From 58b5228af0159ab94111e789b6bc9e492321289d Mon Sep 17 00:00:00 2001 From: Lucas Gass Date: Wed, 24 Apr 2024 20:00:53 +0000 Subject: [PATCH] Bug 36679: Prevent SCO login for the AnonymousPatron 1. Make sure AutoSelfCheckAllowed is Allowed and AutoSelfCheckID and AutoSelfCheckPass are in use. 2. Make sure AnonymousPatron is pointed to an account. 3. Set SelfCheckoutByLogin to cardnumber. 4. Verify that if you go to the anonymous patron account in the staff interface, you cannot checkout items. 5. Go to the selfcheck path of the library. It should auto login. Put in the cardnumber for the anonymous user. 6. Proceed to check out items! 7. APPLY PATCH, restart_all 8. Try step 5 again, you should not be able to log in as the AnonymousPatron. Instead you should be redirected to OPAC home page 9. Switch SelfCheckoutByLogin to 'username and pasword'. 10. Again try to log in as the AnonymousPatron, you should not be able to. 11. Make sure you can login as a regular patron when SelfCheckoutByLogin is set to 'cardnumber' and when it is set to 'username and pasword'. Signed-off-by: David Nind Signed-off-by: Martin Renvoize (cherry picked from commit 76075976ea655f6a9811cbc129fe7799d04b505b) Signed-off-by: Lucas Gass --- opac/sco/sco-main.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl index d4f22aa0f7..bf923c754f 100755 --- a/opac/sco/sco-main.pl +++ b/opac/sco/sco-main.pl @@ -129,9 +129,16 @@ unless ($patronid) { } my $patron; +my $anonymous_patron = C4::Context->preference('AnonymousPatron'); if ($patronid) { Koha::Plugins->call( 'patron_barcode_transform', \$patronid ); $patron = Koha::Patrons->find( { cardnumber => $patronid } ); + + # redirect to OPAC home if user is trying to log in as the anonymous patron + if ( $patron && ( $patron->borrowernumber eq $anonymous_patron ) ) { + print $query->redirect("/cgi-bin/koha/opac-main.pl"); + exit; + } } undef $jwt unless $patron; -- 2.39.5