Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 31739: Password recovery from staff fails if previous expired reset-entry exists.

Browse source 
SendPasswordRecoveryEmail relies on the calling script to tell if there is an
existing valid recovery already. If there's an expired recovery-entry the
members/notices.pl script will try to create a new entry resulting in a duplicate
key error.

This patch fixes the bug by removing the need for the calling script to do the check as
since SendPasswordRecoveryEmail does the same thing anyway.
SendPasswordRecoveryEmail will now use DBIx ->update_or_create instead of looking at
the $update param to determine if it should update an existing entry or create a new.

The update param is removed from all calling scripts and test are updated.

To test:
1. Generate a password recovery mail for a patron
2. Let it expire.
3. Generate a new password recovery from staff to the same patron - Fail!
4: Apply patch
5. Generate a new password recovery from staff to the same patron - Success!
6. Opac password recovery flow should also work.
7. Tests pass.

Sponsored-by: Lund University Library

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 043017af13)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This commit is contained in:
Björn Nylén 2022-10-12 11:54:11 +00:00 committed by Lucas Gass
parent 1c17ce3335
commit 7a33e61858
4 changed files with 7 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Koha/Patron/Password/Recovery.pm
View file

@ -106,7 +106,6 @@ sub GetValidLinkInfo {
sub SendPasswordRecoveryEmail { sub SendPasswordRecoveryEmail {
my $borrower = shift; # Koha::Patron my $borrower = shift; # Koha::Patron
my $userEmail = shift; #to_address (the one specified in the request) my $userEmail = shift; #to_address (the one specified in the request)
my $update = shift;
my $staff = shift // 0; my $staff = shift // 0;
my $schema = Koha::Database->new->schema; my $schema = Koha::Database->new->schema;
@ -121,22 +120,14 @@ sub SendPasswordRecoveryEmail {
my $days = $staff ? STAFF : PATRON; my $days = $staff ? STAFF : PATRON;
my $expirydate = my $expirydate =
dt_from_string()->add( days => $days ); dt_from_string()->add( days => $days );
if ($update) { my $rs = $schema->resultset('BorrowerPasswordRecovery')->update_or_create(
my $rs =
$schema->resultset('BorrowerPasswordRecovery')
->search( { borrowernumber => $borrower->borrowernumber, } );
$rs->update(
{ uuid => $uuid_str, valid_until => $expirydate->datetime() } );
}
else {
my $rs = $schema->resultset('BorrowerPasswordRecovery')->create(
{ {
borrowernumber => $borrower->borrowernumber, borrowernumber => $borrower->borrowernumber,
uuid => $uuid_str, uuid => $uuid_str,
valid_until => $expirydate->datetime() valid_until => $expirydate->datetime()
} },
{ key => 'primary' }
); );
}
# create link # create link
my $opacbase = C4::Context->preference('OPACBaseURL') || ''; my $opacbase = C4::Context->preference('OPACBaseURL') || '';

5
members/notices.pl
View file

@ -100,11 +100,8 @@ if ( $op eq 'send_password_reset' ) {
if ($emailaddr) { if ($emailaddr) {
# check if there's already a recovery in process
my $update = ValidateBorrowernumber( $patron->borrowernumber );
# send staff initiated password recovery # send staff initiated password recovery
SendPasswordRecoveryEmail( $patron, $emailaddr, $update, 1 ); SendPasswordRecoveryEmail( $patron, $emailaddr, 1 );
} }
# redirect to self to avoid form submission on refresh # redirect to self to avoid form submission on refresh

2
opac/opac-password-recovery.pl
View file

@ -133,7 +133,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
username => $username username => $username
); );
} }
elsif ( SendPasswordRecoveryEmail( $borrower, $email, scalar $query->param('resendEmail') ) ) { # generate uuid and send recovery email elsif ( SendPasswordRecoveryEmail( $borrower, $email ) ) { # generate uuid and send recovery email
$template->param( $template->param(
mail_sent => 1, mail_sent => 1,
email => $email email => $email

4
t/db_dependent/Passwordrecovery.t
View file

@ -200,7 +200,7 @@ ok( Koha::Patron::Password::Recovery::DeleteExpiredPasswordRecovery($borrowernum
my $borrower = Koha::Patrons->search( { userid => $userid1 } )->next; my $borrower = Koha::Patrons->search( { userid => $userid1 } )->next;
my $success; my $success;
warning_is { warning_is {
$success = Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1, 0); } $success = Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1 ); }
"Fake sendmail", "Fake sendmail",
'[SendPasswordRecoveryEmail] expecting fake sendmail'; '[SendPasswordRecoveryEmail] expecting fake sendmail';
ok( $success == 1, '[SendPasswordRecoveryEmail] Returns 1 on success'); ok( $success == 1, '[SendPasswordRecoveryEmail] Returns 1 on success');
@ -212,7 +212,7 @@ my $bpr = $schema->resultset('BorrowerPasswordRecovery')->search( { borrowernumb
my $tempuuid1 = $bpr->next->uuid; my $tempuuid1 = $bpr->next->uuid;
warning_is { warning_is {
Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1, 1); } Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1 ); }
"Fake sendmail", "Fake sendmail",
'[SendPasswordRecoveryEmail] expecting fake sendmail'; '[SendPasswordRecoveryEmail] expecting fake sendmail';