Bug 19752: offline_circ/service.pl - Return HTTP status 401 when authentication failed and add option nocookie
Test plan: - Apply this patch, - log in to Koha, - go to cgi-bin/koha/offline_circ/service.pl with no valid user and password as parameters and nocookie set to 1. i.e: cgi-bin/koha/offline_circ/service.pl?userid=alex&password=wrongpass&nocookie=1, - auth should fail - check that the response code is 401 Signed-off-by: Maksim Sen <maksim.sen@inlibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Alex Arnaud
parent
90fd45d0f2
commit
60e5a8a2ab
1 changed files with 10 additions and 4 deletions
|
|
@ -28,9 +28,13 @@ use DateTime::TimeZone;
|
|||
|
||||
my $cgi = CGI->new;
|
||||
|
||||
# used by the KOCT firefox extension
|
||||
# (or any third-party that doesn't want to rely on cookies for authentication)
|
||||
my $nocookie = $cgi->param('nocookie') || 0;
|
||||
|
||||
# get the status of the user, this will check his credentials and rights
|
||||
my ($status, $cookie, $sessionId) = C4::Auth::check_api_auth($cgi, undef);
|
||||
($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok');
|
||||
($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie);
|
||||
|
||||
my $result;
|
||||
|
||||
|
|
@ -76,9 +80,11 @@ if ($status eq 'ok') { # if authentication is ok
|
|||
}
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$result = "Authentication failed."
|
||||
|
||||
print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8');
|
||||
print $result;
|
||||
exit;
|
||||
}
|
||||
|
||||
print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8');
|
||||
print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8', '-status' => '401 Unauthorized');
|
||||
print $result;
|
||||
|
|
|
|||
Loading…
Reference in a new issue