Bug 5995 Followup: checkpw was returning inconsistent values

In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the userid. This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the desired value in the right way.
2011-10-14 16:37:54 -04:00 · 2011-10-14 16:37:54 -04:00 · dcb4ac77fb
commit dcb4ac77fb
parent 417c9084b4
2 changed files with 7 additions and 7 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -737,7 +737,7 @@ sub checkauth {
 		    $info{'invalidCasLogin'} = 1 unless ($return);
        	} else {
 		    my $retuserid;
-		    ( $return, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
+		    ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
 		    $userid = $retuserid if ($retuserid ne '');
 		}
 		if ($return) {
@ -1389,8 +1389,8 @@ sub checkpw {
    my ( $dbh, $userid, $password, $query ) = @_;
    if ($ldap) {
        $debug and print "## checkpw - checking LDAP\n";
-        my ($retval,$retcard) = checkpw_ldap(@_);    # EXTERNAL AUTH
-        ($retval) and return ($retval,$retcard);
+        my ($retval,$retcard,$retuserid) = checkpw_ldap(@_);    # EXTERNAL AUTH
+        ($retval) and return ($retval,$retcard,$retuserid);
    }

    if ($cas && $query->param('ticket')) {
@ -1416,7 +1416,7 @@ sub checkpw {

            C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
                $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
        }
    }
    $sth =
@ -1432,7 +1432,7 @@ sub checkpw {

            C4::Context->set_userenv( $borrowernumber, $userid, $cardnumber,
                $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
        }
    }
    if (   $userid && $userid eq C4::Context->config('user')
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@ -155,7 +155,7 @@ sub checkpw_ldap {
            ($cardnumber eq $c2) or warn "update_local returned cardnumber '$c2' instead of '$cardnumber'";
        } else { # C1, D1
            # maybe update just the password?
-		return(1, $cardnumber); # FIXME dpavlin -- don't destroy ExtendedPatronAttributes
+		return(1, $cardnumber, $local_userid);
        }
    } elsif ($config{replicate}) { # A2, C2
        $borrowernumber = AddMember(%borrower) or die "AddMember failed";
@ -182,7 +182,7 @@ sub checkpw_ldap {
 		}
           C4::Members::Attributes::SetBorrowerAttributes($borrowernumber, $extended_patron_attributes);
  	}
-return(1, $cardnumber);
+return(1, $cardnumber, $userid);
 }

 # Pass LDAP entry object and local cardnumber (userid).