From 62f87022067efc6929ff9dd6cc40c685098455ec Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Thu, 17 Mar 2022 09:21:46 +0000 Subject: [PATCH] Bug 29957: Let check_api_auth return created cookie The cookie created on L1496 is useless, since it is not returned. We could either remove the cookie creation (unchanged behavior). But since check_api_auth is expected to return a cookie when it is ok, I opt for returning the cookie here (corrected behavior). Test plan: Logout in staff. Check on staff: /cgi-bin/koha/svc/localization?id=1 You should have a 400 response. Login with staff credentials (incl. manage_itemtypes) Revisit same URL. You should see a JSON response. Check if you can hit other staff pages. Signed-off-by: Marcel de Rooy Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize Signed-off-by: Fridolin Somers --- C4/Auth.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 561c376bb4..ba28d58cd2 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1501,7 +1501,7 @@ sub check_api_auth { -HttpOnly => 1, -secure => ( C4::Context->https_enabled() ? 1 : 0 ), ); - return ( $return, undef, $session ); + return ( $return, $cookie, $session ); # return == 'ok' here } else { -- 2.39.5