From 16da12cbbc200d9ef07a87ee7f9bdf8e61ae06f3 Mon Sep 17 00:00:00 2001
From: David Cook <dcook@prosentient.com.au>
Date: Fri, 11 Aug 2023 03:03:01 +0000
Subject: [PATCH] Bug 34513: Set auth state correctly when changing auth
 sessions

This patch sets the $auth_state to failed when changing auth sessions,
so that the new login attempt gets processed correctly (instead
of skipping the authorization step).

Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to
http://localhost:8081/cgi-bin/koha/admin/preferences.pl?tab=&op=search&searchfield=baseurl
3. Log in as an OPAC user with 0 permissions
4. Note the auth screen "Error: You do not have permission to access this page"
5. Click "Log in"
6. Note that you're still shown a login screen (and that you've been logged out of
your previous authenticated session)

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
---
 C4/Auth.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index c25cf61876..cdc4ba8012 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -918,6 +918,7 @@ sub checkauth {
                 C4::Context::_unset_userenv($sessionID);
                 $sessionID = undef;
                 undef $userid; # IMPORTANT: this assures us a new session in code below
+                $auth_state = 'failed';
             } elsif (!$logout) {
 
                 $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
-- 
2.39.2