[Koha-bugs] [Bug 38826] C4::Auth::check_api_auth sometimes returns $session and sometimes returns $sessionID

Tue, 07 Jan 2025 04:32:59 -0800 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38826

Nick Clemens (kidclamp) <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #176164|0                           |1
        is obsolete|                            |

--- Comment #5 from Nick Clemens (kidclamp) <[email protected]> ---
Created attachment 176187
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=176187&action=edit
Bug 38826: Make check_api_auth $sessionID consistent

This change makes $sessionID consistently return using the session
ID and not sometimes the session object.

Test plan:
0. Apply the patch
1. koha-plack --restart kohadev
2. curl -v 'http://localhost:8081/cgi-bin/koha/svc/authentication' --cookie-jar
/tmp/test.cookies
3. Note the Csrf-Token header value
4. Replace the <CSRF-TOKEN>, <USERID>, and <PASSWORD> tokens in the next step
using the appropriate values (eg the CSRF-TOKEN is from the previous step)
5. curl -v -H "Content-Type: application/x-www-form-urlencoded" \
    -H "Csrf-Token: <CSRF-TOKEN>" -XPOST \
    'http://localhost:8081/cgi-bin/koha/svc/authentication' \
    -d "login_userid=<USERID>&login_password=<PASSWORD>" \
    --cookie /tmp/test.cookies --cookie-jar /tmp/test.cookies
6. curl -XGET -v 'http://localhost:8081/cgi-bin/koha/svc/bib/29' \
    --cookie /tmp/test.cookies > rec.marcxml
7. curl -v 'http://localhost:8081/cgi-bin/koha/svc/authentication' \
    --cookie /tmp/test.cookies --cookie-jar /tmp/test.cookies
8. Note the Csrf-Token header value
9. curl -H "Content-Type: text/xml" -H "Csrf-Token: <CSRF-TOKEN>" \
    -XPOST -v 'http://localhost:8081/cgi-bin/koha/svc/bib/29' \
    --cookie /tmp/test.cookies --data @rec.marcxml

Signed-off-by: Jan Kissig <[email protected]>
Signed-off-by: Nick Clemens <[email protected]>

-- 
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to