From 1f9c734de40b609c6ff2f4ff02728eabcc78985c Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Wed, 17 Aug 2022 11:09:14 +0000 Subject: [PATCH] Bug 31382: Pass password_has_expired param to templte This patch restores the param, while still leaving the check against invalid login credentials to ensure we don't leak information. To test: 1 - enable EnableExpiredPasswordReset 2 - Edit a patron to set password to expire in the past 3 - Attempt opac login as patron 4 - It fails, but you are redirected to login screen with no info 5 - Apply patch 6 - Attempt login 7 - You are notified password expired and given reset link 8 - Go back to login screen 9 - Login with correct username,, wrong password 10 - You are notified of incorrect credentials, not password expiration Signed-off-by: Andrew Fuerste-Henry Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 218419ce2c2502bcad0f8285173b4493d7e9e8fc) Signed-off-by: Lucas Gass --- C4/Auth.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 0e9e1d23a5..7960909f81 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1408,6 +1408,7 @@ sub checkauth { PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"), opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, too_many_login_attempts => ( $patron and $patron->account_locked ), + password_has_expired => ( $patron and $patron->password_expired ), ); $template->param( SCO_login => 1 ) if ( $query->param('sco_user_login') );