From 5347537f1ab216dd283a5c85604b28d6f2d5c21c Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 22 Dec 2017 14:52:26 -0300 Subject: [PATCH] Bug 19579: Do not confirm the registration if email already used - PatronSelfRegistrationEmailMustBeUnique If PatronSelfRegistrationVerifyByEmail and PatronSelfRegistrationEmailMustBeUnique are set, it should not be possible to register twice with the same email. However the test is made on already created patron cards when the registration is done. Which means it is possible to register several times with the same email address and click on the registration link to finalise the registration. This patch adds a test when the registration link is clicked and display the "Registration invalid" generic message if the same email is used Test plan: 1. Patron submits self registration form using the same email address 3 times 2. Patron receives 3 verification emails 3. Patron clicks on 3 verify token URLs => Only the first registration should succeed, the 2 others must fail Maybe we should display a more specific message? Signed-off-by: Owen Leonard Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart --- opac/opac-registration-verify.pl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/opac/opac-registration-verify.pl b/opac/opac-registration-verify.pl index 9d49c04ab1..2d9b9f72cb 100755 --- a/opac/opac-registration-verify.pl +++ b/opac/opac-registration-verify.pl @@ -38,7 +38,15 @@ my $token = $cgi->param('token'); my $m = Koha::Patron::Modifications->find( { verification_token => $token } ); my ( $template, $borrowernumber, $cookie ); -if ( $m ) { + +if ( + $m # The token exists and the email is unique if requested + and not( + C4::Context->preference('PatronSelfRegistrationEmailMustBeUnique') + and Koha::Patrons->search( { email => $m->email } )->count + ) + ) +{ ( $template, $borrowernumber, $cookie ) = get_template_and_user( { template_name => "opac-registration-confirmation.tt", -- 2.39.5