From d75f1df99d32ab615365ffb87b975d9a53c219f7 Mon Sep 17 00:00:00 2001
From: David Cook <dcook@prosentient.com.au>
Date: Thu, 15 Feb 2024 03:06:00 +0000
Subject: [PATCH] Bug 34478: Manual fix - Make Koha::Token use session id not
 userenv id

Bug 34478: [TO SQUASH] Manual fix - Make Koha::Token use session id not userenv id

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 Koha/Token.pm | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/Koha/Token.pm b/Koha/Token.pm
index c4d23aeada..2c0817a26d 100644
--- a/Koha/Token.pm
+++ b/Koha/Token.pm
@@ -57,6 +57,8 @@ use Digest::MD5 qw( md5_base64 );
 use Encode;
 use C4::Context;
 use Koha::Exceptions::Token;
+use Koha::Session;
+
 use base qw(Class::Accessor);
 use constant HMAC_SHA1_LENGTH => 20;
 use constant CSRF_EXPIRY_HOURS => 8; # 8 hours instead of 7 days..
@@ -215,11 +217,17 @@ sub decode_jwt {
 sub _add_default_csrf_params {
     my ( $params ) = @_;
     $params->{session_id} //= DEFA_SESSION_ID;
-    my $userenv = C4::Context->userenv;
-    if ( ( !$userenv ) || !$userenv->{id} ) {
-        $userenv = { id => DEFA_SESSION_USERID };
+
+    my $id;
+    my $session = Koha::Session->get_session( { sessionID => $params->{session_id} } );
+    if ($session) {
+        $id = $session->param('id');
     }
-    $params->{id} //= Encode::encode( 'UTF-8', $userenv->{id} );
+    if ( !$id ) {
+        $id = DEFA_SESSION_USERID;
+    }
+
+    $params->{id} //= Encode::encode( 'UTF-8', $id );
     $params->{id} .= '_' . $params->{session_id};
 
     my $pw = C4::Context->config('pass');
-- 
2.39.2