Bug 20624: (QA follow-up) Handle missing deps gracefuly

This patch makes the /token endpoint and the authenticate_api_request
method behave correctly in the event of missing deps for OAuth2.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: The behaviour is not implemented
- Apply this patch
- Run:
 k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm
index 1df26e4..b2ccd6b 100644 (file)
--- a/Koha/REST/V1/Auth.pm
+++ b/Koha/REST/V1/Auth.pm
@@ -21,8 +21,6 @@ use Modern::Perl;
 
 use Mojo::Base 'Mojolicious::Controller';
 
-use Net::OAuth2::AuthorizationServer;
-
 use C4::Auth qw( check_cookie_auth get_session haspermission );
 use C4::Context;
 
@@ -39,6 +37,7 @@ use Koha::Exceptions;
 use Koha::Exceptions::Authentication;
 use Koha::Exceptions::Authorization;
 
+use Module::Load::Conditional;
 use Scalar::Util qw( blessed );
 use Try::Tiny;
 
@@ -118,7 +117,18 @@ sub authenticate_api_request {
     my $authorization = $spec->{'x-koha-authorization'};
 
     my $authorization_header = $c->req->headers->authorization;
+
     if ($authorization_header and $authorization_header =~ /^Bearer /) {
+        # attempt to use OAuth2 authentication
+        if ( ! Module::Load::Conditional::can_load('Net::OAuth2::AuthorizationServer') ) {
+            Koha::Exceptions::Authorization::Unauthorized->throw(
+                error => 'Authentication failure.'
+            );
+        }
+        else {
+            require Net::OAuth2::AuthorizationServer;
+        }
+
         my $server = Net::OAuth2::AuthorizationServer->new;
         my $grant = $server->client_credentials_grant(Koha::OAuth::config);
         my ($type, $token) = split / /, $authorization_header;

diff --git a/Koha/REST/V1/OAuth.pm b/Koha/REST/V1/OAuth.pm
index d201f88..dc09885 100644 (file)
--- a/Koha/REST/V1/OAuth.pm
+++ b/Koha/REST/V1/OAuth.pm
@@ -1,17 +1,40 @@
 package Koha::REST::V1::OAuth;
 
+# This file is part of Koha.
+#
+# Koha is free software; you can redistribute it and/or modify it under the
+# terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3 of the License, or (at your option) any later
+# version.
+#
+# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with Koha; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
 use Modern::Perl;
 
-use Mojo::Base 'Mojolicious::Controller';
+use Module::Load::Conditional;
 
-use Net::OAuth2::AuthorizationServer;
+use C4::Context;
 use Koha::OAuth;
 
-use C4::Context;
+use Mojo::Base 'Mojolicious::Controller';
 
 sub token {
+
     my $c = shift->openapi->valid_input or return;
 
+    if ( Module::Load::Conditional::can_load('Net::OAuth2::AuthorizationServer') ) {
+        require Net::OAuth2::AuthorizationServer;
+    }
+    else {
+        return $c->render( status => 400, openapi => { error => 'Unimplemented grant type' } );
+    }
+
     my $grant_type = $c->validation->param('grant_type');
     unless ( $grant_type eq 'client_credentials' and C4::Context->preference('RESTOAuth2ClientCredentials') ) {
         return $c->render(status => 400, openapi => {error => 'Unimplemented grant type'});