Koha/OAuth.pm

   1 package Koha::OAuth;
   2
   3 # This file is part of Koha.
   4 #
   5 # Koha is free software; you can redistribute it and/or modify it under the
   6 # terms of the GNU General Public License as published by the Free Software
   7 # Foundation; either version 3 of the License, or (at your option) any later
   8 # version.
   9 #
  10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
  11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  12 # A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License along
  15 # with Koha; if not, write to the Free Software Foundation, Inc.,
  16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17
  18 use Modern::Perl;
  19
  20 use Koha::ApiKeys;
  21 use Koha::OAuthAccessTokens;
  22
  23 =head1 NAME
  24
  25 Koha::OAuth - Koha library for OAuth2 callbacks
  26
  27 =head1 API
  28
  29 =head2 Class methods
  30
  31 =head3 config
  32
  33     my $config = Koha::OAuth->config;
  34
  35 Returns a hashref containing the callbacks Net::OAuth2::AuthorizationServer requires
  36
  37 =cut
  38
  39 sub config {
  40     return {
  41         verify_client_cb => \&_verify_client_cb,
  42         store_access_token_cb => \&_store_access_token_cb,
  43         verify_access_token_cb => \&_verify_access_token_cb
  44     };
  45 }
  46
  47 =head3 _verify_client_cb
  48
  49 A callback to verify if the client asking for authorization is known to the authorization server
  50 and allowed to get authorization.
  51
  52 =cut
  53
  54 sub _verify_client_cb {
  55     my (%args) = @_;
  56
  57     my ($client_id, $client_secret) = @args{ qw/ client_id client_secret / };
  58
  59     my $api_key;
  60
  61     if ($client_id) {
  62         $api_key = Koha::ApiKeys->find( $client_id );
  63     }
  64
  65     # client_id mandatory and exists on the DB
  66     return (0, 'unauthorized_client') unless $api_key && $api_key->active;
  67
  68     return (0, 'access_denied') unless $api_key->secret eq $client_secret;
  69
  70     return (1, undef, []);
  71 }
  72
  73 =head3 _store_access_token_cb
  74
  75 A callback to store the generated access tokens.
  76
  77 =cut
  78
  79 sub _store_access_token_cb {
  80     my ( %args ) = @_;
  81
  82     my ( $client_id, $access_token, $expires_in )
  83         = @args{ qw/ client_id access_token expires_in / };
  84
  85     my $at = Koha::OAuthAccessToken->new({
  86         access_token  => $access_token,
  87         expires       => time + $expires_in,
  88         client_id     => $client_id,
  89     });
  90     $at->store;
  91
  92     return;
  93 }
  94
  95 =head3 _verify_access_token_cb
  96
  97 A callback to verify the access token.
  98
  99 =cut
 100
 101 sub _verify_access_token_cb {
 102     my (%args) = @_;
 103
 104     my $access_token = $args{access_token};
 105
 106     my $at = Koha::OAuthAccessTokens->find($access_token);
 107     if ($at) {
 108         if ( $at->expires <= time ) {
 109             # need to revoke the access token
 110             $at->delete;
 111
 112             return (0, 'invalid_grant')
 113         }
 114
 115         return $at->unblessed;
 116     }
 117
 118     return (0, 'invalid_grant')
 119 };
 120
 121 1;