https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38363
--- Comment #1 from Lari Taskula <[email protected]> --- Created attachment 188465 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=188465&action=edit Bug 38363: Use output_html_with_http_headers in C4::Auth The following C4::Auth subroutines - checkauth() - get_template_and_user() were in some cases outputting html outside of C4::Output's output mechanisms. It is important to ensure the consistency of our HTTP responses. Having multiple output mechanisms for what is essentialy the same type of response not only leads to unneccessary code duplication and complexity but possibly even bugs at some point in the future. For these reasons it is better to output only through C4::Output, when possible. This patch does that for the two aforementioned C4::Auth cases. To test unit tests: 1. prove t/db_dependent/Auth.t As for checkauth(), the change only applies to failed logins. To test checkauth: 1. Log in to OPAC with invalid credentials 2. Observe "You entered an incorrect username or password" 3. Log in to staff client with invalid credentials 4. Observe "Invalid username or password" As for get_template_and_user(), the change only applies to SCO/SCI user navigating outside of the self service modules. To test get_template_and_user: 1. Enable system preference WebBasedSelfCheck 2. Create a new test patron and note down their username & password 3. Grant them a permission self_checkout_module (under Self check modules) 4. Navigate to http://OPAC/cgi-bin/koha/sco/sco-main.pl 5. Log in with the test patron 6. Observe successful login (should display "Self-checkout system" page) 7. Navigate to http://OPAC/cgi-bin/koha/opac-main.pl (you can get there by editing the address bar of your web browser) 8. Observe "Log in to your account" page, ie. you have been kicked out 9. Modify your test patron's permissions 10. Remove permission "self_checkout_module" and add "self_checkin_module" 11. Enable system preference SelfCheckInModule 12. Navigate to http://OPAC/cgi-bin/koha/sci/sci-main.pl 13. Log in using your test patron's credentials 14. Observe "Self check-in" page 15. Navigate to http://OPAC/cgi-bin/koha/opac-main.pl (you can get there by editing the address bar of your web browser) 16. Observe "Log in to your account" page, ie. you have been kicked out -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
