[Koha-bugs] [Bug 29264] New: SIP config allows use of non-branchcode institution ids causes workers to die without responding

Mon Oct 18 14:28:00 CEST 2021

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29264

            Bug ID: 29264
           Summary: SIP config allows use of non-branchcode institution
                    ids causes workers to die without responding
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: SIP2
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: kyle at bywatersolutions.com
        QA Contact: testopia at bugs.koha-community.org

If is entirely possible to create an SIP institution whose ID does not match a
valid branchcode in Koha's SIP config. In fact, Koha's example SIP config
contains an example of this ( kohalibrary / kohalibrary2 ).

If a SIP login uses an institution with an id that doesn't match a valid
branchcode, everything will appear to work, but the SIP worker will die
anywhere that Koha gets the branch from the userenv and assumes it is valid.

The repercussions of this are that actions such as the checkout message simply
die and do not return a response message to the requestor.

At the very least, we should output a warning to the SIP log.

I think we should strongly consider disallowing institution ids in the SIP
config that do not match valid branchcodes. In this scenario, attempting to
start the SIP server should result in a error message with the SIP server
exiting immediately.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.