]> git.koha-community.org Git - koha.git/commit
Bug 32178: Remove security breach introduced in bug 31378
authorAgustin Moyano <agustinmoyano@theke.io>
Fri, 11 Nov 2022 22:22:23 +0000 (22:22 +0000)
committerTomas Cohen Arazi <tomascohen@theke.io>
Tue, 15 Nov 2022 21:43:45 +0000 (18:43 -0300)
commitca57674700d020b539f5da2b05fc31df8a6a6652
treef679234b4abfe8b88fb4c65628eb1d384ca81e05
parent7a413f8015c2cc6b5cf8c13788b9a5dab689a81b
Bug 32178: Remove security breach introduced in bug 31378

This patch removes a security breach in C4::Auth::check_api_auth introduced by bug 31378, where when someone called an api with the parameters userid and auth_client_login, check_api_auth would automatically asume the user calling was that userid.

This patch also introduces C4::Auth::create_basic_session(), a function that creates a session and adds the minimum basic parameters.

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
C4/Auth.pm
Koha/REST/Plugin/Auth/IdP.pm
Koha/REST/V1/OAuth/Client.pm
t/db_dependent/Auth.t