git.koha-community.org Git - koha.git/commit

author	Agustin Moyano <agustinmoyano@theke.io>
	Fri, 11 Nov 2022 22:22:23 +0000 (22:22 +0000)
committer	Tomas Cohen Arazi <tomascohen@theke.io>
	Tue, 15 Nov 2022 21:43:45 +0000 (18:43 -0300)
commit	ca57674700d020b539f5da2b05fc31df8a6a6652
tree	f679234b4abfe8b88fb4c65628eb1d384ca81e05	tree \| snapshot
parent	7a413f8015c2cc6b5cf8c13788b9a5dab689a81b	commit \| diff

Bug 32178: Remove security breach introduced in bug 31378

This patch removes a security breach in C4::Auth::check_api_auth introduced by bug 31378, where when someone called an api with the parameters userid and auth_client_login, check_api_auth would automatically asume the user calling was that userid.

This patch also introduces C4::Auth::create_basic_session(), a function that creates a session and adds the minimum basic parameters.

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

C4/Auth.pm		diff \| blob \| history
Koha/REST/Plugin/Auth/IdP.pm		diff \| blob \| history
Koha/REST/V1/OAuth/Client.pm		diff \| blob \| history
t/db_dependent/Auth.t		diff \| blob \| history