From 88797c54b0932fe5e516ac2f4438d6342ab22632 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 14 Feb 2024 14:54:55 +0100 Subject: [PATCH] Bug 36102: Add cud-login to the login form TODO This needs to be covered by tests. Signed-off-by: Jonathan Druart --- C4/Auth.pm | 20 ++++++++++++------- .../intranet-tmpl/prog/en/modules/auth.tt | 1 + .../bootstrap/en/includes/masthead.inc | 1 + .../bootstrap/en/modules/opac-main.tt | 1 + 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 2f90868b9e..879a7c8131 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -194,6 +194,16 @@ sub get_template_and_user { { skip_csrf_check => 1 }, ); } + my $session = get_session($sessionID); + + # We have just logged in + # If we are not coming from the login form we empty the credential to reject the access + if ( !$session && $user ) { + if ( $in->{query}->param('op') ne 'cud-login' ) { + $in->{query}->param('userid', ''); + $in->{query}->param('password', ''); + } + } # If we enforce GDPR and the user did not consent, redirect # Exceptions for consent page itself and SCI/SCO system @@ -214,11 +224,8 @@ sub get_template_and_user { if ( $in->{type} eq 'opac' && $user ) { my $is_sco_user; - if ($sessionID){ - my $session = get_session($sessionID); - if ($session){ - $is_sco_user = $session->param('sco_user'); - } + if ($session){ + $is_sco_user = $session->param('sco_user'); } my $kick_out; @@ -538,8 +545,7 @@ sub get_template_and_user { or $pagename =~ /^addbybiblionumber$/ or $pagename =~ /^review$/ ) { - my $sessionSearch = get_session( $sessionID ); - $sessionSearch->clear( ["busc"] ) if $sessionSearch; + $session->clear( ["busc"] ) if $session; } } diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt index b65f2bd0ee..1d72bbda88 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt @@ -124,6 +124,7 @@
[% INCLUDE 'csrf-token.inc' %] + [% FOREACH INPUT IN INPUTS %] [% NEXT IF INPUT.name == "koha_login_context" %] diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc index 2a1e4f1a71..3ee5421e32 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc +++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc @@ -434,6 +434,7 @@
+
diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt index 5452c660ae..186426d49d 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt @@ -203,6 +203,7 @@
+
-- 2.39.5