Bug 24003: Make the API set userenv on authentication

This patch makes the authentication step stash the user that got
authenticated so code outside the Mojo part of Koha can use it (i.e.
through the use of C4::Context->userenv).

To test:
1. Apply the regression tests
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t \
           t/db_dependent/api/v1/auth_basic.t
=> FAIL: Tests fail!
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm
index a4bb7ae..b096686 100644 (file)
--- a/Koha/REST/V1/Auth.pm
+++ b/Koha/REST/V1/Auth.pm
@@ -154,6 +154,7 @@ sub authenticate_api_request {
     my $spec = $c->openapi->spec || $c->match->endpoint->pattern->defaults->{'openapi.op_spec'};
 
     $c->stash_embed({ spec => $spec });
+    my $cookie_auth = 0;
 
     my $authorization = $spec->{'x-koha-authorization'};
 
@@ -222,6 +223,7 @@ sub authenticate_api_request {
             $user = Koha::Patrons->find( $session->param('number') )
               unless $session->param('sessiontype')
                  and $session->param('sessiontype') eq 'anon';
+            $cookie_auth = 1;
         }
         elsif ($status eq "maintenance") {
             Koha::Exceptions::UnderMaintenance->throw(
@@ -247,6 +249,11 @@ sub authenticate_api_request {
 
     $c->stash('koha.user' => $user);
 
+    if ( $user and !$cookie_auth ) { # cookie-auth sets this and more, don't mess with that
+        C4::Context->_new_userenv( $user->borrowernumber );
+        C4::Context->set_userenv( $user->borrowernumber );
+    }
+
     if ( !$authorization and
          ( $params->{is_public} and
           ( C4::Context->preference('RESTPublicAnonymousRequests') or