Koha/C4/SIP/Sip at 8bbfd0c027861764ec0e256e0f43b020da8f8af9 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Kyle M Hall fac2c17214 Bug 21997: SIP patron information requests can lock patron out of account Many SIP services send an empty password field (AD). Even if allow_empty_passwords is enabled for the given SIP account, this empty password is run though Koha's password checker which increments the number of login attempts for a patron. Thus repeated patron information requests can lock a patron out! Empty password fields in SIP should not call for a password check if allow_empty_passwords is enabled. Test Plan: 1) Enable a patron password attempt with a limit of 3 2) Send 4 patron information requests with an empty AD field 3) Note the patron's account is now locked 4) Apply this patch 5) Repeat step 2 with a different patron 6) Note the patron's account does not get locked! Signed-off-by: Charles Farmer <charles.farmer@inLibro.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com>		2019-02-22 13:09:07 +00:00
..
Checksum.pm
Configuration.pm
Constants.pm
MsgType.pm	Bug 21997: SIP patron information requests can lock patron out of account	2019-02-22 13:09:07 +00:00