From 0c9e2bcf8791857f082f5abb83666169cf790057 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Fri, 12 Apr 2019 01:23:34 +0000 Subject: [PATCH] Bug 22692: Check for patron using cardnumber and userid TO test: 1 - Set failed login attempts to 1 2 - Attempt a login with a userid and bad password, no success 3 - Attempt a login with userid and correct password, prevented because locked 4 - Attempt a login with cardnumber and right password, you are logged in 5 - Log out, try again with userid and correct password, prevented because locked? 6 - Apply patch 7 - Repeat 1-3 to lock account 8 - Attempt logging in with cardnumber, you are prevented Signed-off-by: Martin Renvoize Signed-off-by: Chris Cormack Signed-off-by: Martin Renvoize (cherry picked from commit ebc15764ff3371a9327cfe60c22c1186e5a200ae) Signed-off-by: Lucas Gass --- C4/Auth.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index ff94fdbec5..6898c9eb91 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1767,6 +1767,7 @@ sub checkpw { my @return; my $patron = Koha::Patrons->find({ userid => $userid }); + $patron = Koha::Patrons->find({ cardnumber => $userid }) unless $patron; my $check_internal_as_fallback = 0; my $passwd_ok = 0; # Note: checkpw_* routines returns: -- 2.39.5