use Modern::Perl;
+use Koha::ApiKeys;
use Koha::OAuthAccessTokens;
=head1 NAME
sub _verify_client_cb {
my (%args) = @_;
- my ($client_id, $client_secret)
- = @args{ qw/ client_id client_secret / };
+ my ($client_id, $client_secret) = @args{ qw/ client_id client_secret / };
- return (0, 'unauthorized_client') unless $client_id;
+ my $api_key;
- my $clients = C4::Context->config('api_client');
- $clients = [ $clients ] unless ref $clients eq 'ARRAY';
- my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
- return (0, 'unauthorized_client') unless $client;
+ if ($client_id) {
+ $api_key = Koha::ApiKeys->find( $client_id );
+ }
+
+ # client_id mandatory and exists on the DB
+ return (0, 'unauthorized_client') unless $api_key && $api_key->active;
- return (0, 'access_denied') unless $client_secret eq $client->{client_secret};
+ return (0, 'access_denied') unless $api_key->secret eq $client_secret;
return (1, undef, []);
}
use C4::Auth qw( check_cookie_auth get_session haspermission );
use C4::Context;
+use Koha::ApiKeys;
use Koha::Account::Lines;
use Koha::Checkouts;
use Koha::Holds;
use Koha::OAuth;
+use Koha::OAuthAccessTokens;
use Koha::Old::Checkouts;
use Koha::Patrons;
);
if ($valid_token) {
- my $clients = C4::Context->config('api_client');
- $clients = [ $clients ] unless ref $clients eq 'ARRAY';
- my ($client) = grep { $_->{client_id} eq $valid_token->{client_id} } @$clients;
-
- my $patron = Koha::Patrons->find($client->{patron_id});
+ my $patron_id = Koha::ApiKeys->find( $valid_token->{client_id} )->patron_id;
+ my $patron = Koha::Patrons->find($patron_id);
my $permissions = $authorization->{'permissions'};
# Check if the patron is authorized
if ( haspermission($patron->userid, $permissions)