From 8ffbf4e88c6ed98ad697bb4a2b4d9d1456d2c84c Mon Sep 17 00:00:00 2001 From: Julian Maurice Date: Wed, 10 Aug 2011 11:41:06 +0200 Subject: [PATCH] Bug 6694: Problem with casAuthentication syspref A missing test in checkauth caused anonymous session to be destroyed and re-created at every call when this syspref was set. Almost the same issue is also fixed in check_api_auth, which caused C4::Service->init to fail. Signed-off-by: Alex Arnaud Signed-off-by: Paul Poulain --- C4/Auth.pm | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index bbe472bf8b..343994863b 100755 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -688,7 +688,8 @@ sub checkauth { $userid = $session->param('id'); $sessiontype = $session->param('sessiontype'); } - if ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) { + if ( ( ($query->param('koha_login_context')) && ($query->param('userid') ne $session->param('id')) ) + || ( $cas && $query->param('ticket') ) ) { #if a user enters an id ne to the id in the current session, we need to log them in... #first we need to clear the anonymous session... $debug and warn "query id = " . $query->param('userid') . " but session id = " . $session->param('id'); @@ -751,7 +752,7 @@ sub checkauth { C4::Context->_new_userenv($sessionID); $cookie = $query->cookie(CGISESSID => $sessionID); $userid = $query->param('userid'); - if ($cas || $userid) { + if (($cas && $query->param('ticket')) || $userid) { my $password = $query->param('password'); my ($return, $cardnumber); if ($cas && $query->param('ticket')) { @@ -1117,7 +1118,7 @@ sub check_api_auth { unless ($query->param('userid')) { $sessionID = $query->cookie("CGISESSID"); } - if ($sessionID && not $cas) { + if ($sessionID && not ($cas && $query->param('PT')) ) { my $session = get_session($sessionID); C4::Context->_new_userenv($sessionID); if ($session) { -- 2.39.5