search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 20582: Fix PSGI file when behind a reverse proxy
[koha.git] / members / apikeys.pl
blob619fc30b8a8ae102efe9d3d4ba5fe072fc5e6c8e
1 #!/usr/bin/perl
2
3 # This file is part of Koha.
4 #
5 # Copyright 2015 BibLibre
6 #
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
19
20 use Modern::Perl;
21
22 use CGI;
23
24 use C4::Auth;
25 use C4::Output;
26
27 use Koha::ApiKeys;
28 use Koha::Patrons;
29 use Koha::Token;
30
31 my $cgi = new CGI;
32
33 my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
34 { template_name => 'members/apikeys.tt',
35 query => $cgi,
36 type => 'intranet',
37 flagsrequired => { borrowers => 'edit_borrowers' },
38 }
39 );
40
41 my $patron;
42 my $patron_id = $cgi->param('patron_id') // '';
43 my $api_key = $cgi->param('key') // '';
44
45 $patron = Koha::Patrons->find($patron_id) if $patron_id;
46
47 if ( not defined $patron or
48 not C4::Context->preference('RESTOAuth2ClientCredentials') ) {
49
50 # patron_id invalid -> exit
51 print $cgi->redirect("/cgi-bin/koha/errors/404.pl"); # escape early
52 exit;
53 }
54
55 my $op = $cgi->param('op') // '';
56
57 if ( $op eq 'generate' or
58 $op eq 'delete' or
59 $op eq 'revoke' or
60 $op eq 'activate' ) {
61
62 output_and_exit( $cgi, $cookie, $template, 'wrong_csrf_token' )
63 unless Koha::Token->new->check_csrf({
64 session_id => scalar $cgi->cookie('CGISESSID'),
65 token => scalar $cgi->param('csrf_token'),
66 });
67 }
68
69 if ($op) {
70 if ( $op eq 'generate' ) {
71 my $description = $cgi->param('description') // '';
72 my $api_key = Koha::ApiKey->new(
73 { patron_id => $patron_id,
74 description => $description
75 }
76 );
77 $api_key->store;
78 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
79 exit;
80 }
81
82 if ( $op eq 'delete' ) {
83 my $api_key_id = $cgi->param('key');
84 my $key = Koha::ApiKeys->find({ patron_id => $patron_id, client_id => $api_key_id });
85 if ($key) {
86 $key->delete;
87 }
88 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
89 exit;
90 }
91
92 if ( $op eq 'revoke' ) {
93 my $api_key_id = $cgi->param('key');
94 my $key = Koha::ApiKeys->find({ patron_id => $patron_id, client_id => $api_key_id });
95 if ($key) {
96 $key->active(0);
97 $key->store;
98 }
99 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
100 exit;
101 }
102
103 if ( $op eq 'activate' ) {
104 my $api_key_id = $cgi->param('key');
105 my $key = Koha::ApiKeys->find({ patron_id => $patron_id, client_id => $api_key_id });
106 if ($key) {
107 $key->active(1);
108 $key->store;
109 }
110 print $cgi->redirect( '/cgi-bin/koha/members/apikeys.pl?patron_id=' . $patron_id );
111 exit;
112 }
113 }
114
115 my @api_keys = Koha::ApiKeys->search({ patron_id => $patron_id });
116
117 $template->param(
118 api_keys => \@api_keys,
119 csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $cgi->cookie('CGISESSID') }),
120 patron => $patron
121 );
122
123 output_html_with_http_headers $cgi, $cookie, $template->output;
Koha ILS