https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37543
Paul Derscheid <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #170179|0 |1 is obsolete| | --- Comment #13 from Paul Derscheid <[email protected]> --- Created attachment 170339 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170339&action=edit Bug 37543: Use CSRF tokens in connexion_import_daemon.pl Since version 24.05, due to the changes mentioned at https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#Changes_coming_in_Koha_24.05 , the `connexion_import_daemon.pl` stopped working. The reason for this is that it did not use CSRF tokens. To test: 1. Get a Koha instance on 24.05, before applying the patch. 2. Create a plain text file somewhere on the server containing a raw MARC record (not XML). Let's call it `marc.txt`. 3. On the server, create a config file like this: ``` host: 0.0.0.0 port: 5500 koha: http://localhost:82 # Where 82 is the port of the Koha staff interface. user: foo # A Koha staff user. password: Fooo1234 # The Koha staff user's password. import_mode: stage ``` 4. Run `./connexion_import_daemon.pl --config the-config-file-path` 5. In another terminal on the same server (or from anywhere that can reach the port opened by the `connexion_import_daemon.pl` script, run `nc localhost 5500 < marc.txt` 6. Observe in the stderr of the daemon script: `Response: Unsuccessful request` 7. Stop the daemon script. 8. Apply the patch and repeat steps 4 and 5. 9. Observe in the stderr of the daemon script: `Response: Success. Batch number ... - biblio record number HASH(...) added to Koha` 10. Check at /cgi-bin/koha/tools/manage-marc-import.pl for a batch named `(webservice)`. It should contain one record now. This is how we know that authentication between the daemon and Koha worked, which is what this patch tries to address. Thanks-to: David Cook <[email protected]> Sponsored-by: Reformational Study Centre <www.refstudycentre.com> Signed-off-by: Nick Clemens <[email protected]> Signed-off-by: Paul Derscheid <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
