OverDrive API Integration Does Not Work When Password Required
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Confirmed
|
Medium
|
Unassigned | ||
3.3 |
Won't Fix
|
Undecided
|
Unassigned | ||
3.4 |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The ebook_api.
JavaScript Console Log:
starting ebook API session for overdrive
login?redirect_
at login?redirect_
at OpenSRF.
at Function.
at Function.
at OpenSRF.
at XMLHttpRequest.
(anonymous) @ login?redirect_
oncomplete @ session.
OpenSRF.
OpenSRF.Stack.push @ opensrf.
OpenSRF.
xreq.onreadysta
XMLHttpRequest.send (async)
OpenSRF.
OpenSRF.
OpenSRF.
OpenSRF.
startSession @ session.
checkSession @ session.
(anonymous) @ login?redirect_
(anonymous) @ login?redirect_
(anonymous) @ dojo.js?f456c8:16
The user's password will need to be cached after the login is successful, and the OILS AUTH session is available.
Additionally, the current code uses Dojo to install an onload function to set up the onclick. This is another place that will need to be touched when we do finally remove Dojo from Evergreen.
tags: | added: privacy |
The password is stored in the ebook_api session cache, which is separate from the main Evergreen session cache. The user does not need to be logged in to Evergreen for an ebook_api session to exist. EG should be verifying the existence of an ebook_api session (or initiating one) first, then caching the password via a callback function. Or at least that's the intended behavior -- there is clearly a bug here.