From d35cc83379fae8998b1b9828c8fdb05746b44287 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Wed, 10 Oct 2018 14:49:02 +0200 Subject: [PATCH] Bug 21533: Do not allow password recovery for administrative locked patrons Depends on bug 21336 for the ADMINISTRATIVE_LOCKOUT constant. This is a bit lazy solution (but good enough): The account will not be found when recovering the password. The user should contact the library. Since the library chose to lock the account, that seems appropriate. Test plan: Select a borrower and set login_attempts to -1. Via mysql command line or with Koha::Patrons->find(borrowernumber)->lock. Enable password recovery. Try to recover password from OPAC. You should fail with 'Not found, contact the library'. Signed-off-by: Marcel de Rooy Signed-off-by: Owen Leonard Signed-off-by: Bouzid Fergani Signed-off-by: Martin Renvoize Signed-off-by: Nick Clemens --- opac/opac-password-recovery.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl index 5cc6bd36f3..a695165b56 100755 --- a/opac/opac-password-recovery.pl +++ b/opac/opac-password-recovery.pl @@ -57,10 +57,10 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { # Find the borrower by userid, card number, or email if ($username) { - $search_results = Koha::Patrons->search( { -or => { userid => $username, cardnumber => $username } } ); + $search_results = Koha::Patrons->search( { -or => { userid => $username, cardnumber => $username }, login_attempts => { '!=', Koha::Patron::ADMINISTRATIVE_LOCKOUT } } ); } elsif ($email) { - $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email => $email } } ); + $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email => $email }, login_attempts => { '!=', Koha::Patron::ADMINISTRATIVE_LOCKOUT } } ); } if ( !defined $search_results || $search_results->count < 1) { -- 2.39.5