Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials

This patch makes the /api/v1/oauth/token enpoint respect the
RESTOAuth2ClientCredentials syspref. It will return 400 (with
'Unimplemented grant type' error message) on the event of the syspref
being disabled and the grant_type => 'client_credentials' value passed.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: It fails because the off-switch is not implemented
- Apply this patch
- Run:
  k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/Koha/REST/V1/OAuth.pm b/Koha/REST/V1/OAuth.pm
index 727838b..d201f88 100644 (file)
--- a/Koha/REST/V1/OAuth.pm
+++ b/Koha/REST/V1/OAuth.pm
@@ -13,7 +13,7 @@ sub token {
     my $c = shift->openapi->valid_input or return;
 
     my $grant_type = $c->validation->param('grant_type');
-    unless ($grant_type eq 'client_credentials') {
+    unless ( $grant_type eq 'client_credentials' and C4::Context->preference('RESTOAuth2ClientCredentials') ) {
         return $c->render(status => 400, openapi => {error => 'Unimplemented grant type'});
     }