Browse Source

Bug 28785: Adjust check_cookie_auth calls

The previous patch makes check_cookie_auth return the session instead of
$sessionID, so we are adjusting the different calls to prevent
confusion.
However they are mainly used to check the authentication status and
don't care about this second variable.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
21.11.x
Jonathan Druart 4 months ago
parent
commit
4390b7be04
  1. 3
      Koha/REST/V1/Auth.pm
  2. 4
      admin/import_export_framework.pl
  3. 2
      authorities/merge_ajax.pl
  4. 2
      authorities/ysearch.pl
  5. 2
      cataloguing/merge_ajax.pl
  6. 2
      cataloguing/ysearch.pl
  7. 2
      circ/ysearch.pl
  8. 2
      offline_circ/service.pl
  9. 2
      opac/opac-patron-image.pl
  10. 2
      opac/opac-ratings-ajax.pl
  11. 2
      opac/opac-tags.pl
  12. 2
      opac/svc/checkout_notes
  13. 2
      opac/svc/club/cancel_enrollment
  14. 2
      opac/svc/club/enroll
  15. 2
      plugins/plugins-enable.pl
  16. 2
      serials/create-numberpattern.pl
  17. 2
      serials/subscription-frequency.pl
  18. 2
      serials/subscription-numberpattern.pl
  19. 2
      svc/article_request
  20. 1
      svc/authorised_values
  21. 2
      svc/barcode
  22. 2
      svc/cataloguing/automatic_linker.pl
  23. 2
      svc/checkin
  24. 2
      svc/checkout_notes
  25. 5
      svc/checkouts
  26. 2
      svc/club/cancel_enrollment
  27. 2
      svc/club/delete
  28. 2
      svc/club/enroll
  29. 2
      svc/club/template/delete
  30. 2
      svc/cover_images
  31. 2
      svc/creator_batches
  32. 2
      svc/hold/resume
  33. 2
      svc/hold/suspend
  34. 2
      svc/holds
  35. 2
      svc/mana/increment
  36. 2
      svc/mana/search
  37. 2
      svc/mana/share
  38. 2
      svc/mana/use
  39. 2
      svc/members/add_to_list
  40. 2
      svc/problem_reports
  41. 2
      svc/renew
  42. 5
      svc/return_claims
  43. 2
      tags/review.pl
  44. 3
      tools/background-job-progress.pl
  45. 2
      tools/batch_records_ajax.pl
  46. 2
      tools/upload-file.pl

3
Koha/REST/V1/Auth.pm

@ -216,11 +216,10 @@ sub authenticate_api_request {
# Mojo doesn't use %ENV the way CGI apps do
# Manually pass the remote_address to check_auth_cookie
my $remote_addr = $c->tx->remote_address;
my ($status, $sessionID) = check_cookie_auth(
my ($status, $session) = check_cookie_auth(
$cookie, undef,
{ remote_addr => $remote_addr });
if ($status eq "ok") {
my $session = get_session($sessionID);
$user = Koha::Patrons->find( $session->param('number') )
unless $session->param('sessiontype')
and $session->param('sessiontype') eq 'anon';

4
admin/import_export_framework.pl

@ -27,9 +27,9 @@ use C4::ImportExportFramework qw( createODS ExportFramework ImportFramework );
my %cookies = CGI::Cookie->fetch();
my $authenticated = 0;
my ($auth_status, $sessionID);
my ($auth_status);
if (exists $cookies{'CGISESSID'}) {
($auth_status, $sessionID) = check_cookie_auth(
($auth_status, undef) = check_cookie_auth(
$cookies{'CGISESSID'}->value,
{ parameters => 'manage_marc_frameworks' },
);

2
authorities/merge_ajax.pl

@ -11,7 +11,7 @@ use C4::Auth qw( check_cookie_auth );
use C4::AuthoritiesMarc qw( GetTagsLabels );
my %cookies = CGI::Cookie->fetch;
my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { editcatalogue => 'edit_catalogue' });
my ($auth_status) = check_cookie_auth($cookies{'CGISESSID'}->value, { editcatalogue => 'edit_catalogue' });
my $reply = CGI->new;
if ($auth_status ne "ok") {
print $reply->header(-type => 'text/html');

2
authorities/ysearch.pl

@ -40,7 +40,7 @@ use Koha::SearchEngine::QueryBuilder;
my $query = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), { catalogue => 1 } );
my ( $auth_status) = check_cookie_auth( $query->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
# send empty response

