diff --git a/VERSIONS_WIP/72610 b/VERSIONS_WIP/72610
new file mode 100644
index 0000000000000000000000000000000000000000..fe60a378c61b4522e039875ac443b64bc691dd53
--- /dev/null
+++ b/VERSIONS_WIP/72610
@@ -0,0 +1 @@
+ - ticket #72610 : OAuth: ajouter la variable pour autoriser HTTP (OAUTH_ACCEPT_HTTP)
\ No newline at end of file
diff --git a/application/modules/api/controllers/UserController.php b/application/modules/api/controllers/UserController.php
index 3ad7af8a08da99d9412265e7e8a0841d81af1c08..cd6dd53494cfc3bda65393679e1b8f968cbbd589 100644
--- a/application/modules/api/controllers/UserController.php
+++ b/application/modules/api/controllers/UserController.php
@@ -22,7 +22,7 @@
class Api_UserController extends ZendAfi_Controller_Action {
public function loansAction() {
- if (!$this->_request->isSecure())
+ if (!($this->_request->isSecure() || Class_AdminVar_OAuthAcceptHTTP::isEnabled()))
return $this->_error($this->_('Protocole HTTP obligatoire'));
if (!$authorization = $this->_request->getHeader('authorization'))
diff --git a/library/Class/AdminVar.php b/library/Class/AdminVar.php
index 4e32cd8c416f8803cfe9205973f595e1f4b900f6..c339d9679b93bf62f8f7d20ceeffc5ea9cb55df3 100644
--- a/library/Class/AdminVar.php
+++ b/library/Class/AdminVar.php
@@ -286,6 +286,7 @@ class Class_AdminVarLoader extends Storm_Model_Loader {
protected function _getGlobalVars() {
return [
'FORCE_HTTPS' => Class_AdminVar_Meta::newOnOff($this->_('Forcer l\'accès au site par le protocole HTTPS. Nécessite l\'installation et la configuration appropriée du serveur Web')),
+ 'OAUTH_ACCEPT_HTTP' => Class_AdminVar_Meta::newOnOff($this->_('Autoriser l\'accès aux API OAUTH via HTTP (non sécurisé - déconseillé)')),
'NB_AFFICH_AVIS_PAR_AUTEUR' => Class_AdminVar_Meta::newDefault($this->_('Nombre d\'avis maximum à afficher par utilisateur.')),
'CLEF_GOOGLE_MAP' => Class_AdminVar_Meta::newDefault($this->_('Clef d\'activation pour le plan d\'accès google map. <a target="_blank" href="http://code.google.com/apis/maps/signup.html">Obtenir la clé google map</a>')),
'REGISTER_OK' => Class_AdminVar_Meta::newEncodedData($this->_('Texte visible par l\'internaute après son inscription.')),
diff --git a/tests/scenarios/MobileApplication/UserAccountTest.php b/tests/scenarios/MobileApplication/UserAccountTest.php
index 82523fc8b238d5121707204fcc25eca3a003c161..1c65ff57a6413a854845960cd8f4f30a742dfc9b 100644
--- a/tests/scenarios/MobileApplication/UserAccountTest.php
+++ b/tests/scenarios/MobileApplication/UserAccountTest.php
@@ -176,7 +176,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
/** @test */
- public function withoutHttpsShouldAnswerInvalidRequest() {
+ public function withoutHttpsShouldAnswerValidRequest() {
unset($_SERVER['HTTPS']);
$this->dispatch('/api/user/loans',
@@ -188,6 +188,26 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
'message' => 'Protocole HTTP obligatoire'],
json_decode($this->_response->getBody(), true));
}
+
+
+ /** @test */
+ public function withoutHttpsAndOAUTHAcceptInsecureShouldAnswerLoans() {
+ unset($_SERVER['HTTPS']);
+ Class_AdminVar::set('OAUTH_ACCEPT_HTTP', 1);
+ $this->dispatch('/api/user/loans',
+ true,
+ ["Authorization" => "Bearer nonos" ,
+ "Content-Type" => "application/json"]);
+
+ $loans = json_decode($this->_response->getBody(), true);
+ $this->assertEquals(['title' => 'Potter',
+ 'author' => 'J.K.R',
+ 'date_due' => '1974-01-01',
+ 'loaned_by' => 'puppy',
+ 'library' => 'Annecy'
+ ],
+ $loans['loans'][0]);
+ }
}