https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39224 --- Comment #104 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 197371 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=197371&action=edit Bug 39224: (follow-up) Preserve matchpoint on upgrade and use wildcard fallback The atomicupdate dropped identity_providers.matchpoint before the orphan-provider loop seeded the per-hostname wildcard row, so pre-existing OAuth/OIDC providers landed in the new schema with matchpoint=NULL. The OAuth and SAML2 clients also did an exact hostname match when loading the matchpoint, so the wildcard row the atomicupdate does seed was never consulted, leaving $matchpoint undef and producing: Use of uninitialized value \$matchpoint in hash element at Koha/Auth/Client/OAuth.pm line 77 (and 96) Use of uninitialized value within @_ in list assignment at Koha/Auth/Client.pm line 235 Koha::Exceptions::Auth::Unauthorized -- External auth user cannot access resource This patch: * In installer/data/mysql/atomicupdate/bug_39224.pl, reads the old identity_providers.matchpoint values into a hash before dropping the column and threads them through the orphan-provider INSERT into identity_provider_hostnames, so the upgraded matchpoint survives. * Adds Koha::Auth::Identity::Provider->hostname_link(\$http_host) which walks Koha::Auth::Identity::Providers->hostname_candidates (full host, bare host, '*') and returns the first matching identity_provider_hostname row in preference order. * Uses the new helper from Koha::Auth::Client::OAuth and the two matchpoint-lookup sites in Koha::Auth::Client::SAML2 so the wildcard row is actually consulted when no specific hostname row exists. Test plan: 1. On a database with an OAuth/OIDC provider that has a matchpoint set under the old schema, run updatedatabase. The output now echoes the preserved matchpoint (e.g. "Added wildcard hostname entry for provider 'X' (matchpoint=userid)") and \`SELECT matchpoint FROM identity_provider_hostnames\` shows the carried-over value instead of NULL. 2. Re-run updatedatabase; no errors, no changes (idempotent). 3. prove t/db_dependent/Koha/Auth/Client.t \\ t/db_dependent/Koha/Auth/Client/OAuth.t \\ t/db_dependent/Koha/Auth/Client/SAML2.t \\ t/db_dependent/Koha/Auth/Identity/Provider.t 4. Trigger an OAuth login from a hostname that only has a wildcard hostname row for the provider. The three "uninitialized value" warnings above no longer appear and the existing patron is resolved. -- You are receiving this mail because: You are watching all bug changes.