authenticate_api_request($c);
+ if ( $c->req->url->to_abs->path eq '/api/v1/oauth/token' ) {
+ # Requesting a token shouldn't go through the API authenticaction chain
+ $status = 1;
+ }
+ else {
+ $status = authenticate_api_request($c);
+ }
} catch {
unless (blessed($_)) {
my $user;
my $spec = $c->match->endpoint->pattern->defaults->{'openapi.op_spec'};
+
+ $c->stash_embed({ spec => $spec });
+
my $authorization = $spec->{'x-koha-authorization'};
my $authorization_header = $c->req->headers->authorization;
if ($valid_token) {
my $patron_id = Koha::ApiKeys->find( $valid_token->{client_id} )->patron_id;
$user = Koha::Patrons->find($patron_id);
+ C4::Context->interface('api');
}
else {
# If we have "Authorization: Bearer" header and oauth authentication
);
}
$user = $c->_basic_auth( $authorization_header );
+ C4::Context->interface('api');
unless ( $user ) {
# If we have "Authorization: Basic" header and authentication
# failed, do not try other authentication means
# Manually pass the remote_address to check_auth_cookie
my $remote_addr = $c->tx->remote_address;
my ($status, $sessionID) = check_cookie_auth(
- $cookie, '*',
+ $cookie, undef,
{ remote_addr => $remote_addr });
if ($status eq "ok") {
my $session = get_session($sessionID);
my $permissions = $authorization->{'permissions'};
# Check if the user is authorized
- if ( haspermission($user->userid, $permissions)
+ if ( ( defined($permissions) and haspermission($user->userid, $permissions) )
or allow_owner($c, $authorization, $user)
or allow_guarantor($c, $authorization, $user) ) {
return;
}
- my $guarantees = $user->guarantees->as_list;
+ my $guarantees = $user->guarantee_relationships->guarantees->as_list;
foreach my $guarantee (@{$guarantees}) {
return 1 if check_object_ownership($c, $guarantee);
}