subject:"\[Koha\-bugs\] \[Bug 17004\] REST API\: add route to authenticate patron \( Single Sign On \- SSO\)"

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2023-06-25 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Katrin Fischer  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|In Discussion   |RESOLVED

--- Comment #41 from Katrin Fischer  ---
(In reply to David Cook from comment #40)
> Now that bug 30962 has been pushed to 22.11.03+, I'll be using that in my
> Keycloak extension.
> 
> --
> 
> Also I think that bug 30962 might actually meet quite a few of the original
> goals outlined in this bug report...

It feels like this can be closed now. Please reopen if something is still
missing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2023-04-25 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #40 from David Cook  ---
Now that bug 30962 has been pushed to 22.11.03+, I'll be using that in my
Keycloak extension.

--

Also I think that bug 30962 might actually meet quite a few of the original
goals outlined in this bug report...

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2022-11-07 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

mathieu saby  changed:

   What|Removed |Added

 CC||mathsaby...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2022-06-15 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

David Cook  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=30962

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2022-06-14 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #39 from David Cook  ---
I'm going to add another wrinkle into all of this!

Since Koha isn't yet capable of being an OpenID Connect/SAML2 IDP itself, we're
using the Keycloak IDAM system instead (which Red Hat very actively develops
and supports).

The cool part is that I've written an extension using the User Storage SPI
(https://www.keycloak.org/docs/latest/server_development/#_user-storage-spi) to
use the Koha database as the User Federation provider. 

Right now, I'm using the existing REST API to GET patrons, but I need a REST
API endpoint to validate the credentials entered by the user. I'll be creating
a custom endpoint for that this afternoon. *Note that this isn't creating a
Koha authentication session. It's just validating that the password entered by
the user into Keycloak is the same password stored in the Koha database.*

So Keycloak will provide the SSO for Koha and other systems, but the real
backend user database (and potentially business rules) will still happen in
Koha. 

I thought about doing the REST API endpoint as a Koha plugin, but I'm going to
just code it into our local Koha, so that it's easier to maintain and
distribute. 

Once we've battle tested everything, I could look at sharing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-10-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #38 from Ulrich Kleiber  ---
(In reply to Arthur Suzuki from comment #36)
> (In reply to Ulrich Kleiber from comment #34)
> > I think leaving the proven path of pure doctrine is better than the
> > alternative of using ILS-DI for patron authentication, where the password
> > appears in the URL and thus in the Apache log files and the Plack log files.
> > We have legacy systems which are not part of a centralized single sign-on
> > infrastructure. But they are part of our in-house Koha infrastructure. Our
> > patrons do not have to give there password to a third party service.
> 
> About ILS-DI having the password in the URL, the easy fix is to have the
> third-party software querying Koha with HTTP-POST instead of HTTP-GET, that
> works.
> The parameters are then not part of the URL anymore, hence not logged.
> (still transfered in cleartext if https is not used though)

Thanks for your hint Arthur, it works :)

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-10-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

David Cook  changed:

   What|Removed |Added

 CC||dc...@prosentient.com.au

--- Comment #37 from David Cook  ---
(In reply to Tomás Cohen Arazi from comment #35)
> Until we implement Koha-as-an-IdP with OAuth2 bells and whistles, it
> wouldn't hurt to have a way to generate a session using the API the same way
> the old .pl scripts do.

I've already done a lot of this work locally, but it's unpolished, and there's
not enough... incentive(?) to upstream it at the moment.

But that's really the key. Refactoring checkauth() so that we can create a
session with a function call would be great. Then we call leave up the actual
authentication to the caller. 

One day I'll have all the time and money in the world to bring pluggable
authentication to Koha hehe. It actually wouldn't take that much time and
effort, but there are only 24 hours in the day...

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-10-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Arthur Suzuki  changed:

   What|Removed |Added

 CC||arthur.suz...@biblibre.com

--- Comment #36 from Arthur Suzuki  ---
(In reply to Ulrich Kleiber from comment #34)
> I think leaving the proven path of pure doctrine is better than the
> alternative of using ILS-DI for patron authentication, where the password
> appears in the URL and thus in the Apache log files and the Plack log files.
> We have legacy systems which are not part of a centralized single sign-on
> infrastructure. But they are part of our in-house Koha infrastructure. Our
> patrons do not have to give there password to a third party service.

