Bug 35204: Prevent an expired password from throwing a 500 error
Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted. Test plan: 1) Choose a patron and set their password expiry date to a date in the past 2) Send a request to auth/password/validation as an authenticated user with that patron's details 3) The response should be a 500 error 4) Apply patch 5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of "Password expired" Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> (cherry picked from commitf3bb885052
) Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com> (cherry picked from commitdf9d4b0f55
) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> (cherry picked from commit24f067b0cf
) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
This commit is contained in:
parent
01be754817
commit
4ebb9246cf
1 changed files with 3 additions and 2 deletions
|
@ -72,10 +72,11 @@ sub validate {
|
|||
|
||||
return try {
|
||||
my ( $status, $THE_cardnumber, $THE_userid ) = C4::Auth::checkpw( $identifier, $password );
|
||||
unless ($status) {
|
||||
unless ( $status && $status > 0 ) {
|
||||
my $error_response = $status == -2 ? 'Password expired' : 'Validation failed';
|
||||
return $c->render(
|
||||
status => 400,
|
||||
openapi => { error => "Validation failed" }
|
||||
openapi => { error => $error_response }
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue