Bug 37543: Use CSRF tokens in connexion_import_daemon.pl
Since version 24.05, due to the changes mentioned at
https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#Changes_coming_in_Koha_24.05 ,
the `connexion_import_daemon.pl` stopped working. The reason for this is that
it did not use CSRF tokens.
To test:
1. Get a Koha instance on 24.05, before applying the patch.
2. Create a plain text file somewhere on the server containing a raw MARC
record (not XML). Let's call it `marc.txt`.
3. On the server, create a config file like this:
```
host: 0.0.0.0
port: 5500
koha: http://localhost:82 # Where 82 is the port of the Koha staff interface.
user: foo # A Koha staff user.
password: Fooo1234 # The Koha staff user's password.
import_mode: stage
```
4. Run `./connexion_import_daemon.pl --config the-config-file-path`
5. In another terminal on the same server (or from anywhere that can reach the
port opened by the `connexion_import_daemon.pl` script,
run `nc localhost 5500 < marc.txt`
6. Observe in the stderr of the daemon script: `Response: Unsuccessful request`
7. Stop the daemon script.
8. Apply the patch and repeat steps 4 and 5.
9. Observe in the stderr of the daemon script:
`Response: Success. Batch number ... - biblio record number HASH(...) added to Koha`
10. Check at /cgi-bin/koha/tools/manage-marc-import.pl for a batch named
`(webservice)`. It should contain one record now. This is how we know that
authentication between the daemon and Koha worked, which is what this
patch tries to address.
Thanks-to: David Cook <dcook@prosentient.com.au> Sponsored-by: Reformational Study Centre <www.refstudycentre.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
projects / koha.git / commit