About ILS-DI having the password in the URL, the easy fix is to have the
third-party software querying Koha with HTTP-POST instead of HTTP-GET, that
works.
The parameters are then not part of the URL anymore, hence not logged.
(still transfered in cleartext if https is not used though)

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-06-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Marjorie Barry-Vila  changed:

   What|Removed |Added

 CC||marjorie.barry-vila@collect
   ||o.ca

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-03-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #35 from Tomás Cohen Arazi  ---
Until we implement Koha-as-an-IdP with OAuth2 bells and whistles, it wouldn't
hurt to have a way to generate a session using the API the same way the old .pl
scripts do.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-03-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #34 from Ulrich Kleiber  ---
I think leaving the proven path of pure doctrine is better than the alternative
of using ILS-DI for patron authentication, where the password appears in the
URL and thus in the Apache log files and the Plack log files.
We have legacy systems which are not part of a centralized single sign-on
infrastructure. But they are part of our in-house Koha infrastructure. Our
patrons do not have to give there password to a third party service.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-02-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #33 from Katrin Fischer  ---
(In reply to Martin Renvoize from comment #32)
> People do realise there's a 'AuthenticatePatron' option in ils-di right.. so
> this being blocked doesn't mean there isn't already an alternative that's
> been available in Koha for.. I dunno.. a decade?

We might end up going this route, but ILS-DI has its own security concerns as
far as I understand.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-02-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #32 from Martin Renvoize  ---
People do realise there's a 'AuthenticatePatron' option in ils-di right.. so
this being blocked doesn't mean there isn't already an alternative that's been
available in Koha for.. I dunno.. a decade?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-01-25 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Katrin Fischer  changed:

   What|Removed |Added

 CC||ulrich.klei...@bsz-bw.de

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2021-01-25 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #31 from Katrin Fischer  ---
I believe while what Martin suggests here is the "right" way to do it it won't
be an option for many legacy systems to implement that. Is there a way we could
provide both? A simple auth route that given the user credentials returns some
basic information, valid/invalid and maybe a system identifier (borrowernumber)
that can be used to get more information about privileges etc?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2020-05-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Inspiria  changed:

   What|Removed |Added

 CC||diwaka...@inspiria.edu.in

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2020-03-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Lari Taskula  changed:

   What|Removed |Added

   Assignee|lari.task...@hypernova.fi   |koha-b...@lists.koha-commun
   ||ity.org

--- Comment #30 from Lari Taskula  ---
I'm no longer able to work on this, so I'm setting assignee to default. Feel
free to continue this work.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2019-07-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Johanna Räisä  changed:

   What|Removed |Added

 CC||johanna.ra...@koha-suomi.fi

--- Comment #29 from Johanna Räisä  ---
(In reply to Martin Renvoize from comment #23)
> I was actually suggesting Koha act as an OAuth/OpenID Connect provider
> rather than just a consumer.
> 
> There's  pretty solid Mojolicious Plugin we could use that gives us a chunk
> of this out of the box:
> https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server
> 
> It's using something like this that I'm advocating ;)  So, when logging in
> the user would get directed to a Koha login page and then redirected back to
> whatever SSO consumer they came from.  It's clearer to the user what login
> they should be using and who the original party is that's storing their
> authentication credentials.
> 
> OAuth is of course the 'Authorization' side of the story, we'd still need to
> work out the OpenID Connect side of the story to bring this back down to
> simple 'user identification'.

This would be great for clarity. How about if some service would authenticate
on background like SIP does?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2018-05-14 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Tomás Cohen Arazi  changed:

   What|Removed |Added

 CC||tomasco...@gmail.com

--- Comment #28 from Tomás Cohen Arazi  ---
(In reply to Marcel de Rooy from comment #27)
> (In reply to Martin Renvoize from comment #26)
> > Well..  I'm bogged down at the minute.. but doing this has been on my todo
> > list for nearly a year ;)
> > 
> > If I get a chance, I might try and take some time over christmas to work on
> > it.
> 
> Moving this to In Discussion in view of the comments above. Sorry..
> Martin: Could you tell us which christmas you will be working on it? :)

LOL

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron (Single Sign On - SSO)

2018-05-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jon Knight  changed:

