https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31378
--- Comment #87 from David Cook <[email protected]> --- Comment on attachment 141807 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141807 Bug 31378: Add Auth mojo plugin Review of attachment 141807: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=31378&attachment=141807) ----------------------------------------------------------------- ::: Koha/REST/Plugin/Auth.pm @@ +83,5 @@ > + 'auth.session' => sub { > + my ( $c, $patron ) = @_; > + my $userid = $patron->userid; > + my $cardnumber = $patron->cardnumber; > + my $cgi = CGI->new; I don't think that we should be using the CGI module in the Mojolicious REST API, since we're not using CGI. This is hacky. @@ +89,5 @@ > + $cgi->param( userid => $userid ); > + $cgi->param( cardnumber => $cardnumber ); > + $cgi->param( auth_client_login => 1 ); > + > + my ( $status, $cookie, $session_id ) = > C4::Auth::check_api_auth($cgi); This is a suboptimal design for at least a couple of reasons: 1) it requires a CGI object; 2) it creates a session for the API interface rather than the OPAC/Staff interfaces; 3) it's not to purpose - we're not checking auth. We know that we're just creating a new session. I've been saying for years that we need to standardize session creation, and it's still true. In the meantime, a minimal session can be created as simply as this: $session->param( 'number', $patron->borrowernumber ); $session->param( 'id', $patron->userid ); $session->param( 'cardnumber', $patron->cardnumber ); $session->param( 'firstname', $patron->firstname ); $session->param( 'surname', $patron->surname ); $session->param( 'branch', $patron->branchcode ); $session->param( 'branchname', $patron->library->branchname ); $session->param( 'flags', $patron->flags ); $session->param( 'emailaddress', $patron->email ); $session->param( 'ip', $session->remote_addr() ); $session->param( 'lasttime', time() ); $session->param( 'interface', $type); Then you can either pass the $session object or the session ID as the return value. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
