[Patches] [PATCH] [SIGNED-OFF] Bug 6694: Problem with casAuthentication syspref

koha-patchbot at kohaaloha.com koha-patchbot at kohaaloha.com
Tue Dec 13 22:05:04 NZDT 2011


From: Julian Maurice <julian.maurice at biblibre.com>
Date: Wed, 10 Aug 2011 11:41:06 +0200
Subject: [PATCH] [SIGNED-OFF] Bug 6694: Problem with casAuthentication syspref

A missing test in checkauth caused anonymous session to be destroyed and
re-created at every call when this syspref was set.
Almost the same issue is also fixed in check_api_auth, which caused
C4::Service->init to fail.

Signed-off-by: Alex Arnaud <alex.arnaud at biblibre.com>
---
 C4/Auth.pm |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index e360e10..17b8469 100755
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -688,7 +688,8 @@ sub checkauth {
             $userid   = $session->param('id');
 			$sessiontype = $session->param('sessiontype');
         }
-        if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) {
+        if ( ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) )
+          || ( $cas && $query->param('ticket') ) ) {
             #if a user enters an id ne to the id in the current session, we need to log them in...
             #first we need to clear the anonymous session...
             $debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id');
@@ -751,7 +752,7 @@ sub checkauth {
        	C4::Context->_new_userenv($sessionID);
         $cookie = $query->cookie(CGISESSID => $sessionID);
 	    $userid    = $query->param('userid');
-    	    if ($cas || $userid) {
+            if (($cas && $query->param('ticket')) || $userid) {
         	my $password = $query->param('password');
 		my ($return, $cardnumber);
 		if ($cas && $query->param('ticket')) {
@@ -1117,7 +1118,7 @@ sub check_api_auth {
     unless ($query->param('userid')) {
         $sessionID = $query->cookie("CGISESSID");
     }
-    if ($sessionID && not $cas) {
+    if ($sessionID && not ($cas && $query->param('PT')) ) {
         my $session = get_session($sessionID);
         C4::Context->_new_userenv($sessionID);
         if ($session) {
-- 
1.7.0.4


More information about the Patches mailing list