From c12cb8e3c598abd916cd110c5a205fe57e4202a7 Mon Sep 17 00:00:00 2001 From: David Cook Date: Mon, 4 Mar 2024 03:57:27 +0000 Subject: [PATCH] Bug 36219: Re-add missing state param for Oauth/OIDC client This change restores the csrf token added as the state param for the OAuth/OIDC client. Test plan: 0. Apply the patch and restart Starman 1. Test the SSO using the wiki guide Signed-off-by: Jonathan Druart Signed-off-by: Jonathan Druart --- Koha/REST/V1/OAuth/Client.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Koha/REST/V1/OAuth/Client.pm b/Koha/REST/V1/OAuth/Client.pm index 6883ea9a6c..ad15a87967 100644 --- a/Koha/REST/V1/OAuth/Client.pm +++ b/Koha/REST/V1/OAuth/Client.pm @@ -94,6 +94,10 @@ sub login { return $c->redirect_to( $uri . "?auth_error=$error" ); } } + else { + # initial request, generate CSRF token + $state = Koha::Token->new->generate_csrf( { session_id => $c->req->cookie('CGISESSID')->value } ); + } return $c->oauth2->get_token_p( $provider => { ( !$is_callback ? ( state => $state ) : () ), redirect_uri => $redirect_url . $provider . "/" . $interface } )->then( sub {