From e486a1e28ea7a34aba382205775fceab80f9256b Mon Sep 17 00:00:00 2001 From: David Cook Date: Fri, 2 Aug 2024 01:37:40 +0000 Subject: [PATCH] Bug 37553: Use CSRF token for authenicated session for POSTing This change fixes the Koha::SVC to store the CSRF token for the authenticated session for further POSTing. Test plan: 0. Apply the patch 1. perl ./misc/migration_tools/koha-svc.pl \ http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml 2. perl ./misc/migration_tools/koha-svc.pl \ http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml 3. Note that the following appears in STDOUT and there is no 403 error: "update 29 from bib-29.xml" Signed-off-by: David Nind Signed-off-by: Marcel de Rooy Signed-off-by: Katrin Fischer (cherry picked from commit eabd792ee93ce4dd84b36f143ee2ccaa184ed147) Signed-off-by: Lucas Gass --- misc/migration_tools/koha-svc.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/misc/migration_tools/koha-svc.pl b/misc/migration_tools/koha-svc.pl index 125b79ab43..83c72a99be 100755 --- a/misc/migration_tools/koha-svc.pl +++ b/misc/migration_tools/koha-svc.pl @@ -107,7 +107,6 @@ sub new { my $get_resp = $ua->get("$url/authentication"); my $csrf_token = $get_resp->header('CSRF-TOKEN'); - $self->{csrf_token} = $csrf_token; my $resp = $ua->post( "$url/authentication", @@ -115,6 +114,10 @@ sub new { ); die $resp->status_line unless $resp->is_success; + #NOTE: A successful authentication means we have a new CGISESSID and a new CSRF Token + $csrf_token = $resp->header('CSRF-TOKEN'); + $self->{csrf_token} = $csrf_token; + warn "# $user $url = ", $resp->decoded_content, "\n" if $self->{debug}; $self->{ua} = $ua; -- 2.39.5