projects / koha-ffzg.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug 20402: Remove dependency on Mojo::Plugin::OAuth2::Server
[koha-ffzg.git] / Koha / REST / V1 / Auth.pm
diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm
index 3ca43fa..65f0e71 100644 (file)
--- a/Koha/REST/V1/Auth.pm
+++ b/Koha/REST/V1/Auth.pm
@@ -21,6 +21,8 @@ use Modern::Perl;
 
 use Mojo::Base 'Mojolicious::Controller';
 
+use Net::OAuth2::AuthorizationServer;
+
 use C4::Auth qw( check_cookie_auth get_session haspermission );
 use C4::Context;
 
@@ -113,27 +115,43 @@ sub authenticate_api_request {
     my $spec = $c->match->endpoint->pattern->defaults->{'openapi.op_spec'};
     my $authorization = $spec->{'x-koha-authorization'};
 
-    if (my $oauth = $c->oauth) {
-        my $clients = C4::Context->config('api_client');
-        $clients = [ $clients ] unless ref $clients eq 'ARRAY';
-        my ($client) = grep { $_->{client_id} eq $oauth->{client_id} } @$clients;
+    my $authorization_header = $c->req->headers->authorization;
+    if ($authorization_header and $authorization_header =~ /^Bearer /) {
+        my $server = Net::OAuth2::AuthorizationServer->new;
+        my $grant = $server->client_credentials_grant(Koha::OAuth::config);
+        my ($type, $token) = split / /, $authorization_header;
+        my ($valid_token, $error) = $grant->verify_access_token(
+            access_token => $token,
+        );
+
+        if ($valid_token) {
+            my $clients = C4::Context->config('api_client');
+            $clients = [ $clients ] unless ref $clients eq 'ARRAY';
+            my ($client) = grep { $_->{client_id} eq $valid_token->{client_id} } @$clients;
+
+            my $patron = Koha::Patrons->find($client->{patron_id});
+            my $permissions = $authorization->{'permissions'};
+            # Check if the patron is authorized
+            if ( haspermission($patron->userid, $permissions)
+                or allow_owner($c, $authorization, $patron)
+                or allow_guarantor($c, $authorization, $patron) ) {
 
-        my $patron = Koha::Patrons->find($client->{patron_id});
-        my $permissions = $authorization->{'permissions'};
-        # Check if the patron is authorized
-        if ( haspermission($patron->userid, $permissions)
-            or allow_owner($c, $authorization, $patron)
-            or allow_guarantor($c, $authorization, $patron) ) {
+                validate_query_parameters( $c, $spec );
 
-            validate_query_parameters( $c, $spec );
+                # Everything is ok
+                return 1;
+            }
 
-            # Everything is ok
-            return 1;
+            Koha::Exceptions::Authorization::Unauthorized->throw(
+                error => "Authorization failure. Missing required permission(s).",
+                required_permissions => $permissions,
+            );
         }
 
-        Koha::Exceptions::Authorization::Unauthorized->throw(
-            error => "Authorization failure. Missing required permission(s).",
-            required_permissions => $permissions,
+        # If we have "Authorization: Bearer" header and oauth authentication
+        # failed, do not try other authentication means
+        Koha::Exceptions::Authentication::Required->throw(
+            error => 'Authentication failure.'
         );
     }
 
KOHA@FFZG based on git://git.koha.org/pub/scm/koha.git