Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 36219: Re-add missing state param for Oauth/OIDC client

Browse source 
This change restores the csrf token added as the state param for
the OAuth/OIDC client.

Test plan:
0. Apply the patch and restart Starman
1. Test the SSO using the wiki guide

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
David Cook 2024-03-04 03:57:27 +00:00 committed by Jonathan Druart
parent 190ab37812
commit c12cb8e3c5
Signed by: jonathan.druart
GPG key ID: A085E712BEF0E0F0
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Koha/REST/V1/OAuth/Client.pm
View file

@ -94,6 +94,10 @@ sub login {
return $c->redirect_to( $uri . "?auth_error=$error" );
}
}
else {
# initial request, generate CSRF token
$state = Koha::Token->new->generate_csrf( { session_id => $c->req->cookie('CGISESSID')->value } );
}
return $c->oauth2->get_token_p( $provider => { ( !$is_callback ? ( state => $state ) : () ), redirect_uri => $redirect_url . $provider . "/" . $interface } )->then(
sub {