my $c = shift->openapi->valid_input or return;;
my $status = 0;
+
try {
+ # /api/v1/{namespace}
+ my $namespace = $c->req->url->to_abs->path->[2];
+
+ if ( $namespace eq 'public'
+ and !C4::Context->preference('RESTPublicAPI') )
+ {
+ Koha::Exceptions::Authorization->throw(
+ "Configuration prevents the usage of this endpoint by unprivileged users");
+ }
+
$status = authenticate_api_request($c);
} catch {
required_permissions => $_->required_permissions,
});
}
+ elsif ($_->isa('Koha::Exceptions::Authorization')) {
+ return $c->render(status => 403, json => { error => $_->error });
+ }
elsif ($_->isa('Koha::Exceptions')) {
return $c->render(status => 500, json => { error => $_->error });
}
my $tx;
subtest 'under() tests' => sub {
- plan tests => 15;
+
+ plan tests => 20;
$schema->storage->txn_begin;
my ($borrowernumber, $session_id) = create_user_and_session();
+ # disable the /public namespace
+ t::lib::Mocks::mock_preference( 'RESTPublicAPI', 0 );
+ $tx = $t->ua->build_tx( POST => "/api/v1/public/patrons/$borrowernumber/password" );
+ $tx->req->env( { REMOTE_ADDR => $remote_address } );
+ $t->request_ok($tx)
+ ->status_is(403)
+ ->json_is('/error', 'Configuration prevents the usage of this endpoint by unprivileged users');
+
+ # enable the /public namespace
+ t::lib::Mocks::mock_preference( 'RESTPublicAPI', 1 );
+ $tx = $t->ua->build_tx( GET => "/api/v1/public/patrons/$borrowernumber/password" );
+ $tx->req->env( { REMOTE_ADDR => $remote_address } );
+ $t->request_ok($tx)->status_is(404);
+
# 401 (no authentication)
$tx = $t->ua->build_tx( GET => "/api/v1/patrons" );
$tx->req->env( { REMOTE_ADDR => $remote_address } );