[Koha-bugs] [Bug 34163] New: CSRF error if try OAuth2/OIDC after logout

Fri Jun 30 04:06:12 CEST 2023

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34163

            Bug ID: 34163
           Summary: CSRF error if try OAuth2/OIDC after logout
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: dcook at prosentient.com.au
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

If you do a local log into Koha, then logout, then try to do a OAuth2/OIDC log
in, you'll get a CSRF error.

The reason is that Koha is generating the CSRF token using an id like
"anonymous_58d273f40cb20ff0aacab829aaf935fc" but checking it with an id of
"_58d273f40cb20ff0aacab829aaf935fc".

This is because we're not properly checking the C4::Context->userenv and/or it
seems like it's not getting properly set after a logout.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.