subject:"\[Koha\-bugs\] \[Bug 20624\] Disable the OAuth2 client credentials grant by default"

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2020-06-01 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Jonathan Druart  changed:

   What|Removed |Added

 Blocks||25623


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25623
[Bug 25623] Some tests in oauth.t do not roll back
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-10-24 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Martin Renvoize  changed:

   What|Removed |Added

 Status|Pushed to Stable|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-07-18 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624
Bug 20624 depends on bug 20402, which changed state.

Bug 20402 Summary: OAuth2 client credentials grant for REST API
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402

   What|Removed |Added

 Status|Pushed to Master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-07-18 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624
Bug 20624 depends on bug 20568, which changed state.

Bug 20568 Summary: Add API key management interface for patrons
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20568

   What|Removed |Added

 Status|Pushed to Master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-07-18 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Martin Renvoize  changed:

   What|Removed |Added

 Status|Pushed to Master|Pushed to Stable

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-07-18 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624
Bug 20624 depends on bug 20612, which changed state.

Bug 20612 Summary: Make OAuth2 use patron's client_id/secret pairs
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20612

   What|Removed |Added

 Status|Pushed to Master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Jonathan Druart  changed:

   What|Removed |Added

 Status|Passed QA   |Pushed to Master

--- Comment #24 from Jonathan Druart  
---
Pushed to master for 18.05, thanks to everybody involved!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Jonathan Druart  changed:

   What|Removed |Added

 Status|Signed Off  |Passed QA

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

 Blocks||20734


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20734
[Bug 20734] Add warning to the about page if RESTOAuth2ClientCredentials and
not Net::OAuth2::AuthorizationServer
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

  Attachment #75206|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #23 from Tomás Cohen Arazi  ---
Created attachment 75206
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75206=edit
Bug 20624: Add an entry in About when deps are not present

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Jonathan Druart  changed:

   What|Removed |Added

 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org

--- Comment #22 from Jonathan Druart  
---
I was expecting to see rejected any requests made with a valid token when the
pref is off.

Example:
Turn the pref on
Generate a token
Request something (or not)
Turn the pref on
Request something
=> 200
Should not we return 401 or whatever instead?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #21 from Tomás Cohen Arazi  ---
Created attachment 75184
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75184=edit
Bug 20624: Net::OAuth2::AuthorizationServer is not a hard dependency

While we get packaging sorted, Net::OAuth2::AuthorizationServer is not a
hard dependency for Koha and the feature requiring it is disabled by
default.

This patch:
- Makes the dependency optional
- Makes the unit tests for the OAuth2 client credentials flow skip if
  the dependency is not met.

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-07 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

   Severity|enhancement |normal

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-07 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #20 from Tomás Cohen Arazi  ---
Created attachment 75132
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75132=edit
Bug 20624: (QA follow-up) Add miising POD in Koha::REST::V1::OAuth

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #15 from Kyle M Hall  ---
Created attachment 75061
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75061=edit
Bug 20624: Unit tests

This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials
syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!

Signed-off-by: Kyle M Hall 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #16 from Kyle M Hall  ---
Created attachment 75062
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75062=edit
Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials

This patch makes the /api/v1/oauth/token enpoint respect the
RESTOAuth2ClientCredentials syspref. It will return 400 (with
'Unimplemented grant type' error message) on the event of the syspref
being disabled and the grant_type => 'client_credentials' value passed.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: It fails because the off-switch is not implemented
- Apply this patch
- Run:
  k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Kyle M Hall 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #17 from Kyle M Hall  ---
Created attachment 75063
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75063=edit
Bug 20624: Make staff client respect RESTOAuth2ClientCredentials

This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.

To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D

Signed-off-by: Kyle M Hall 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Kyle M Hall  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #18 from Kyle M Hall  ---
Created attachment 75064
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75064=edit
Bug 20624: (QA follow-up) Unit tests for missing deps situation

This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.

Signed-off-by: Tomas Cohen Arazi 

Signed-off-by: Kyle M Hall 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Kyle M Hall  changed:

   What|Removed |Added

  Attachment #74986|0   |1
is obsolete||
  Attachment #74987|0   |1
is obsolete||
  Attachment #74988|0   |1
is obsolete||
  Attachment #74989|0   |1
is obsolete||
  Attachment #75020|0   |1
is obsolete||
  Attachment #75021|0   |1
is obsolete||

--- Comment #14 from Kyle M Hall  ---
Created attachment 75060
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75060=edit
Bug 20624: Add RESTOAuth2ClientCredentials syspref

Signed-off-by: Tomas Cohen Arazi 

Signed-off-by: Kyle M Hall 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #19 from Kyle M Hall  ---
Created attachment 75065
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75065=edit
Bug 20624: (QA follow-up) Handle missing deps gracefuly

This patch makes the /token endpoint and the authenticate_api_request
method behave correctly in the event of missing deps for OAuth2.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: The behaviour is not implemented
- Apply this patch
- Run:
 k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi 

Signed-off-by: Kyle M Hall 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #13 from Katrin Fischer  ---
Treating this as a false positive as it's not added by the patch set:

 FAIL   Koha/REST/V1/Auth.pm
   OK critic
   OK forbidden patterns
   OK git manipulation
   OK pod
   FAIL   pod coverage
POD is missing for 'validate_query_parameters'

The link is gone, but the page remains accessible directly:
http://localhost:8081/cgi-bin/koha/members/apikeys.pl?patron_id=1

