From 60e5a8a2aba887371966c593ffab44c6a4ac5d94 Mon Sep 17 00:00:00 2001 From: Alex Arnaud Date: Tue, 5 Dec 2017 10:43:05 +0000 Subject: [PATCH] Bug 19752: offline_circ/service.pl - Return HTTP status 401 when authentication failed and add option nocookie Test plan: - Apply this patch, - log in to Koha, - go to cgi-bin/koha/offline_circ/service.pl with no valid user and password as parameters and nocookie set to 1. i.e: cgi-bin/koha/offline_circ/service.pl?userid=alex&password=wrongpass&nocookie=1, - auth should fail - check that the response code is 401 Signed-off-by: Maksim Sen Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart --- offline_circ/service.pl | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/offline_circ/service.pl b/offline_circ/service.pl index b36162f98e..bbae44bb74 100755 --- a/offline_circ/service.pl +++ b/offline_circ/service.pl @@ -28,9 +28,13 @@ use DateTime::TimeZone; my $cgi = CGI->new; +# used by the KOCT firefox extension +# (or any third-party that doesn't want to rely on cookies for authentication) +my $nocookie = $cgi->param('nocookie') || 0; + # get the status of the user, this will check his credentials and rights my ($status, $cookie, $sessionId) = C4::Auth::check_api_auth($cgi, undef); -($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok'); +($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie); my $result; @@ -76,9 +80,11 @@ if ($status eq 'ok') { # if authentication is ok } ); } -} else { - $result = "Authentication failed." + + print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8'); + print $result; + exit; } -print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8'); +print CGI::header('-type'=>'text/plain', '-charset'=>'utf-8', '-status' => '401 Unauthorized'); print $result; -- 2.39.5