[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

David Cook  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=25796

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Martin Renvoize  changed:

   What|Removed |Added

 Status|Pushed to Master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

--- Comment #75 from David Cook  ---
(In reply to Julian Maurice from comment #74)
> You could define as many API clients as you want in $KOHA_CONF.
> But this has been replaced by bug 20568 and bug 20612. You can now define
> API keys in the interface.

Oooh awesome! I've wanted that feature for so long :D.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

--- Comment #74 from Julian Maurice  ---
(In reply to David Cook from comment #73)
> I know this has already been pushed... but it looks like this allows for
> only 1 API client? What if you want to have multiple API clients?

You could define as many API clients as you want in $KOHA_CONF.
But this has been replaced by bug 20568 and bug 20612. You can now define API
keys in the interface.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

David Cook  changed:

   What|Removed |Added

 CC||dc...@prosentient.com.au

--- Comment #73 from David Cook  ---
I know this has already been pushed... but it looks like this allows for only 1
API client? What if you want to have multiple API clients?

BibLibre might have Coral talking to Koha's REST API, but maybe a client's
Drupal website wants to talk to Koha's REST API too?

Right now, I suppose you could share the credentials amongst all the clients,
but that doesn't seem like a great long-term option?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Jonathan Druart  changed:

   What|Removed |Added

 Status|Passed QA   |Pushed to Master

--- Comment #72 from Jonathan Druart  
---
Pushed to master for 18.05, thanks to everybody involved!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

--- Comment #71 from Jonathan Druart  
---
Created attachment 75189
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75189&action=edit
Bug 20402: only output if verbose flag is set

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Katrin Fischer  changed:

   What|Removed |Added

 Blocks||20624


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624
[Bug 20624] Disable the OAuth2 client credentials grant by default
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Katrin Fischer  changed:

   What|Removed |Added

 Blocks|20624   |


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624
[Bug 20624] Disable the OAuth2 client credentials grant by default
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74600|0   |1
is obsolete||

--- Comment #69 from Tomás Cohen Arazi  ---
Created attachment 75033
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75033&action=edit
Bug 20402: Remove useless call to Koha::OAuthAccessTokens->search

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

--- Comment #70 from Tomás Cohen Arazi  ---
Rebased.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74386|0   |1
is obsolete||

--- Comment #68 from Tomás Cohen Arazi  ---
Created attachment 75032
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75032&action=edit
Bug 20402: Add missing POD

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74384|0   |1
is obsolete||

--- Comment #66 from Tomás Cohen Arazi  ---
Created attachment 75030
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75030&action=edit
Bug 20402: Use TestBuilder->build_object in oauth.t

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74385|0   |1
is obsolete||

--- Comment #67 from Tomás Cohen Arazi  ---
Created attachment 75031
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75031&action=edit
Bug 20402: Atomic update and kohastructure.sql fixes

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74380|0   |1
is obsolete||

--- Comment #62 from Tomás Cohen Arazi  ---
Created attachment 75026
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75026&action=edit
Bug 20402: Implement OAuth2 authentication for REST API

It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.

Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an  element under :
 
   $CLIENT_ID
   $CLIENT_SECRET
   X 
 
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
   configuration:
   - OAuth flow: Client credentials
   - Access Token Request Method: POST
   - Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
   - Access Token Request Client Authentication: Credentials in request
 body
   - Client ID: $CLIENT_ID
   - Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
   (which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
   http://$KOHA_URL/api/v1/patrons then click on SEND
   If patron X has permission 'borrowers', it should return 200 OK
   with the list of patrons
   Otherwise it should return 403 with the list of required permissions
   (Please test both cases)
7. Wait an hour (or run the following SQL query:
   UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
   You should have a 403 Forbidden status, and the token must have been
   removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
   using the previous SQL query, and run the following command:
 misc/cronjobs/cleanup_database.pl --oauth-tokens
   Verify that expired tokens were removed, and that the others are
   still there
9. prove t/db_dependent/api/v1/oauth.t

[1] https://addons.mozilla.org/en-US/firefox/addon/rester/

Signed-off-by: Josef Moravec 
Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74382|0   |1
is obsolete||

--- Comment #64 from Tomás Cohen Arazi  ---
Created attachment 75028
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75028&action=edit
Bug 20402: Don't look at cookies if OAuth2 is attempted and has failed

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74383|0   |1
is obsolete||

--- Comment #65 from Tomás Cohen Arazi  ---
Created attachment 75029
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75029&action=edit
Bug 20402: Remove dependency on Mojo::Plugin::OAuth2::Server

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #74381|0   |1
is obsolete||

--- Comment #63 from Tomás Cohen Arazi  ---
Created attachment 75027
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75027&action=edit
Bug 20402: Fix oauth.t

GET /patrons now requires { "borrowers": 1 } instead of
{ "borrowers": "edit_borrowers" }

Signed-off-by: Josef Moravec 
Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20402] OAuth2 client credentials grant for REST API

[bugzilla-daemon]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

Tomás Cohen Arazi  changed:

   What|Removed |Added

Summary|Implement OAuth2|OAuth2 client credentials
   |authentication for REST API |grant for REST API

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/