From 6fc8ea422a2cb6a1f2a8c3b7a54112037fe863bf Mon Sep 17 00:00:00 2001 From: David Cook Date: Fri, 11 Aug 2023 03:03:01 +0000 Subject: [PATCH] Bug 34513: Set auth state correctly when changing auth sessions This patch sets the $auth_state to failed when changing auth sessions, so that the new login attempt gets processed correctly (instead of skipping the authorization step). Test plan: 0. Apply the patch 1. koha-plack --reload kohadev 2. Go to http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl 3. Log in as an OPAC user with 0 permissions 4. Note the auth screen "Error: You do not have permission to access this page" 5. Click "Log in" 6. Note that you're still shown a login screen (and that you've been logged out of your previous authenticated session) Signed-off-by: Nick Clemens Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 16da12cbbc200d9ef07a87ee7f9bdf8e61ae06f3) Signed-off-by: Fridolin Somers --- C4/Auth.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 9b298eed87..cf1bfdd509 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -918,6 +918,7 @@ sub checkauth { C4::Context::_unset_userenv($sessionID); $sessionID = undef; undef $userid; # IMPORTANT: this assures us a new session in code below + $auth_state = 'failed'; } elsif (!$logout) { $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie( -- 2.39.5