Koha/misc at 0e9ea3c9f5570addf666f2e0b103c09a85d89a72 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Rudolf Byker 0e9ea3c9f5 Bug 37543: Use CSRF tokens in connexion_import_daemon.pl Since version 24.05, due to the changes mentioned at https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#Changes_coming_in_Koha_24.05 , the `connexion_import_daemon.pl` stopped working. The reason for this is that it did not use CSRF tokens. To test: 1. Get a Koha instance on 24.05, before applying the patch. 2. Create a plain text file somewhere on the server containing a raw MARC record (not XML). Let's call it `marc.txt`. 3. On the server, create a config file like this: ``` host: 0.0.0.0 port: 5500 koha: http://localhost:82 # Where 82 is the port of the Koha staff interface. user: foo # A Koha staff user. password: Fooo1234 # The Koha staff user's password. import_mode: stage ``` 4. Run `./connexion_import_daemon.pl --config the-config-file-path` 5. In another terminal on the same server (or from anywhere that can reach the port opened by the `connexion_import_daemon.pl` script, run `nc localhost 5500 < marc.txt` 6. Observe in the stderr of the daemon script: `Response: Unsuccessful request` 7. Stop the daemon script. 8. Apply the patch and repeat steps 4 and 5. 9. Observe in the stderr of the daemon script: `Response: Success. Batch number ... - biblio record number HASH(...) added to Koha` 10. Check at /cgi-bin/koha/tools/manage-marc-import.pl for a batch named `(webservice)`. It should contain one record now. This is how we know that authentication between the daemon and Koha worked, which is what this patch tries to address. Thanks-to: David Cook <dcook@prosentient.com.au> Sponsored-by: Reformational Study Centre <www.refstudycentre.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>		2024-08-16 17:33:42 +02:00
..
admin
bin	Bug 37543: Use CSRF tokens in connexion_import_daemon.pl	2024-08-16 17:33:42 +02:00
cronjobs	Bug 37613: (Follow-up) Change the option and documentation to match terminology guidelines	2024-08-12 14:01:07 +02:00
devel
interface_customization
maintenance	Bug 37181: Add --confirm option to pseudonymize_statistics.pl	2024-06-27 14:04:54 +02:00
migration_tools	Bug 37553: Tidy to make QA tools happy	2024-08-02 18:59:59 +02:00
release_notes	24.05.00: Add release notes	2024-05-27 18:26:45 +02:00
search_tools
translator	Bug 37303: Replace po2json with a JS version	2024-07-26 14:49:53 +01:00
workers	Bug 36901: Add logging for uncaught exceptions in background job classes	2024-07-01 18:55:54 +02:00
add_date_fields_to_marc_records.pl
add_statistics_borrowers_categorycode.pl
batchCompareMARCvsFrameworks.pl
batchdeletebiblios.pl
batchDeleteUnusedSubfields.pl
batchImportMARCWithBiblionumbers.pl
batchRebuildBiblioTables.pl
batchRebuildItemsTables.pl
batchRepairMissingBiblionumbers.pl
check_sysprefs.pl
commit_file.pl
export_borrowers.pl
export_records.pl	Bug 36770: (QA follow-up) Tidy export_records.pl	2024-08-09 18:44:54 +02:00
exportauth.pl
import_patrons.pl
koha-install-log
link_bibs_to_authorities.pl
load_yaml.pl
mod_zebraqueue.pl
process_ill_updates.pl
recreateIssueStatistics.pl
sax_parser_print.pl
sax_parser_test.pl
sip_cli_emulator.pl
stage_file.pl
z3950_responder.pl