[Koha-bugs] [Bug 27305] iCal feed for circulation issues
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Dec 24 02:04:10 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27305
--- Comment #3 from David Cook <dcook at prosentient.com.au> ---
(In reply to Nico Bako from comment #2)
> I had some success trying to come up with a hacky solution. The link to my
> iCal (via my library account) is:
>
> https://catalog.hmcpl.org/cgi-bin/koha/opac-ics.pl
>
> I thought that if I set up my iCal feed to be:
>
> https://catalog.hmcpl.org/cgi-bin/koha/opac-ics.pl?userid={user-
> id}&password={password}
>
> then it should work... but this only worked as long as I was logged in. Once
> I logged out that link no longer worked.
>
> The CRAZY thing is, this curl command works:
>
> curl https://catalog.hmcpl.org/cgi-bin/koha/opac-ics.pl -d
> 'userid={user-id}&password={password}'
>
> No joke, the curl command works!
Koha's authentication and authorization code is a pet peeve of mine :p.
With the browser, you have already have an anonymous session (indicated by a
browser cookie) after logging out, so it's prompting you to sign in again.
With cURL, you're not sending a browser cookie, so it accepts your credentials
to create a new session.
> Do you have any other ideas for a hacky way to get the iCal feed to work? I
> know that my solution has security implications (since my userid and
> password are part of the url)... but it might be a good workaround for now.
>
I wouldn't call it a good workaround ;). As you say, including your credentials
in a URL is a very bad idea.
That said, your hack might work with Google calendar for instance. I wouldn't
be surprised if it did.
But... I do have plans to prevent userid and password from being sent via query
string parameters. Your hack actually gives me more incentive to do that, in
fact ;).
> I did talk to my library, and they said they weren't aware of an iCal feed
> feature, but that they would look into it.
Which library is it?
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list