2
cataloguing/merge_ajax.pl

@ -11,7 +11,7 @@ use C4::Biblio qw( GetMarcStructure );
use C4::Auth qw( check_cookie_auth );
my %cookies = CGI::Cookie->fetch;
my ( $auth_status, $sessionID ) = check_cookie_auth(
my ( $auth_status ) = check_cookie_auth(
$cookies{'CGISESSID'}->value, { editcatalogue => 'edit_catalogue' },
);
my $reply = CGI->new;

2
cataloguing/ysearch.pl

@ -42,7 +42,7 @@ die() unless ($table eq "biblioitems");
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { editcatalogue => '*' } );
my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { editcatalogue => '*' } );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
circ/ysearch.pl

@ -40,7 +40,7 @@ my $query = $input->param('term');
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '1' } );
my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '1' } );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
offline_circ/service.pl

@ -34,7 +34,7 @@ my $nocookie = $cgi->param('nocookie') || 0;
# get the status of the user, this will check his credentials and rights
my ($status, $cookie, $sessionId) = C4::Auth::check_api_auth($cgi, undef);
($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie);
($status) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie);
my $result;

2
opac/opac-patron-image.pl

@ -35,7 +35,7 @@ unless (C4::Context->preference('OPACpatronimages')) {
my $needed_flags;
my %cookies = CGI::Cookie->fetch;
my $sessid = $cookies{'CGISESSID'}->value;
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
my ($auth_status) = check_cookie_auth($sessid, $needed_flags);
my $borrowernumber = C4::Context->userenv->{'number'};
my $patron_image = Koha::Patron::Images->find($borrowernumber);

2
opac/opac-ratings-ajax.pl

@ -110,7 +110,7 @@ sub ajax_auth_cgi {
my %cookies = CGI::Cookie->fetch;
my $input = CGI->new;
my $sessid = $cookies{'CGISESSID'}->value || $input->param('CGISESSID');
my ( $auth_status, $auth_sessid ) =
my ( $auth_status ) =
check_cookie_auth( $sessid, $needed_flags );
return $input, $auth_status;
}

2
opac/opac-tags.pl

@ -69,7 +69,7 @@ sub ajax_auth_cgi { # returns CGI object
my %cookies = CGI::Cookie->fetch;
my $input = CGI->new;
my $sessid = $cookies{'CGISESSID'}->value;
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
my ($auth_status) = check_cookie_auth($sessid, $needed_flags);
if ($auth_status ne "ok") {
output_with_http_headers $input, undef,
"window.alert('Your CGI session cookie ($sessid) is not current. " .

2
opac/svc/checkout_notes

@ -43,7 +43,7 @@ svc/checkout_notes - Web service for setting patron notes on items
# AJAX requests
my $is_ajax = is_ajax();
my $query = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), {} );
my ( $auth_status ) = check_cookie_auth( $query->cookie('CGISESSID'), {} );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
opac/svc/club/cancel_enrollment

@ -28,7 +28,7 @@ use Koha::Club::Enrollments;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $cgi->cookie('CGISESSID') );
if ( $auth_status ne "ok" ) {
exit 0;

2
opac/svc/club/enroll

@ -30,7 +30,7 @@ use Koha::Clubs;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $cgi->cookie('CGISESSID') );
if ( $auth_status ne "ok" ) {
exit 0;

2
plugins/plugins-enable.pl

@ -27,7 +27,7 @@ die("Koha plugins are disabled!") unless C4::Context->config("enable_plugins");
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'), { plugins => 'manage' } );
my $class = $input->param('class');

2
serials/create-numberpattern.pl

@ -28,7 +28,7 @@ use C4::Auth qw( check_cookie_auth );
my $input = CGI->new;
my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
my ($auth_status) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
if ($auth_status ne "ok") {
print $input->header(-type => 'text/plain', -status => '403 Forbidden');
exit 0;

2
serials/subscription-frequency.pl

@ -26,7 +26,7 @@ use JSON qw( to_json );
my $input=CGI->new;
my $frqid=$input->param("frequency_id");
my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
my ($auth_status) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
if ($auth_status ne "ok") {
exit 0;
}

