From 459c144f2a54f4b1ddeb9e7595030107e821d2b2 Mon Sep 17 00:00:00 2001 From: Colin Campbell Date: Thu, 8 Jun 2017 12:59:55 +0100 Subject: [PATCH] Bug 18755: Allow empty passwords in Patron Info to return OK With this patch a parameter 'allow_empty_passwords="1" can be added to a login in the SIP configuration file to allow the behaviour as was normal before the patch for bug 16610 was applied. Some sip clients rely on this behaviour sending an empty password field when they wish to validate to user but do not have the password. If a password is supplied it will be validated A test has been added to Message.t to confirm this behaviour Signed-off-by: Mark Tompsett Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart (cherry picked from commit ebb887e5c93c96c6fc51d95b76de6a221ba4463e) Signed-off-by: Fridolin Somers --- C4/SIP/Sip/MsgType.pm | 3 +++ t/db_dependent/SIP/Message.t | 9 ++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/C4/SIP/Sip/MsgType.pm b/C4/SIP/Sip/MsgType.pm index 7a1a1e39fc..ede80c3990 100644 --- a/C4/SIP/Sip/MsgType.pm +++ b/C4/SIP/Sip/MsgType.pm @@ -961,6 +961,9 @@ sub handle_patron_info { # If patron password was provided, report whether it was right or not. $password_rc = $patron->check_password($patron_pwd); + if ( $patron_pwd eq q{} && $server->{account}->{allow_empty_passwords} ) { + $password_rc = 1; + } $resp .= add_field( FID_VALID_PATRON_PWD, sipbool( $password_rc ) ); } diff --git a/t/db_dependent/SIP/Message.t b/t/db_dependent/SIP/Message.t index 088829a698..217f328a98 100755 --- a/t/db_dependent/SIP/Message.t +++ b/t/db_dependent/SIP/Message.t @@ -70,7 +70,7 @@ subtest 'Testing Patron Status Request V2' => sub { subtest 'Testing Patron Info Request V2' => sub { $schema->storage->txn_begin; - plan tests => 16; + plan tests => 17; $C4::SIP::Sip::protocol_version = 2; test_request_patron_info_v2(); $schema->storage->txn_rollback; @@ -196,6 +196,13 @@ sub test_request_patron_info_v2 { $msg->handle_patron_info( $server ); $respcode = substr( $response, 0, 2 ); check_field( $respcode, $response, FID_VALID_PATRON_PWD, 'N', 'code CQ should be N for empty AD' ); + # Test empty password is OK if account configured to allow + $server->{account}->{allow_empty_passwords} = 1; + $msg = C4::SIP::Sip::MsgType->new( $siprequest, 0 ); + undef $response; + $msg->handle_patron_info( $server ); + $respcode = substr( $response, 0, 2 ); + check_field( $respcode, $response, FID_VALID_PATRON_PWD, 'Y', 'code CQ should be Y if empty AD allowed' ); # Finally, we send a wrong card number $schema->resultset('Borrower')->search({ cardnumber => $card })->delete; -- 2.39.5