[Koha-bugs] [Bug 11219] CAS authentication fails with URL parameters

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sat Dec 21 11:37:44 CET 2013


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11219

Katrin Fischer <katrin.fischer at bsz-bw.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #23138|0                           |1
        is obsolete|                            |

--- Comment #6 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
Created attachment 23744
  -->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=23744&action=edit
[PASSED QA] Bug 11219 - CAS authentication fails with URL parameters

Bug 10029 tries to fix the use of URL parameters in CAS authentication.
But is does not work.
The full URL must be used in all methods of C4::Auth_with_cas.
Also, in checkpw_cas(), the 'ticket' parameter must be removed to find the
original URL.

This patch removes the 'ticket' parameter from query before calling
checkpw_cas() since the ticket is passed as method arguemnt.
In C4::Auth_with_cas, many methods use the same code to get the CAS handler and
the service URI. This patch adds a private method _get_cas_and_service() to do
the job.

Test plan:
- Enable CAS
- Go to opac without been logged-in
- Try to place hold on a record
=> You get to /cgi-bin/koha/opac-reserve.pl?biblionumber=XXX showing
authentication page
=> Check that CAS link contains query param "biblionumber"
- Click on CAS link and log in
=> Check you return well logged-in to reserve page with biblionumber param
- Check CAS loggout
- Check Proxy CAS auth

Signed-off-by: Koha team AMU <koha.aixmarseille at gmail.com>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Passes all tests in t, xt, and t/db_dependent/Auth.t.
Also passes QA script.

As I have no working CAS server, I focused on regression testing:
Activated Persona and casAuthentication.
- Verified normal login against database still works.
- Verified Persona login works.
  Note: With Persona you are always forwarded to the patron
  account - so you have to search for the record again before
  you can place a hold.
- Verified that the CAS URL contains the biblionumber when
  logging in while placing a hold.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list