   What|Removed |Added

 CC||j.p.kni...@lboro.ac.uk

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2017-09-25 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jonathan Druart  changed:

   What|Removed |Added

  Component|Web services|REST api

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2017-06-16 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Marcel de Rooy  changed:

   What|Removed |Added

 CC||m.de.r...@rijksmuseum.nl
 Status|Signed Off  |In Discussion

--- Comment #27 from Marcel de Rooy  ---
(In reply to Martin Renvoize from comment #26)
> Well..  I'm bogged down at the minute.. but doing this has been on my todo
> list for nearly a year ;)
> 
> If I get a chance, I might try and take some time over christmas to work on
> it.

Moving this to In Discussion in view of the comments above. Sorry..
Martin: Could you tell us which christmas you will be working on it? :)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2017-01-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Marcel de Rooy  changed:

   What|Removed |Added

   Assignee|koha-b...@lists.koha-commun |lari.task...@jns.fi
   |ity.org |

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-11-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #26 from Martin Renvoize  ---
Well..  I'm bogged down at the minute.. but doing this has been on my todo list
for nearly a year ;)

If I get a chance, I might try and take some time over christmas to work on it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-11-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #25 from Benjamin Rokseth  ---
Ah, so I totally misunderstood ;)

What you suggest totally makes sense! Hope to see this sooner than later.
Unfortunately I'm too deep in other bugs to be any help here at the moment, but
would gladly assist in testing/signing off!

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-11-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #24 from Martin Renvoize  ---
To be clear, I'm trying not to be negative here.. I'm actually really keen for
this work.. it's just I'd like to see it done 'right' in a commonly accepted
manor so we stand the best chance possible for the api to be adopted in the
wider world ;)

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-11-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #23 from Martin Renvoize  ---
I was actually suggesting Koha act as an OAuth/OpenID Connect provider rather
than just a consumer.

There's  pretty solid Mojolicious Plugin we could use that gives us a chunk of
this out of the box:
https://metacpan.org/pod/Mojolicious::Plugin::OAuth2::Server

It's using something like this that I'm advocating ;)  So, when logging in the
user would get directed to a Koha login page and then redirected back to
whatever SSO consumer they came from.  It's clearer to the user what login they
should be using and who the original party is that's storing their
authentication credentials.

OAuth is of course the 'Authorization' side of the story, we'd still need to
work out the OpenID Connect side of the story to bring this back down to simple
'user identification'.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-11-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Martin Renvoize  changed:

   What|Removed |Added

 QA Contact|testo...@bugs.koha-communit |martin.renvoize@ptfs-europe
   |y.org   |.com

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-11-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #22 from Benjamin Rokseth  ---
(In reply to Martin Renvoize from comment #21)
> I don't like this much.. We're in-explicitly mixing Authentication (Are you
> who you say you are) and Authorization (What can this person/application on
> behalf of person do)
>

I believe the main point here is authenticating a service outside koha against
its userbase and services, although of course Koha intra and opac should profit
from this.

> At the very least I believe these functions should be made distinct to
> prevent leaking security context.
> 
No problem with that, as long as authorization is handled one place only.

> The second reason I don't like this is that we're inventing out own wheel.
> There are lots of solid standards out there to do this sort of thing. We
> should really be leaning on the shoulders of giants and using an off the
> shelf standard. OAuth and OpenID connect would be my preferred option
> personally.

Now this could be debated, openID and oAuth are easy to integrate against and
are well formed standards, and would of course lower the barrier to use koha
services outside the library without handling login in koha.

But to be sure, local login needs to be handled anyways, and to use our library
as an example, having a local patron base is a strength rather than a weekness.
Being a user of the library implies a presence and represents a place outside
the web, and I'm not sure SSO with oauth gives the same sensation.

Just my two cent thoughts :) Now to rebase this against master...

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-10-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jonathan Druart  changed:

   What|Removed |Added

 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-10-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Martin Renvoize  changed:

   What|Removed |Added

 CC||martin.renvoize@ptfs-europe
   ||.com

--- Comment #21 from Martin Renvoize  ---
I don't like this much.. We're in-explicitly mixing Authentication (Are you who
you say you are) and Authorization (What can this person/application on behalf
of person do)

At the very least I believe these functions should be made distinct to prevent
leaking security context.

