From 477da3c192ac65581a5e1f810789ced86cce5146 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 2 Sep 2015 17:13:41 +0100 Subject: [PATCH] Bug 10799: Limit the SCO user to the SCO module MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The SCO user should only be allowed to access to the SCO module. This patch make the session ends if the user tries to access another page after the SCO module. Test plan: 0/ Configure the SCO module correctly 1/ Go on the sco main page (sco/sco-main.pl) 2/ Try to go somewhere else: you should not be logged in Signed-off-by: Marc Véron Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 02feeca14f4c27a05f46920545734c3a9e5455d7) Signed-off-by: Frédéric Demians (cherry picked from commit 7853b503ab8aadd98d5908768dd4252208850b04) Signed-off-by: Liz Rea --- C4/Auth.pm | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 5ea4771d28..ef68244cf8 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -177,6 +177,29 @@ sub get_template_and_user { ); } + + # If the user logged in is the SCO user and he tries to go out the SCO module, log the user out removing the CGISESSID cookie + if ( $in->{type} eq 'opac' and $in->{template_name} !~ m|sco/| ) { + if ( C4::Context->preference('AutoSelfCheckID') && $user eq C4::Context->preference('AutoSelfCheckID') ) { + $template = C4::Templates::gettemplate( 'opac-auth.tt', 'opac', $in->{query} ); + my $cookie = $in->{query}->cookie( + -name => 'CGISESSID', + -value => '', + -expires => '', + -HttpOnly => 1, + ); + + $template->param( loginprompt => 1 ); + print $in->{query}->header( + -type => 'text/html', + -charset => 'utf-8', + -cookie => $cookie, + ), + $template->output; + safe_exit; + } + } + my $borrowernumber; if ($user) { require C4::Members; -- 2.39.5