From 0f2a5bf987d241bd47d1d992199160a47628386e Mon Sep 17 00:00:00 2001 From: Sam Lau Date: Mon, 17 Jun 2024 16:26:40 +0000 Subject: [PATCH] Bug 37104: Block AnonymousPatron from logging into staff interface and OPAC This patch blocks the patron set as the anonymous patron from logging into the staff interface and OPAC. To test: 1) In Administration->sys. pref, make sure AnonymousPatron is pointed to an account. 2) Visit that patron's page and set their permissions to superlibrarian ("Access to all librarian functions") 3) Ensure that you know the username and password for this patron and can log in. 4) Visit the OPAC, attempt to log-in with your anon patron. 5) Note that you can log in and nothing happens. 6) Visit the staff interface, attempt to log-in with anon patron. 7) Once again, note that you are able to log-in with no issue. 8) Apply patch and restart_all 9) Attempt to log into the OPAC and staff interface with the patron again. 10) This time, you should get an error message on both pages saying, "Error: You can't log in as the anonymous patron!" Signed-off-by: David Nind Signed-off-by: Martin Renvoize Signed-off-by: Katrin Fischer --- C4/Auth.pm | 11 +++++++++++ koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt | 2 ++ koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt | 6 ++++++ 3 files changed, 19 insertions(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 7446af0aa1..58a9f15d18 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1417,6 +1417,11 @@ sub checkauth { my $auth_error = $query->param('auth_error'); my $auth_template_name = ( $type eq 'opac' ) ? 'opac-auth.tt' : 'auth.tt'; my $template = C4::Templates::gettemplate( $auth_template_name, $type, $query ); + + my $borrowernumber = $patron and $patron->borrowernumber; + my $anonymous_patron = C4::Context->preference('AnonymousPatron'); + my $is_anonymous_patron = $patron && ( $patron->borrowernumber eq $anonymous_patron ); + $template->param( login => 1, INPUTS => \@inputs, @@ -1451,6 +1456,7 @@ sub checkauth { opac_css_override => $ENV{'OPAC_CSS_OVERRIDE'}, too_many_login_attempts => ( $patron and $patron->account_locked ), password_has_expired => ( $patron and $patron->password_expired ), + is_anonymous_patron => ( $is_anonymous_patron ), auth_error => $auth_error, ); @@ -1977,6 +1983,8 @@ sub checkpw { my $shib = C4::Context->config('useshibboleth') && shib_ok(); my $shib_login = $shib ? get_login_shib() : undef; + my $anonymous_patron = C4::Context->preference('AnonymousPatron'); + my @return; my $check_internal_as_fallback = 0; my $passwd_ok = 0; @@ -2057,6 +2065,9 @@ sub checkpw { if ( $patron->password_expired ) { @return = ( -2, $patron ); } + if ( $patron->borrowernumber eq $anonymous_patron ) { + @return = ( -2, $patron ); + } } else { $patron->update( { login_attempts => $patron->login_attempts + 1 } ); } diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt index 386baa3628..b4754c6dce 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt @@ -85,6 +85,8 @@ [% END %] [% ELSIF invalid_username_or_password %]
Error: Invalid username or password
+[% ELSIF is_anonymous_patron %] +
Error: You can't log in as the anonymous patron!
[% END %] [% IF auth_error %] diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt index 27aaaa0d76..d2fe338e54 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt @@ -190,6 +190,12 @@ [% END # /IF GoogleOpenIDConnect %] [% END # /UNLESS OPACShibOnly %] + [% IF !(invalid_username_or_password || too_many_login_attempts) and is_anonymous_patron %] +
+

Error: You can't log in as the anonymous patron!

+
+ [% END %] + [% IF !(invalid_username_or_password || too_many_login_attempts) and password_has_expired %]

Error: Your password has expired!

-- 2.39.5