https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30962
Katrin Fischer <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |32739 Status|Signed Off |Failed QA --- Comment #26 from Katrin Fischer <[email protected]> --- 1) Unit tests pass 2) QA test tools pass 3) Test plan I followed the test plan and while I have the replies 204 and 400, I don't see the error as described: error message {"error":"Validation failed"} 4) Postman I also tried to test this with Postman. * Verified that BasicAuth worked as expected by listing patrons * Tried: localhost:8081/api/v1/auth/password/validation * Params: username, password * Verb: POST * Body: { "username": "...", "password": "..." } a) Matching username + password * cardnumber + correct password = 400 - Bad request * username + correct password = 204 - No Content (that's a success?) * username + incorrect password = 400 - Bad Request - error: Validation failed * username + incorrect password so many times to make the account lock: 400 - Bad Request - error: Validation failed Notes: * The login page in Koha allows for cardnumber + password AND userid + password at the same time. I think we should extend this route in a separate bug to also support cardnumber/both to make this easier to use and also mimick what ILS-DI and SIP do as well. I've filed: Bug 32739 - REST API: Extend endpoint /auth/password/validation for cardnumber * We do want the account to lock with too many attempts, which it does. The error stays the same, but I think that's good too and matches what we do on the OPAC, we don't want to give away too much information. *thumbs up* QA fail: * The route users username, but the patrons api uses user_id. We should make things match and use user_id here as well. Almost ready to PQA, please fix! Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32739 [Bug 32739] REST API: Extend endpoint /auth/password/validation for cardnumber -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