The second reason I don't like this is that we're inventing out own wheel.
There are lots of solid standards out there to do this sort of thing. We should
really be leaning on the shoulders of giants and using an off the shelf
standard. OAuth and OpenID connect would be my preferred option personally.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-10-13 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #20 from Benjamin Rokseth  ---
Need more to sign-off/QA this one! It's essential for the REST API development,
and it's basically nothing new other than a better replacement of the svc
authentication with a more sensible authentication approach.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-09-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #19 from Benjamin Rokseth  ---
Rebased against master.
Basically just removed swagger.min.json from the patch.

And added Bug 17243

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-09-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #54957|0   |1
is obsolete||

--- Comment #18 from Benjamin Rokseth  ---
Created attachment 55146
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=55146=edit
Bug 17004: Add API route to authenticate patron (CGISESSID) including logout

POST /auth/session (login)
DELETE /auth/session (logout)

Required POST data:
- "password"
- either "userid" or "cardnumber".

To test:
1. Make sure you are logged out from Koha.
2. Make a POST request to http://yourlibrary/api/v1/auth/session with form data
   "userid" =>  and "password" => .
3. If your userid and password is correct, you should be returned with most
   basic patron data and your CGISESSID.
4. Also attempt with invalid login to get an error.
5. Send a DELETE request to /auth/session
6. Observe that you are no longer logged-in in Koha.
7. Run tests at b/t/db_dependent/api/v1/auth.t

You may find this cURL useful:
curl -X DELETE http://lib/api/v1/auth/session --cookie
'CGISESSID=88e735aaf7c6cf194a775425cbd00570'
(replace CGISESSID=... with your CGISESSID)



I've rebased both attachments to master (restructuralized swagger
definitions).

And added proposed permissions as proposed by Benjamin Rokseth.

Btw, very nice work Lari!

Signed-off-by: Benjamin Rokseth 

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #17 from Jiri Kozlovsky  ---
(In reply to Benjamin Rokseth from comment #16)
> Shit man, you beat me with five minutes! Was just rebasing the same patch ;)
> 
> Great work, Lari and Jiri! Everything works as expected.
> 
> Just a sidenote: perhaps we should .gitignore swagger.min.json, or we will
> face a whole lot of merge issues? I propose this in a new bug. Part of the
> testing should be to minify anyways, as it will spot issues in references.

Well then, sorry about that :D I didn't know you're working on it .. maybe an
IRC channel would solve such interference?

I agree with ignoring all possible minified files in Koha in general. Are there
currently any other minified files? I can't think of any right now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Benjamin Rokseth  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off

--- Comment #16 from Benjamin Rokseth  ---
Shit man, you beat me with five minutes! Was just rebasing the same patch ;)

Great work, Lari and Jiri! Everything works as expected.

Just a sidenote: perhaps we should .gitignore swagger.min.json, or we will face
a whole lot of merge issues? I propose this in a new bug. Part of the testing
should be to minify anyways, as it will spot issues in references.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #54953|0   |1
is obsolete||

--- Comment #15 from Benjamin Rokseth  ---
Created attachment 54957
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54957=edit
Bug 17004: Add API route to authenticate patron (CGISESSID) including logout

POST /auth/session (login)
DELETE /auth/session (logout)

Required POST data:
- "password"
- either "userid" or "cardnumber".

To test:
1. Make sure you are logged out from Koha.
2. Make a POST request to http://yourlibrary/api/v1/auth/session with form data
   "userid" =>  and "password" => .
3. If your userid and password is correct, you should be returned with most
   basic patron data and your CGISESSID.
4. Also attempt with invalid login to get an error.
5. Send a DELETE request to /auth/session
6. Observe that you are no longer logged-in in Koha.
7. Run tests at b/t/db_dependent/api/v1/auth.t

You may find this cURL useful:
curl -X DELETE http://lib/api/v1/auth/session --cookie
'CGISESSID=88e735aaf7c6cf194a775425cbd00570'
(replace CGISESSID=... with your CGISESSID)



I've rebased both attachments to master (restructuralized swagger
definitions).

And added proposed permissions as proposed by Benjamin Rokseth.

Btw, very nice work Lari!

