[Koha-bugs] [Bug 29264] New: SIP config allows use of non-branchcode institution ids causes workers to die without responding
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Oct 18 14:28:00 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29264
Bug ID: 29264
Summary: SIP config allows use of non-branchcode institution
ids causes workers to die without responding
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: SIP2
Assignee: koha-bugs at lists.koha-community.org
Reporter: kyle at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
If is entirely possible to create an SIP institution whose ID does not match a
valid branchcode in Koha's SIP config. In fact, Koha's example SIP config
contains an example of this ( kohalibrary / kohalibrary2 ).
If a SIP login uses an institution with an id that doesn't match a valid
branchcode, everything will appear to work, but the SIP worker will die
anywhere that Koha gets the branch from the userenv and assumes it is valid.
The repercussions of this are that actions such as the checkout message simply
die and do not return a response message to the requestor.
At the very least, we should output a warning to the SIP log.
I think we should strongly consider disallowing institution ids in the SIP
config that do not match valid branchcodes. In this scenario, attempting to
start the SIP server should result in a error message with the SIP server
exiting immediately.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list