Bug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail address

To reproduce: - Create 3 Accounts, login names are test01, test02, test03, Email is the same for all. - Go to OPAC -> Password recovery and indicate E-Mail only - You will get an email for only one of the accounts above. To test: - Apply patch, restart memcached and plack - Go to db, delete from borrower_password_recovery; - Try steps above to reproduce. You will get an error message: Account identification with this email address only is ambiguous. Please use the field 'Login' as well. - Verify that other cases work as before (provide valid / invalid login only, provide valid email for an existing account, provide unknown email, provide both login and email with all combinations of valid / invalid) Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Bug 16711: (QA-followup) Use count directly See comment # 13 Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years ago · 3829020c26
2 changed files with 20 additions and 6 deletions
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
@ -54,6 +54,9 @@
                        <br/>Please try again later.
                    [% ELSIF (errNoBorrowerFound) %]
                        No account was found with the provided information.
+                    [% ELSIF (errMultipleAccountsForEmail) %]
+                        Account identification with this email address only is ambiguous.
+                        <br />Please use the field 'Login' as well.
                    [% ELSIF (errAlreadyStartRecovery) %]
                        The process of password recovery has already been started for this account ("<strong>[% username %]</strong>")
                        <br/>You should have received an email with a link to reset your password.
@ -78,7 +81,7 @@
                    <form action="/cgi-bin/koha/opac-password-recovery.pl" method="post">
                        <input type="hidden" name="koha_login_context" value="opac" />
                        <fieldset>
-                            <p>To reset your password, enter your login and email address.
+                            <p>To reset your password, enter your login and your email address.
                            <label for="username">Login:</label>
                            <input type="text" id="username" size="40" name="username" value="[% username %]" />
                            <label for="email">Email:</label>
--- a/opac/opac-password-recovery.pl
+++ b/opac/opac-password-recovery.pl
@ -40,6 +40,7 @@ my $hasError;
 #email form error
 my $errNoBorrowerFound;
 my $errNoBorrowerEmail;
+my $errMultipleAccountsForEmail;
 my $errAlreadyStartRecovery;
 my $errTooManyEmailFound;
 my $errBadEmail;
@ -54,20 +55,29 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
    #try with the main email
    $email ||= '';    # avoid undef
    my $borrower;
-    my $search_results = [];
+    my $search_results;

    # Find the borrower by his userid or email
    if ($username) {
-        $search_results = [ Koha::Patrons->search( { userid => $username } ) ];
+        $search_results = Koha::Patrons->search( { userid => $username } );
    }
    elsif ($email) {
-        $search_results = [ Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email  => $email } } ) ];
+        $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email  => $email } } );
    }
-    if ( not $search_results || scalar @$search_results > 1 ) {
+
+    if ( not $search_results || $search_results->count < 1) {
+        $hasError           = 1;
+        $errNoBorrowerFound = 1;
+    }
+    elsif ( $username && $search_results->count > 1) { # Multiple accounts for username
        $hasError           = 1;
        $errNoBorrowerFound = 1;
    }
-    elsif ( $borrower = shift @$search_results ) {    # One matching borrower
+    elsif ( $email && $search_results->count > 1) { # Muliple accounts for E-Mail
+        $hasError           = 1;
+        $errMultipleAccountsForEmail = 1;
+    }
+    elsif ( $borrower = $search_results->next() ) {    # One matching borrower
        $username ||= $borrower->userid;
        my @emails = ( $borrower->email, $borrower->emailpro, $borrower->B_email );

@ -112,6 +122,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
            errAlreadyStartRecovery => $errAlreadyStartRecovery,
            errBadEmail             => $errBadEmail,
            errNoBorrowerEmail      => $errNoBorrowerEmail,
+            errMultipleAccountsForEmail => $errMultipleAccountsForEmail,
            password_recovery       => 1,
            email                   => HTML::Entities::encode($email),
            username                => $username