[Koha-bugs] [Bug 28592] New: ISE after paying through opac payment plugin
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jun 18 13:32:10 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28592
Bug ID: 28592
Summary: ISE after paying through opac payment plugin
Change sponsored?: ---
Product: Koha
Version: 20.11
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: OPAC
Assignee: oleonard at myacpl.org
Reporter: magnus at libriotech.no
QA Contact: testopia at bugs.koha-community.org
After upgrading to 20.11.06, we have a problem with using the
koha-plugin-dibs-payments plugin for online payments:
https://github.com/Libriotech/koha-plugin-dibs-payments
After authenticating with the remote service the user is redirected back to
<opac>/cgi-bin/koha/opac-account-pay-return.pl However, this page presents a
login form, and the user is forced to log in. It looks like this happens
because the value of the CGISESSID cookie is changed somewhere along the way.
Or does it change because the login screen is presented? Not sure of what is
cause and what is effect here.
After logging in, the user is redirected (with a 303 status) to the same URL,
but this time all the parameters that were POSTed the first time around are now
included in the URL as one kind of weird GET parameter (note the semicolons
between parameters):
?orderid=123;payment_method=Koha%3A%3APlugin%3A%3ACom%3A%3ABibLibre%3A%3ADIBSPayments;transact=123;authkey=abc
etc
The payment is recorded in the accountlines table, but
koha_plugin_com_biblibre_dibspayments_dibs_transactions.accountline_id is left
empty.
As far as I can tell, checkauth is only used in two places in the opac,
opac-account-pay-return.pl and opac-ratings.pl:
$ sudo grep -rn "checkauth" /usr/share/koha/opac/cgi-bin/opac/opac-*
/usr/share/koha/opac/cgi-bin/opac/opac-account-pay-return.pl:29:my ( $userid,
$cookie, $sessionID, $flags ) = checkauth( $cgi, 0, {}, 'opac' );
/usr/share/koha/opac/cgi-bin/opac/opac-messaging.pl:24:use C4::Auth; #
checkauth, getborrowernumber.
/usr/share/koha/opac/cgi-bin/opac/opac-passwd.pl:25:use C4::Auth; #
checkauth, getborrowernumber.
/usr/share/koha/opac/cgi-bin/opac/opac-privacy.pl:22:use C4::Auth; #
checkauth, getborrowernumber.
/usr/share/koha/opac/cgi-bin/opac/opac-ratings.pl:40:my ($userid, $cookie,
$sessionID) = checkauth( $query, 0, {}, 'opac' );
/usr/share/koha/opac/cgi-bin/opac/opac-reserve.pl:24:use C4::Auth; #
checkauth, getborrowernumber.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list