[Koha-bugs] [Bug 28592] New: ISE after paying through opac payment plugin

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Jun 18 13:32:10 CEST 2021 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28592

            Bug ID: 28592
           Summary: ISE after paying through opac payment plugin
 Change sponsored?: ---
           Product: Koha
           Version: 20.11
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: OPAC
          Assignee: oleonard at myacpl.org
          Reporter: magnus at libriotech.no
        QA Contact: testopia at bugs.koha-community.org

After upgrading to 20.11.06, we have a problem with using the
koha-plugin-dibs-payments plugin for online payments:
https://github.com/Libriotech/koha-plugin-dibs-payments

After authenticating with the remote service the user is redirected back to
<opac>/cgi-bin/koha/opac-account-pay-return.pl However, this page presents a
login form, and the user is forced to log in. It looks like this happens
because the value of the CGISESSID cookie is changed somewhere along the way.
Or does it change because the login screen is presented? Not sure of what is
cause and what is effect here. 

After logging in, the user is redirected (with a 303 status) to the same URL,
but this time all the parameters that were POSTed the first time around are now
included in the URL as one kind of weird GET parameter (note the semicolons
between parameters):

?orderid=123;payment_method=Koha%3A%3APlugin%3A%3ACom%3A%3ABibLibre%3A%3ADIBSPayments;transact=123;authkey=abc
etc

The payment is recorded in the accountlines table, but
koha_plugin_com_biblibre_dibspayments_dibs_transactions.accountline_id is left
empty. 

As far as I can tell, checkauth is only used in two places in the opac,
opac-account-pay-return.pl and opac-ratings.pl: 

$ sudo grep -rn "checkauth" /usr/share/koha/opac/cgi-bin/opac/opac-*
/usr/share/koha/opac/cgi-bin/opac/opac-account-pay-return.pl:29:my ( $userid,
$cookie, $sessionID, $flags ) = checkauth( $cgi, 0, {}, 'opac' );
/usr/share/koha/opac/cgi-bin/opac/opac-messaging.pl:24:use C4::Auth;    #
checkauth, getborrowernumber.
/usr/share/koha/opac/cgi-bin/opac/opac-passwd.pl:25:use C4::Auth;    #
checkauth, getborrowernumber.
/usr/share/koha/opac/cgi-bin/opac/opac-privacy.pl:22:use C4::Auth;    #
checkauth, getborrowernumber.
/usr/share/koha/opac/cgi-bin/opac/opac-ratings.pl:40:my ($userid, $cookie,
$sessionID) = checkauth( $query, 0, {}, 'opac' );
/usr/share/koha/opac/cgi-bin/opac/opac-reserve.pl:24:use C4::Auth;    #
checkauth, getborrowernumber.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list