Unverified Commit 4dacc825 authored by IKEDA Soji's avatar IKEDA Soji Committed by GitHub
Browse files

Merge pull request #1044 from racke/pr/soap-api-access-fix by racke

Properly check email and session id in authenticateAndRun SOAP call (#1041)
parents 01e84a46 52157b54
......@@ -321,19 +321,16 @@ sub authenticateAndRun {
## session_table instead
my $session =
Sympa::WWW::Session->new($ENV{'SYMPA_ROBOT'}, {cookie => $cookie});
if (defined $session) {
$email = $session->{'email'};
$session_id = $session->{'id_session'};
unless ($email or $email eq 'unknown') {
$log->syslog('err', 'Failed to authenticate user with session ID %s',
unless (defined $session && ! $session->{'new_session'} && $session->{'email'} eq $email) {
$log->syslog('err', 'Failed to authenticate user %s with session ID %s',
$email, $cookie);
die SOAP::Fault->faultcode('Client')
->faultstring('Could not get email from cookie')->faultdetail('');
$ENV{'USER_EMAIL'} = $email;
$ENV{'SESSION_ID'} = $session_id;
$ENV{'SESSION_ID'} = $session->{'id_session'};
no strict 'refs';
$service->($self, @$parameters);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment