From ba57d68519a66c4f3c09206e4ff382308cffb292 Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Tue, 25 Jan 2022 12:21:42 +0000
Subject: [PATCH] Bug 29931: (follow-up) Fix svc/checkouts and return_claims
 too

Adding the same auth_status check here too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
---
 svc/checkouts     | 7 +++++--
 svc/return_claims | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/svc/checkouts b/svc/checkouts
index 98959d1edf..07e95c301a 100755
--- a/svc/checkouts
+++ b/svc/checkouts
@@ -34,8 +34,11 @@ use Koha::ItemTypes;
 
 my $input = CGI->new;
 
-my ( $auth_status, $session ) =
-  check_cookie_auth( $input->cookie('CGISESSID'));
+my ( $auth_status, $session ) = check_cookie_auth( $input->cookie('CGISESSID'));
+if( $auth_status ne 'ok' ) {
+    print CGI::header( '-status' => '401' );
+    exit 0;
+}
 
 my $userid   = $session->param('id');
 
diff --git a/svc/return_claims b/svc/return_claims
index 5ac7d49e79..726b756f83 100755
--- a/svc/return_claims
+++ b/svc/return_claims
@@ -31,8 +31,11 @@ use Koha::Patrons;
 
 my $input = CGI->new;
 
-my ( $auth_status, $session ) =
-  check_cookie_auth( $input->cookie('CGISESSID') );
+my ( $auth_status, $session ) = check_cookie_auth( $input->cookie('CGISESSID') );
+if( $auth_status ne 'ok' ) {
+    print CGI::header( '-status' => '401' );
+    exit 0;
+}
 
 my $userid  = $session->param('id');
 
-- 
2.39.2