From c9375e746b3f57e8c1101fce32d48138dc9c030b Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 28 Feb 2024 13:15:14 +0100 Subject: [PATCH] Bug 34478: (follow-up) Manual fix - Make Koha::Token use session id not userenv id See comment 174. Signed-off-by: Jonathan Druart --- t/Token.t | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/t/Token.t b/t/Token.t index d34089a908..355282c6ed 100755 --- a/t/Token.t +++ b/t/Token.t @@ -20,7 +20,7 @@ # along with Koha; if not, see . use Modern::Perl; -use Test::More tests => 13; +use Test::More tests => 12; use Test::Exception; use Time::HiRes qw|usleep|; @@ -62,20 +62,6 @@ $result = $tokenizer->check_csrf({ }); isnt( $result, 1, "CSRF token expired after one second" ); -subtest 'Same id (cookie CGISESSID) with an other logged in user' => sub { - plan tests => 2; - $csrftoken = $tokenizer->generate_csrf({ session_id => $id }); - $result = $tokenizer->check_csrf({ - session_id => $id, token => $csrftoken, - }); - is( $result, 1, "CSRF token verified" ); - C4::Context->set_userenv(0,43,0,'firstname','surname', 'CPL', 'Library 1', 0, ''); - $result = $tokenizer->check_csrf({ - session_id => $id, token => $csrftoken, - }); - is( $result, '', "CSRF token is not verified if another logged in user is using the same id" ); -}; - subtest 'Same logged in user with another session (cookie CGISESSID)' => sub { plan tests => 2; C4::Context->set_userenv(0,42,0,'firstname','surname', 'CPL', 'Library 1', 0, ''); @@ -125,7 +111,7 @@ subtest 'testing _add_default_csrf_params with/without userenv (bug 27849)' => s # Current userenv: userid == 42 my $result = Koha::Token::_add_default_csrf_params({ session_id => '567' }); is( $result->{session_id}, 567, 'Check session id' ); - is( $result->{id}, '42_567', 'Check userid' ); + is( $result->{id}, 'anonymous_567', 'Check userid' ); # Clear userenv C4::Context::_unset_userenv('DUMMY SESSION'); -- 2.39.2