Bug 36575: (QA follow-up)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
parent
0fad1fd62a
commit
4e57729fb0
GPG key ID:
0EF6E2C03357A834
3 changed files with 33 additions and 30 deletions
17
C4/Auth.pm
17
C4/Auth.pm
|
|
@ -2003,8 +2003,7 @@ sub checkpw {
|
|||
my $ticket = $query->param('ticket');
|
||||
$query->delete('ticket'); # remove ticket to come back to original URL
|
||||
my ( $retval, $retcard, $retuserid, $cas_ticket );
|
||||
( $retval, $retcard, $retuserid, $cas_ticket, $patron ) =
|
||||
checkpw_cas( $ticket, $query, $type ); # EXTERNAL AUTH
|
||||
( $retval, $retcard, $retuserid, $cas_ticket, $patron ) = checkpw_cas( $ticket, $query, $type ); # EXTERNAL AUTH
|
||||
if ($retval) {
|
||||
@return = ( $retval, $retcard, $retuserid, $patron, $cas_ticket );
|
||||
} else {
|
||||
|
|
@ -2036,22 +2035,22 @@ sub checkpw {
|
|||
$check_internal_as_fallback = 1;
|
||||
}
|
||||
|
||||
if ( $check_internal_as_fallback ){
|
||||
# INTERNAL AUTH
|
||||
@return = checkpw_internal( $userid, $password, $no_set_userenv );
|
||||
$passwd_ok = 1 if $return[0] > 0; # 1 or 2
|
||||
$patron = Koha::Patrons->find({ cardnumber => $return[1] }) if $passwd_ok;
|
||||
if ($check_internal_as_fallback) {
|
||||
# INTERNAL AUTH
|
||||
@return = checkpw_internal( $userid, $password, $no_set_userenv );
|
||||
$passwd_ok = 1 if $return[0] > 0; # 1 or 2
|
||||
$patron = Koha::Patrons->find( { cardnumber => $return[1] } ) if $passwd_ok;
|
||||
push @return, $patron if $patron;
|
||||
}
|
||||
|
||||
if ( defined $userid && !$patron ) {
|
||||
if ( defined $userid && !$patron ) {
|
||||
$patron = Koha::Patrons->find( { userid => $userid } );
|
||||
$patron = Koha::Patrons->find( { cardnumber => $userid } ) unless $patron;
|
||||
push @return, $patron if $check_internal_as_fallback;
|
||||
}
|
||||
|
||||
if ($patron) {
|
||||
if( $patron->account_locked ){
|
||||
if ( $patron->account_locked ) {
|
||||
@return = ();
|
||||
} elsif ($passwd_ok) {
|
||||
$patron->update( { login_attempts => 0 } );
|
||||
|
|
|
|||
|
|
@ -1565,23 +1565,23 @@ subtest 'checkpw for users with shared cardnumber / userid ' => sub {
|
|||
plan tests => 8;
|
||||
|
||||
t::lib::Mocks::mock_preference( 'RequireStrongPassword', 0 );
|
||||
my $library = $builder->build_object( { class => 'Koha::Libraries' } );
|
||||
my $patron_1 = $builder->build_object( { class => 'Koha::Patrons' } );
|
||||
my $library = $builder->build_object( { class => 'Koha::Libraries' } );
|
||||
my $patron_1 = $builder->build_object( { class => 'Koha::Patrons' } );
|
||||
$patron_1->set_password( { password => "OnePassword" } );
|
||||
my $patron_2 = $builder->build_object( { class => 'Koha::Patrons', value => { userid => $patron_1->cardnumber } } );
|
||||
my $patron_2 = $builder->build_object( { class => 'Koha::Patrons', value => { userid => $patron_1->cardnumber } } );
|
||||
$patron_2->set_password( { password => "PasswordTwo" } );
|
||||
|
||||
my ( $checkpw, $cardnumber, $userid, $patron ) = checkpw( $patron_1->cardnumber, "OnePassword", undef, undef, 1 );
|
||||
ok( $checkpw, 'checkpw returns true for right password when logging in via cardnumber' );
|
||||
is( $cardnumber, $patron_1->cardnumber, 'checkpw returns correct cardnumber' );
|
||||
is( $userid, $patron_1->userid, 'checkpw returns correct userid' );
|
||||
is( $patron->id, $patron_1->id, 'checkpw returns correct patron' );
|
||||
is( $userid, $patron_1->userid, 'checkpw returns correct userid' );
|
||||
is( $patron->id, $patron_1->id, 'checkpw returns correct patron' );
|
||||
|
||||
( $checkpw, $cardnumber, $userid, $patron ) = checkpw( $patron_2->userid, "PasswordTwo", undef, undef, 1 );
|
||||
ok( $checkpw, 'checkpw returns true for right password when logging in via userid' );
|
||||
is( $cardnumber, $patron_2->cardnumber, 'checkpw returns correct cardnumber' );
|
||||
is( $userid, $patron_2->userid, 'checkpw returns correct userid' );
|
||||
is( $patron->id, $patron_2->id, 'checkpw returns correct patron' );
|
||||
is( $userid, $patron_2->userid, 'checkpw returns correct userid' );
|
||||
is( $patron->id, $patron_2->id, 'checkpw returns correct patron' );
|
||||
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -248,7 +248,7 @@ subtest 'password validation - users with shared cardnumber / userid' => sub {
|
|||
my $patron_1 = $builder->build_object(
|
||||
{
|
||||
class => 'Koha::Patrons',
|
||||
value => { }
|
||||
value => {}
|
||||
}
|
||||
);
|
||||
my $patron_password_1 = 'thePassword123';
|
||||
|
|
@ -269,7 +269,8 @@ subtest 'password validation - users with shared cardnumber / userid' => sub {
|
|||
};
|
||||
|
||||
$t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201)
|
||||
->json_is({ cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid} );
|
||||
->json_is(
|
||||
{ cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid } );
|
||||
|
||||
$json = {
|
||||
identifier => $patron_2->userid,
|
||||
|
|
@ -277,23 +278,26 @@ subtest 'password validation - users with shared cardnumber / userid' => sub {
|
|||
};
|
||||
|
||||
$t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201)
|
||||
->json_is({ cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid} );
|
||||
|
||||
my $json = {
|
||||
userid => $patron_1->cardnumber,
|
||||
password => $patron_password_1,
|
||||
};
|
||||
|
||||
$t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201)
|
||||
->json_is({ cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid} );
|
||||
->json_is(
|
||||
{ cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid } );
|
||||
|
||||
$json = {
|
||||
userid => $patron_2->userid,
|
||||
password => $patron_password_2,
|
||||
userid => $patron_1->cardnumber,
|
||||
password => $patron_password_1,
|
||||
};
|
||||
|
||||
$t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201)
|
||||
->json_is({ cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid} );
|
||||
->json_is(
|
||||
{ cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid } );
|
||||
|
||||
$json = {
|
||||
userid => $patron_2->userid,
|
||||
password => $patron_password_2,
|
||||
};
|
||||
|
||||
$t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201)
|
||||
->json_is(
|
||||
{ cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid } );
|
||||
|
||||
$schema->storage->txn_rollback;
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue