Bug 35204: Prevent an expired password from throwing a 500 error

Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted.

Test plan:
1) Choose a patron and set their password expiry date to a date in the past
2) Send a request to auth/password/validation as an authenticated user with that patron's details
3) The response should be a 500 error
4) Apply patch
5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of  "Password expired"

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f3bb885052)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This commit is contained in:
Matt Blenkinsop 2023-12-06 10:03:45 +00:00 committed by Fridolin Somers
parent 86be92a608
commit df9d4b0f55

View file

@ -41,7 +41,7 @@ Controller method that checks a patron's password
sub validate {
my $c = shift->openapi->valid_input or return;
my $body = $c->req->json;
my $body = $c->req->json;
my $identifier = $body->{identifier};
my $userid = $body->{userid};
@ -72,10 +72,11 @@ sub validate {
return try {
my ( $status, $THE_cardnumber, $THE_userid ) = C4::Auth::checkpw( $identifier, $password );
unless ($status) {
unless ( $status && $status > 0 ) {
my $error_response = $status == -2 ? 'Password expired' : 'Validation failed';
return $c->render(
status => 400,
openapi => { error => "Validation failed" }
openapi => { error => $error_response }
);
}