[Koha-bugs] [Bug 34163] New: CSRF error if try OAuth2/OIDC after logout
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jun 30 04:06:12 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34163
Bug ID: 34163
Summary: CSRF error if try OAuth2/OIDC after logout
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: dcook at prosentient.com.au
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
If you do a local log into Koha, then logout, then try to do a OAuth2/OIDC log
in, you'll get a CSRF error.
The reason is that Koha is generating the CSRF token using an id like
"anonymous_58d273f40cb20ff0aacab829aaf935fc" but checking it with an id of
"_58d273f40cb20ff0aacab829aaf935fc".
This is because we're not properly checking the C4::Context->userenv and/or it
seems like it's not getting properly set after a logout.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list