git.koha-community.org Git - koha.git/commit

]> git.koha-community.org Git - koha.git/commit

projects / koha.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 72b292c) | patch

author	Nick Clemens <nick@bywatersolutions.com>
	Thu, 11 Apr 2024 09:39:03 +0000 (09:39 +0000)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Thu, 20 Jun 2024 15:55:31 +0000 (17:55 +0200)
commit	0fad1fd62a041d875cbc8113bd85b247f646f884
tree	9b74d72bbb595bf607fc8e57aa782d94c3dce2f0	tree \| snapshot
parent	72b292cec85d0da8b17440a73f16549ac0dd4baa	commit \| diff

Bug 36575: Return correct patron when there is a shared userid / cardnumber

This patch moves some patron fetching code in C4/Auth to use to patron returned from the validation
methods and only try to fetch the patron (to check if locked, update attempts, etc) if we didn't authenticate

To test:
1 - Set a user to have userid = BANANA password = Password1
2 - Set a user to have cardnumber = BANANA password = Password2
3 - Hit the patron authentication API:
    http://localhost:8080/api/v1/auth/password/validation
    with data:
    { "identifier": "BANANA", "password":"Password1" }
    and:
    { "identifier": "BANANA", "password":"Password2" }
4 - Note you receive the same response for both
5 - Apply patch, restart all
6 - Repeat the API and confirm you get the correct patron for the password submitted

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

C4/Auth.pm		diff \| blob \| history
t/db_dependent/Auth.t		diff \| blob \| history
t/db_dependent/api/v1/password_validation.t		diff \| blob \| history

Main Koha release repository