Signed-off-by: Benjamin Rokseth 

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jiri Kozlovsky  changed:

   What|Removed |Added

  Attachment #54068|0   |1
is obsolete||
  Attachment #54711|0   |1
is obsolete||

--- Comment #14 from Jiri Kozlovsky  ---
Created attachment 54953
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54953=edit
Bug 17004: Add API route to authenticate patron (CGISESSID) including logout

POST /auth/session (login)
DELETE /auth/session (logout)

Required POST data:
- "password"
- either "userid" or "cardnumber".

To test:
1. Make sure you are logged out from Koha.
2. Make a POST request to http://yourlibrary/api/v1/auth/session with form data
   "userid" =>  and "password" => .
3. If your userid and password is correct, you should be returned with most
   basic patron data and your CGISESSID.
4. Also attempt with invalid login to get an error.
5. Send a DELETE request to /auth/session
6. Observe that you are no longer logged-in in Koha.
7. Run tests at b/t/db_dependent/api/v1/auth.t

You may find this cURL useful:
curl -X DELETE http://lib/api/v1/auth/session --cookie
'CGISESSID=88e735aaf7c6cf194a775425cbd00570'
(replace CGISESSID=... with your CGISESSID)



I've rebased both attachments to master (restructuralized swagger
definitions).

And added proposed permissions as proposed by Benjamin Rokseth.

Btw, very nice work Lari!

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-23 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #13 from Lari Taskula  ---
(In reply to Benjamin Rokseth from comment #12)
> wow, amazing work! very much like the code we use in production, but better!
> AND with test coverage ;)
> 
> Would it be possible to also supply patron permissions in the response? I
> found the easiest way was to just iterate against haspermissions thus:
> 
> +   my $permissions = haspermission($userid); # defaults to all permissions
> +   # delete all empty permissions
> +   while ( my ($key, $val) = each %{$permissions} ) {
> +   delete $permissions->{$key} unless $val;
> +   }
> 
> then you could just return $permission as a hash object
Thank you for the kind support, Benjamin! That made my day!

I think permissions could be useful information to provide in the response.
Feel free to provide enhancement patches, I would be happy to sign-off them!

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Benjamin Rokseth  changed:

   What|Removed |Added

 CC||benjamin.roks...@kul.oslo.k
   ||ommune.no

--- Comment #12 from Benjamin Rokseth  ---
wow, amazing work! very much like the code we use in production, but better!
AND with test coverage ;)

Would it be possible to also supply patron permissions in the response? I found
the easiest way was to just iterate against haspermissions thus:

+   my $permissions = haspermission($userid); # defaults to all permissions
+   # delete all empty permissions
+   while ( my ($key, $val) = each %{$permissions} ) {
+   delete $permissions->{$key} unless $val;
+   }

then you could just return $permission as a hash object

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Lari Taskula  changed:

   What|Removed |Added

  Attachment #54684|0   |1
is obsolete||

--- Comment #11 from Lari Taskula  ---
Created attachment 54711
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54711=edit
Bug 17004: Add API route for logging out user

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Lari Taskula  changed:

   What|Removed |Added

  Attachment #54683|0   |1
is obsolete||

--- Comment #10 from Lari Taskula  ---
Created attachment 54684
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54684=edit
Bug 17004: Add API route for logging out user

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #9 from Lari Taskula  ---
(In reply to Lari Taskula from comment #7)
> Current status: Signed Off
Uncommented wrong line in git bz attach. Current status is Needs Signoff.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Lari Taskula  changed:

   What|Removed |Added

 Status|Signed Off  |Needs Signoff

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Lari Taskula  changed:

   What|Removed |Added

  Attachment #54682|0   |1
is obsolete||

--- Comment #8 from Lari Taskula  ---
Created attachment 54683
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54683=edit
Bug 17004: Add API route for logging out user

To test:
1. Login to Koha either by newly introduced POST /auth/session
   or traditional way.
2. Send a DELETE request to /auth/session
3. Observe that you are no longer logged-in in Koha.
4. Repeat step 2 and observe error about invalid session id.

