https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38363
--- Comment #13 from Jonathan Druart <[email protected]> --- Created attachment 189617 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=189617&action=edit Bug 38363: Use output_html_with_http_headers in C4::Auth The following C4::Auth subroutines - checkauth() - get_template_and_user() were in some cases outputting html outside of C4::Output's output mechanisms. It is important to ensure the consistency of our HTTP responses. Having multiple output mechanisms for what is essentialy the same type of response not only leads to unneccessary code duplication and complexity but possibly even bugs at some point in the future. For these reasons it is better to output only through C4::Output, when possible. This patch does that for the two aforementioned C4::Auth cases. To test unit tests: 1. prove t/db_dependent/Auth.t As for checkauth(), the change only applies to unauthenticated state and failed logins. To test checkauth: 1. Enable system preference opacuserlogin 2. Navigate to OPAC 3. Observe OPAC loading successfully 4. Log in to OPAC with invalid credentials 5. Observe "You entered an incorrect username or password" 6. Navigate to staff client without being logged in (logout if you are in) 7. Observe staff client login screen loading successfully 8. Log in to staff client with invalid credentials 9. Observe "Invalid username or password" As for get_template_and_user(), the change only applies to SCO/SCI user navigating outside of the self service modules. To test get_template_and_user: 1. Enable system preference WebBasedSelfCheck 2. Create a new test patron and note down their username & password 3. Grant them a permission self_checkout_module (under Self check modules) 4. Navigate to http://OPAC/cgi-bin/koha/sco/sco-main.pl 5. Log in with the test patron 6. Observe successful login (should display "Self-checkout system" page) 7. Navigate to http://OPAC/cgi-bin/koha/opac-main.pl (you can get there by editing the address bar of your web browser) 8. Observe "Log in to your account" page, ie. you have been kicked out 9. Modify your test patron's permissions 10. Remove permission "self_checkout_module" and add "self_checkin_module" 11. Enable system preference SelfCheckInModule 12. Navigate to http://OPAC/cgi-bin/koha/sci/sci-main.pl 13. Log in using your test patron's credentials 14. Observe "Self check-in" page 15. Navigate to http://OPAC/cgi-bin/koha/opac-main.pl (you can get there by editing the address bar of your web browser) 16. Observe "Log in to your account" page, ie. you have been kicked out Signed-off-by: David Cook <[email protected]> Signed-off-by: Jonathan Druart <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