2
serials/subscription-numberpattern.pl

@ -25,7 +25,7 @@ use JSON qw( to_json );
my $input=CGI->new;
my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
my ($auth_status) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
if ($auth_status ne "ok") {
print $input->header(-type => 'text/plain', -status => '403 Forbidden');
exit 0;

2
svc/article_request

@ -28,7 +28,7 @@ use Koha::ArticleRequests;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $cgi->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } );
if ( $auth_status ne "ok" ) {
exit 0;

1
svc/authorised_values

@ -22,7 +22,6 @@ use Modern::Perl;
use JSON qw( to_json );
use CGI;
use C4::Service;
use C4::Auth qw( check_cookie_auth );
use Koha::AuthorisedValues;
=head1 NAME

2
svc/barcode

@ -91,7 +91,7 @@ below the scannable barcode.
my $input = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '*' } );
my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '*' } );
if ( $auth_status ne "ok" ) {
exit 0;

2
svc/cataloguing/automatic_linker.pl

@ -28,7 +28,7 @@ my $input = CGI->new;
print $input->header('application/json');
# Check the user's permissions
my ( $auth_status, $auth_sessid ) =
my ( $auth_status ) =
C4::Auth::check_cookie_auth( $input->cookie('CGISESSID'), { editauthorities => 1, editcatalogue => 1 } );
if ( $auth_status ne "ok" ) {
print to_json( { status => 'UNAUTHORIZED' } );

2
svc/checkin

@ -31,7 +31,7 @@ use Koha::Items;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'),
{ circulate => 'circulate_remaining_permissions' } );

2
svc/checkout_notes

@ -37,7 +37,7 @@ svc/checkout_notes - Web service for managing patron notes set on issues
# AJAX requests
my $is_ajax = is_ajax();
my $query = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), { circulate => 'manage_checkout_notes' } );
my ( $auth_status ) = check_cookie_auth( $query->cookie('CGISESSID'), { circulate => 'manage_checkout_notes' } );
if ( $auth_status ne "ok" ) {
exit 0;
}

5
svc/checkouts

@ -22,7 +22,7 @@ use Modern::Perl;
use CGI;
use JSON qw(to_json);
use C4::Auth qw(check_cookie_auth haspermission get_session);
use C4::Auth qw(check_cookie_auth haspermission);
use C4::Circulation qw(GetIssuingCharges CanBookBeRenewed GetRenewCount GetSoonestRenewDate);
use C4::Overdues qw(GetFine);
use C4::Context;
@ -33,10 +33,9 @@ use Koha::ItemTypes;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status, $session ) =
check_cookie_auth( $input->cookie('CGISESSID'));
my $session = get_session($sessionID);
my $userid = $session->param('id');
unless (haspermission($userid, { circulate => 'circulate_remaining_permissions' })

2
svc/club/cancel_enrollment

@ -29,7 +29,7 @@ use Koha::Club::Enrollments;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'enroll' } );
if ( $auth_status ne "ok" ) {
exit 0;

2
svc/club/delete

@ -28,7 +28,7 @@ use Koha::Clubs;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_clubs' } );
my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_clubs' } );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
svc/club/enroll

@ -30,7 +30,7 @@ use Koha::Clubs;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'enroll' } );
if ( $auth_status ne "ok" ) {
exit 0;

2
svc/club/template/delete

@ -29,7 +29,7 @@ use Koha::Club::Templates;
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_templates' } );
my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_templates' } );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
svc/cover_images

@ -27,7 +27,7 @@ use JSON qw/to_json/;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth(
$input->cookie('CGISESSID'),
{ tools => 'upload_local_cover_images' } );

2
svc/creator_batches

@ -39,7 +39,7 @@ svc/creator_batches - Web service for managing AJAX functionality for patroncard
# AJAX requests
my $is_ajax = is_ajax();
my $cgi = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { catalogue => 1 } );
my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { catalogue => 1 } );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
svc/hold/resume

@ -30,7 +30,7 @@ use Koha::Holds;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } );
if ( $auth_status ne "ok" ) {

2
svc/hold/suspend

@ -30,7 +30,7 @@ use Koha::Holds;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } );
if ( $auth_status ne "ok" ) {

2
svc/holds

@ -34,7 +34,7 @@ use Koha::Libraries;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'),
{ circulate => 'circulate_remaining_permissions' } );

2
svc/mana/increment

@ -31,7 +31,7 @@ my $input = CGI->new;
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'),
{ serials => 'create_subscription' } );

