[Bug 35276] New: Posting a suggestion crashes on Unknown column 'auth_forwarded_hash'
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Bug ID: 35276 Summary: Posting a suggestion crashes on Unknown column 'auth_forwarded_hash' Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Staff interface Assignee: koha-bugs@lists.koha-community.org Reporter: m.de.rooy@rijksmuseum.nl QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com Seen in production on 22.11. Still investigating further a bit. May affect severity later. It seems that the Auth.pm originating auth_forwarded_hash is passed into a Koha Objects search. So it should be deleted before that point. L426 my @suggestions = Koha::Suggestions->search_limited($search_params)->as_list; Will still be adding comment(s). -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|koha-bugs@lists.koha-commun |m.de.rooy@rijksmuseum.nl |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 --- Comment #1 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- And I am seeing a similar friend: DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Unknown column 'koha_login_context' in 'where clause' at /usr/share/koha/Koha/Objects.pm line 394 at /usr/share/perl5/DBIx/Class/Exception.pm line 77 Very similar issue actually. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 --- Comment #2 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Fix is underway. When you login on the suggestion/suggestion.pl url, Auth will add a few params which are copied into the Koha Objects->as_list call. We need to remove them. The fact that this only happens when directly hitting the URL when not logged in, makes me keep the current severity. Some crash details: DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Unknown column 'auth_forwarded_hash' in 'where clause' at /usr/share/koha/Koha/Objects.pm line 394 at /usr/share/perl5/DBIx/Class/Exception.pm line 77 DBIx::Class::Storage::DBI::_dbh_execute('DBIx::Class::Storage::DBI::mysql=HASH(0x5564b8285490)', 'DBI::db=HASH(0x5564baa26de0)', 'SELECT `me`.`suggestionid`, `me`.`suggestedby`, `me`.`suggesteddate`, `me`.`managedby`, `me`.`manageddate`, `me`.`acceptedby`, `me`.`accepteddate`, `me`.`rejectedby`, `me`.`rejecteddate`, `me`.`lastmodificationby`, `me`.`lastmodificationdate`, `me`.`STATUS`, `me`.`archived`, `me`.`note`, `me`.`staff_note`, `me`.`author`, `me`.`title`, `me`.`copyrightdate`, `me`.`publishercode`, `me`.`date`, `me`.`volumedesc`, `me`.`publicationyear`, `me`.`place`, `me`.`isbn`, `me`.`biblionumber`, `me`.`reason`, `me`.`patronreason`, `me`.`budgetid`, `me`.`branchcode`, `me`.`collectiontitle`, `me`.`itemtype`, `me`.`quantity`, `me`.`currency`, `me`.`price`, `me`.`total` FROM `suggestions` `me` WHERE ( ( `STATUS` = ? AND `archived` = ? AND `auth_forwarded_hash` = ? AND `branchcode` = ? AND `koha_login_context` = ? AND `password` = ? AND `userid` = ? ) )', 'ARRAY(0x5564b85a9e98)', 'ARRAY(0x5564bb7fc430)') called at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 856 Koha::Objects::as_list('Koha::Suggestions=HASH(0x5564bd270de8)') called at /usr/share/koha/suggestion/suggestion.pl line 426 eval {...} at /usr/share/koha/suggestion/suggestion.pl line 564 => Look at the WHERE clause and note the presence of auth_forwarded_hash, koha_login_context, password and userid. Actually, the suggestion code could be improved further. This should not be done really: my $suggestion_ref = { %{$input->Vars} }; # Copying, otherwise $input will be modified Here we get the additional cruft from Auth into our suggestion hash. The fix simply removes them without a complete refactor of the script. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Posting a suggestion |Suggestions form crashes on |crashes on Unknown column |Unknown column |'auth_forwarded_hash' |'auth_forwarded_hash' when | |logging in -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 --- Comment #3 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 158595 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=158595&action=edit Bug 35276: Remove authentication params from suggestion hash These would be forwarded to Koha::Objects->as_list and crash on unknown column. Test plan: Logout from staff. Enter URL /suggestion/suggestion.pl Without this patch, it crashes. Now it does not. Note: The crash may show auth_forwarded_hash but I also saw koha_login_context passing by. Same issue. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #158595|0 |1 is obsolete| | --- Comment #4 from David Nind <david@davidnind.com> --- Created attachment 158620 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=158620&action=edit Bug 35276: Remove authentication params from suggestion hash These would be forwarded to Koha::Objects->as_list and crash on unknown column. Test plan: Logout from staff. Enter URL /suggestion/suggestion.pl Without this patch, it crashes. Now it does not. Note: The crash may show auth_forwarded_hash but I also saw koha_login_context passing by. Same issue. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Text to go in the| |This fixes an issue when release notes| |trying to directly access | |the suggestions management | |page in the staff interface | |([YOURDOMAIN]/cgi-bin/koha/ | |suggestion/suggestion.pl) | |when you are logged out. | |Previously, if you were | |logged out, tried to access | |the suggestions management | |page, and then entered your | |credentials, you would get | |an error trace. CC| |david@davidnind.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 --- Comment #5 from David Nind <david@davidnind.com> --- Testing notes (using KTD): 1. Make sure you are logged out of the staff interface. 2. Enter the URL: http://127.0.0.1:8081/cgi-bin/koha/suggestion/suggestion.pl 3. Enter your login details 4. You get an error trace: DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::mysql::st execute failed: Unknown column 'koha_login_context' in 'where clause' at /kohadevbox/koha/Koha/Objects.pm line 399 at /usr/share/perl5/DBIx/Class/Exception.pm line 77 ... 5. Apply the patch, flush_memcached, restart_all, etc. 6. Repeat steps 1-3. 7. You now safely arrive at the suggestions management page. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |katrin.fischer@bsz-bw.de |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #158620|0 |1 is obsolete| | --- Comment #6 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 158821 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=158821&action=edit Bug 35276: Remove authentication params from suggestion hash These would be forwarded to Koha::Objects->as_list and crash on unknown column. Test plan: Logout from staff. Enter URL /suggestion/suggestion.pl Without this patch, it crashes. Now it does not. Note: The crash may show auth_forwarded_hash but I also saw koha_login_context passing by. Same issue. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |23.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 --- Comment #7 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Pushed to master for 23.11. Nice work everyone, thanks! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to master |Pushed to stable CC| |fridolin.somers@biblibre.co | |m Version(s)|23.11.00 |23.11.00,23.05.06 released in| | --- Comment #8 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to 23.05.x for 23.05.06 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)|23.11.00,23.05.06 |23.11.00,23.05.06,22.11.12 released in| | Status|Pushed to stable |Pushed to oldstable -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35276 --- Comment #9 from Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> --- Nice work everyone! Pushed to oldstable for 22.11.x -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org