Tests fail for me:

t/db_dependent/api/v1/oauth.t .. 1/2 
#   Failed test '/oauth/token tests'
#   at t/db_dependent/api/v1/oauth.t line 116.
Can't call method "expires" on an undefined value at
t/db_dependent/api/v1/oauth.t line 93.
# Looks like your test exited with 255 just after 1.
t/db_dependent/api/v1/oauth.t .. Dubious, test returned 255 (wstat 65280,
0xff00)
Failed 2/2 subtests 

Test Summary Report
---
t/db_dependent/api/v1/oauth.t (Wstat: 65280 Tests: 1 Failed: 1)
  Failed test:  1
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 2 tests but ran 1.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #12 from Katrin Fischer  ---
20402
20568
20612
20624 
... always tell git bz to ignore dependencies as it doesn't notice what's
already applied.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #11 from Katrin Fischer  ---
... trying to figure out the right sequence that will make git bz happy.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Katrin Fischer  changed:

   What|Removed |Added

 Depends on||20402


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402
[Bug 20402] OAuth2 client credentials grant for REST API
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-04 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Katrin Fischer  changed:

   What|Removed |Added

 Depends on|20402   |

--- Comment #10 from Katrin Fischer  ---
bug 20402 is already a dependency of bug 20612


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20402
[Bug 20402] OAuth2 client credentials grant for REST API
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-03 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #9 from Tomás Cohen Arazi  ---
(In reply to Katrin Fischer from comment #6)
> Applied 20402, then bug 20568, but the latest patch there doesn't apply:
> Apply? [(y)es, (n)o, (i)nteractive] y
> Applying: Bug 20568: API keys management in interface
> Applying: Bug 20568: Add mandatory description field for api keys
> Applying: Bug 20568: Unit tests
> Applying: Bug 20568: API key management for OPAC users
> error: sha1 information is lacking or useless
> (koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc).
> error: could not build fake ancestor
> Patch failed at 0001 Bug 20568: API key management for OPAC users
> The copy of the patch that failed is found in: .git/rebase-apply/patch
> When you have resolved this problem run "git bz apply --continue".
> If you would prefer to skip this patch, instead run "git bz apply --skip".
> To restore the original branch and stop patching run "git bz apply --abort".
> Patch left in /tmp/Bug-20568-API-key-management-for-OPAC-users-Igx9Ny.patch
> 
> Sorry, stuck :(

Dependent bugs rebased!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-03 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #8 from Tomás Cohen Arazi  ---
Created attachment 75021
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75021=edit
Bug 20624: (QA follow-up) Handle missing deps gracefuly

This patch makes the /token endpoint and the authenticate_api_request
method behave correctly in the event of missing deps for OAuth2.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: The behaviour is not implemented
- Apply this patch
- Run:
 k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-03 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #7 from Tomás Cohen Arazi  ---
Created attachment 75020
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75020=edit
Bug 20624: (QA follow-up) Unit tests for missing deps situation

This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Katrin Fischer  changed:

   What|Removed |Added

 CC||katrin.fisc...@bsz-bw.de

--- Comment #6 from Katrin Fischer  ---
Applied 20402, then bug 20568, but the latest patch there doesn't apply:
Apply? [(y)es, (n)o, (i)nteractive] y
Applying: Bug 20568: API keys management in interface
Applying: Bug 20568: Add mandatory description field for api keys
Applying: Bug 20568: Unit tests
Applying: Bug 20568: API key management for OPAC users
error: sha1 information is lacking or useless
(koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc).
error: could not build fake ancestor
Patch failed at 0001 Bug 20568: API key management for OPAC users
The copy of the patch that failed is found in: .git/rebase-apply/patch
When you have resolved this problem run "git bz apply --continue".
If you would prefer to skip this patch, instead run "git bz apply --skip".
To restore the original branch and stop patching run "git bz apply --abort".
Patch left in /tmp/Bug-20568-API-key-management-for-OPAC-users-Igx9Ny.patch

Sorry, stuck :(

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

 CC||julian.maur...@biblibre.com
   ||, kyle.m.h...@gmail.com,
   ||n...@bywatersolutions.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

 CC||tomasco...@gmail.com
 Status|NEW |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #5 from Tomás Cohen Arazi  ---
Created attachment 74989
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74989=edit
Bug 20624: Make staff client respect RESTOAuth2ClientCredentials

This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.

To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #2 from Tomás Cohen Arazi  ---
Created attachment 74986
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74986=edit
Bug 20624: Add RESTOAuth2ClientCredentials syspref

Signed-off-by: Tomas Cohen Arazi 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #3 from Tomás Cohen Arazi  ---
Created attachment 74987
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74987=edit
Bug 20624: Unit tests

This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials
syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.

To test:
- Apply this patch
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

--- Comment #4 from Tomás Cohen Arazi  ---
Created attachment 74988
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=74988=edit
Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials

This patch makes the /api/v1/oauth/token enpoint respect the
RESTOAuth2ClientCredentials syspref. It will return 400 (with
'Unimplemented grant type' error message) on the event of the syspref
being disabled and the grant_type => 'client_credentials' value passed.

To test:
- Run:
  $ kshell
 k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: It fails because the off-switch is not implemented
- Apply this patch
- Run:
  k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

 Depends on|20627   |


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20627
[Bug 20627] Prevent leakages of user permissions to api access tokens
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

   Assignee|koha-b...@lists.koha-commun |tomasco...@gmail.com
   |ity.org |

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 20624] Disable the OAuth2 client credentials grant by default

2018-05-02 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20624

Tomás Cohen Arazi  changed:

   What|Removed |Added

Summary|Allow switching off the |Disable the OAuth2 client
   |OAuth2 client credentials   |credentials grant by
   |grant   |default

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

40 matches

Mail list logo