https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40736
Bug ID: 40736
Summary: OAuth/OIDC authentication broken when CGISESSID is
missing
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: REST API
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Our API error logs contain multiple instances of the following error
> [ERROR] Can't call method "value" on an undefined value at
> /usr/share/koha/lib/Koha/REST/V1/OAuth/Client.pm line 100.
Client.pm:100 is
> $state = Koha::Token->new->generate_csrf( { session_id =>
> $c->req->cookie('CGISESSID')->value } );
This happens when a web crawler (Googlebot in our case) navigates to OAuth/OIDC
login API endpoint, and Koha attempts to generate them a new CSRF token but is
unable to due to missing CGISESSID cookie.
To replicate:
1. Have an identity provider <provider code> defined under Administration >
Identity providers
2. On a fresh browser session (clear cookies),
3. Navigate to https://yourkoha/api/v1/public/oauth/login/<provider code>/opac
4. Observe [ERROR] Can't call method "value" on an undefined value at
/usr/share/koha/lib/Koha/REST/V1/OAuth/Client.pm line 100. in
plack-api-error.log
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