You may find this cURL useful:
curl -X DELETE http://lib/api/v1/auth/session --cookie
'CGISESSID=88e735aaf7c6cf194a775425cbd00570'
(replace CGISESSID=... with your CGISESSID)

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #7 from Lari Taskula  ---
Created attachment 54682
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54682=edit
Bug 17004: Add API route for logging out user

To test:
1. Login to Koha either by newly introduced POST /auth/session
   or traditional way.
2. Send a DELETE request to /auth/session
3. Observe that you are no longer logged-in in Koha.
4. Repeat step 2 and observe error about invalid session id.

You may find this cURL useful:
curl -X DELETE http://lib/api/v1/auth/session --cookie
'CGISESSID=88e735aaf7c6cf194a775425cbd00570'
(replace CGISESSID=... with your CGISESSID)


Current status: Signed Off

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-06 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jiri Kozlovsky  changed:

   What|Removed |Added

  Attachment #54028|0   |1
is obsolete||

--- Comment #6 from Jiri Kozlovsky  ---
Comment on attachment 54028
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54028
Bug 17004: Add API route to authenticate patron (CGISESSID)

My Sign-Off failed to mark this attachment Obsolete, so I'm now doing it
manually

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-06 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jiri Kozlovsky  changed:

   What|Removed |Added

 Status|In Discussion   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-06 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #5 from Jiri Kozlovsky  ---
Created attachment 54068
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54068=edit
Bug 17004: Add API route to authenticate patron

This patch adds a username/cardnumber and password authentication that returns
a session.

POST /auth/session (login)

Required form data:
- "password"
- either "userid" or "cardnumber".

To test:
1. Make sure you are logged out from Koha.
2. Make a POST request to http://yourlibrary/api/v1/auth/session with form data
   "userid" =>  and "password" => .
3. If your userid and password is correct, you should be returned with most
   basic patron data and your CGISESSID.
4. Also attempt with invalid login to get an error.
5. Run tests at b/t/db_dependent/api/v1/auth.t

Signed-off-by: Jiri Kozlovsky 

Wow, brilliant work! Thanks for that, it works as expected!

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #4 from Lari Taskula  ---
(In reply to Jiri Kozlovsky from comment #2)
> (In reply to Lari Taskula from comment #1)
> > We have implemented userid/cardnumer & password CGISESSID-authentication. I
> > will rebase it on master and upload the patch here.
> 
> That's nice! So don't you mind me to put your solution here on bugzilla
> rebased on master with current REST API conventions?
> 
> I've found your implementation here:
> https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/api/v1/swagger/
> paths/auth.json (the POST method)
> 
> I think it would go quiet quick if I omit your dependencies of the
> PageObject-tests.
Since our authentication is based on Authentication rewrite (Bug 13920 and its
dependencies), it's a bit too much work for me to rebase here now, so instead I
decided to write a simple patch from scratch using session, that you can use
for testing if you wish. You can mark that patch obsolete if you wish to work
on this Bug more!

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

--- Comment #3 from Lari Taskula  ---
Created attachment 54028
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54028=edit
Bug 17004: Add API route to authenticate patron (CGISESSID)

This patch adds a username/cardnumber and password authentication that returns
a session.

POST /auth/session (login)

Required form data:
- "password"
- either "userid" or "cardnumber".

To test:
1. Make sure you are logged out from Koha.
2. Make a POST request to http://yourlibrary/api/v1/auth/session with form data
   "userid" =>  and "password" => .
3. If your userid and password is correct, you should be returned with most
   basic patron data and your CGISESSID.
4. Also attempt with invalid login to get an error.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 17004] REST API: add route to authenticate patron ( Single Sign On - SSO)

2016-08-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004

Jiri Kozlovsky  changed:

   What|Removed |Added

 Status|NEW |In Discussion
Summary|REST API: add route to  |REST API: add route to
   |authenticate patron |authenticate patron (Single
   ||Sign On - SSO)

--- Comment #2 from Jiri Kozlovsky  ---
(In reply to Lari Taskula from comment #1)
> We have implemented userid/cardnumer & password CGISESSID-authentication. I
> will rebase it on master and upload the patch here.

That's nice! So don't you mind me to put your solution here on bugzilla rebased
on master with current REST API conventions?

I've found your implementation here:
https://github.com/KohaSuomi/kohasuomi/blob/kohasuomi3.16/api/v1/swagger/paths/auth.json
(the POST method)

I think it would go quiet quick if I omit your dependencies of the
PageObject-tests.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

52 matches

Mail list logo