2
svc/mana/search

@ -22,7 +22,7 @@ use Modern::Perl;
use Koha::SharedContent;
use Koha::Subscription;
use C4::Auth qw(check_cookie_auth), qw(get_template_and_user);
use C4::Auth qw(get_template_and_user);
use C4::Output qw( output_html_with_http_headers );
use CGI;

2
svc/mana/share

@ -30,7 +30,7 @@ my $input = CGI->new;
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'),
{ serials => 'create_subscription' } );

2
svc/mana/use

@ -32,7 +32,7 @@ my $input = CGI->new;
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'),
{ serials => 'create_subscription' } );

2
svc/members/add_to_list

@ -26,7 +26,7 @@ use Koha::List::Patron qw( AddPatronList GetPatronLists AddPatronsToList );
my $input = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth(
my ( $auth_status ) = check_cookie_auth(
$input->cookie('CGISESSID'),
{ tools => 'manage_patron_lists' },
);

2
svc/problem_reports

@ -37,7 +37,7 @@ svc/problem_reports - Web service for managing OPAC problem reports
# AJAX requests
my $is_ajax = is_ajax();
my $query = CGI->new;
my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), { problem_reports => 1 } );
my ( $auth_status ) = check_cookie_auth( $query->cookie('CGISESSID'), { problem_reports => 1 } );
if ( $auth_status ne "ok" ) {
exit 0;
}

2
svc/renew

@ -31,7 +31,7 @@ use Koha::DateUtils qw(output_pref dt_from_string);
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'),
{ circulate => 'circulate_remaining_permissions' } );

5
svc/return_claims

@ -22,7 +22,7 @@ use Modern::Perl;
use CGI;
use JSON qw(to_json);
use C4::Auth qw(check_cookie_auth haspermission get_session);
use C4::Auth qw(check_cookie_auth haspermission);
use C4::Context;
use Koha::AuthorisedValues;
@ -31,10 +31,9 @@ use Koha::Patrons;
my $input = CGI->new;
my ( $auth_status, $sessionID ) =
my ( $auth_status, $session ) =
check_cookie_auth( $input->cookie('CGISESSID') );
my $session = get_session($sessionID);
my $userid = $session->param('id');
unless (

2
tags/review.pl

@ -44,7 +44,7 @@ sub ajax_auth_cgi { # returns CGI object
my %cookies = CGI::Cookie->fetch;
my $input = CGI->new;
my $sessid = $cookies{'CGISESSID'}->value;
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
my ($auth_status) = check_cookie_auth($sessid, $needed_flags);
if ($auth_status ne "ok") {
output_with_http_headers $input, undef,
"window.alert('Your CGI session cookie ($sessid) is not current. " .

3
tools/background-job-progress.pl

@ -30,7 +30,7 @@ use CGI::Cookie; # need to check cookies before
my $input = CGI->new;
my %cookies = CGI::Cookie->fetch;
my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' });
my ($auth_status, $session) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' });
if ($auth_status ne "ok") {
my $reply = CGI->new("");
print $reply->header(-type => 'text/html');
@ -38,6 +38,7 @@ if ($auth_status ne "ok") {
exit 0;
}
my $sessionID = $session->id;
my $jobID = $input->param('jobID');
my $job = C4::BackgroundJob->fetch($sessionID, $jobID);
my $reported_progress = 0;

2
tools/batch_records_ajax.pl

@ -54,7 +54,7 @@ $results_per_page = undef if $results_per_page && $results_per_page == -1;
binmode STDOUT, ":encoding(UTF-8)";
print $input->header( -type => 'text/plain', -charset => 'UTF-8' );
my ( $auth_status, $sessionID ) =
my ( $auth_status ) =
check_cookie_auth( $input->cookie('CGISESSID'), { tools => 'manage_staged_marc' } );
if ( $auth_status ne "ok" ) {
exit 0;

2
tools/upload-file.pl

@ -39,7 +39,7 @@ use Koha::Uploader;
my %cookies = CGI::Cookie->fetch;
my $sid = $cookies{'CGISESSID'}->value;
my ( $auth_status, $sessionID ) = check_cookie_auth( $sid );
my ( $auth_status ) = check_cookie_auth( $sid );
my $uid = C4::Auth::get_session($sid)->param('id');
my $allowed = Koha::Uploader->allows_add_by( $uid );

Loading…
Cancel
Save