From fabbd8f940f34f87e4c31b4bf648aeb476371071 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 15 Feb 2024 14:04:46 +0100 Subject: [PATCH] Bug 36102: Use Koha::Session from C4::InstallAuth Signed-off-by: Jonathan Druart --- C4/InstallAuth.pm | 26 ++++++++++++++----- .../prog/en/modules/installer/auth.tt | 1 + 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/C4/InstallAuth.pm b/C4/InstallAuth.pm index 56dd8e3260..9a92b3837e 100644 --- a/C4/InstallAuth.pm +++ b/C4/InstallAuth.pm @@ -27,6 +27,8 @@ use C4::Context; use C4::Output qw( output_html_with_http_headers ); use C4::Templates; +use Koha::Session; + our (@ISA, @EXPORT_OK); BEGIN { @ISA = qw(Exporter); @@ -117,6 +119,17 @@ sub get_template_and_user { $in->{'type'} ); + my $session = Koha::Session->get_session( { sessionID => $sessionID, storage_method => 'file' } ); + + # We have just logged in + # If we are not coming from the login form we empty the credential to reject the access + if ( !$session && $user ) { + if ( $in->{query}->param('op') ne 'cud-login' ) { + $in->{query}->param('userid', ''); + $in->{query}->param('password', ''); + } + } + # use Data::Dumper;warn "utilisateur $user cookie : ".Dumper($cookie); my $borrowernumber; @@ -233,7 +246,6 @@ sub checkauth { my $dbh = C4::Context->dbh(); my $template_name; $template_name = "installer/auth.tt"; - my $sessdir = File::Spec->catdir( C4::Context::temporary_directory, 'cgisess_' . C4::Context->config('database') ); # same construction as in C4/Auth # state variables my $loggedin = 0; @@ -242,9 +254,7 @@ sub checkauth { my $logout = $query->param('logout.x'); if ( $sessionID = $query->cookie("CGISESSID") ) { C4::Context->_new_userenv($sessionID); - my $session = - CGI::Session->new( "driver:File", $sessionID, - { Directory => $sessdir } ); + my $session = Koha::Session->get_session( { sessionID => $sessionID, storage_method => 'file' } ); if ( $session->param('cardnumber') ) { C4::Context->set_userenv( $session->param('number'), @@ -283,8 +293,7 @@ sub checkauth { } } unless ($userid) { - my $session = - CGI::Session->new( "driver:File", undef, { Directory => $sessdir } ); + my $session = Koha::Session->get_session( { sessionID => $sessionID, storage_method => 'file' } ); $sessionID = $session->id; $userid = $query->param('userid'); C4::Context->_new_userenv($sessionID); @@ -388,7 +397,10 @@ sub checkauth { $template->param( 'invalid_username_or_password' => $info{'invalid_username_or_password'}); } - $template->param( \%info ); + $template->param( + %info, + sessionID => $sessionID, + ); $cookie = $query->cookie( -name => 'CGISESSID', -value => $sessionID, diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/installer/auth.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/installer/auth.tt index 6a30ec6d81..d99550848b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/installer/auth.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/installer/auth.tt @@ -53,6 +53,7 @@
[% INCLUDE 'csrf-token.inc' %] + [% FOREACH INPUT IN INPUTS %] [% END %] -- 2.39.5