git.koha-community.org Git - koha.git/commit

author	Liz Rea <liz@catalyst.net.nz>
	Tue, 31 Jan 2017 21:59:01 +0000 (21:59 +0000)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 19 Feb 2017 19:56:10 +0000 (20:56 +0100)
commit	6c8aa636cc13e970aa2a3b3b18dc87292ea60ab8
tree	f3c05c83ce13c9418342ce40834e3d34f019ec8a	tree \| snapshot
parent	7c4463513433a65ccc8ea0c53a8124f727377a6c	commit \| diff

Bug 18025 - Expired password recovery links cause sql crash

When a user gets an email, but doesn't act or visit it within two days,
     attempting to create a new one causes a collision. We should just
     delete the old one, assuming they still want to reset their
     password.

To test:
create yourself a borrower with a userid and password.
Attempt a password recovery on the OPAC
update the entry in the database for that user to have an expired token
e.g. update borrower_password_recovery set valid_until = '2017-01-25
03:25:26' where borrowernumber = 12;
Attempt another password recovery operation - should error
apply the patch
Try it again - no error, new token is generated and additional email
with new link is sent.

Issue reproduced - is resolved by patch
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e87dab6411a40ae0eba3d56032760d705ef62eaf)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Koha/Patron/Password/Recovery.pm		diff \| blob \| history
opac/opac-password-recovery.pl		diff \| blob \| history
t/db_dependent/Passwordrecovery.t		diff \| blob \| history