https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38382
Marcel de Rooy <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #175250|0 |1 is obsolete| | --- Comment #8 from Marcel de Rooy <[email protected]> --- Created attachment 175444 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=175444&action=edit Bug 38382: Fresh connection when connexion CSRF token expires This patch simply generates a new user agent when reauthenticating when the CSRF token for the session has expired. To test: 1 - Edit Koha/Token.pm, line 275 from: { MaxAge => $params->{MaxAge} // ( CSRF_EXPIRY_HOURS * 3600 ) }, to: { MaxAge => $params->{MaxAge} // ( CSRF_EXPIRY_HOURS ) }, 2 - This will make your CSRF tokens expire after 8 seconds 3 - vim /etc/koha/sites/kohadev/connexion.cnf 4 - Set content: host: port: 8888 koha:http://localhost:8081 log:/var/log/koha/kohadev/connexion.log match:ISBN user:kohauser password:kohapass overlay_action:replace nomatch_action:create_new item_action:always_add import_mode:direct framework:BKS overlay_framework: debug:1 5 - Save the sample file from this bug into your kohaclone (or copy and paste into a file your koha test site can reach) 6 - On the command line: perl misc/bin/connexion_import_daemon.pl -c /etc/koha/sites/kohadev/connexion.cnf 7 - In another terminal: cat bug_33418.test | nc -v localhost 8888 8 - Successful request 9 - Wait 10 seconds (more than 8 anyways) 10 - Repeat 7 11 - Unsuccessful request - Invalid CSRF token 12 - Ctrl+C to stop the connexion daemon 13 - Apply patch 14 - repeat 6 15 - repeat 7, success 16 - Wait more than 8 seconds 17 - repeat 7, success! 18 - repeat again until you are satisfied 19 - Sign off! WNC amended and tidied Signed-off-by: Brendan Lawlor <[email protected]> Signed-off-by: Marcel de Rooy <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
