From 0810027bfadd50fe4b93088e9939327fd4c7f6e9 Mon Sep 17 00:00:00 2001 From: Colin Campbell Date: Wed, 5 Aug 2015 12:55:41 +0100 Subject: [PATCH] Bug 14507 Use checkpw to check password in Patron Info Some devices are using patron information responses to validate patron passwords to govern access to facilities as we were using C4::Auth::checkpw_hash this only worked in a db password context not other authentication routines. The C4::Auth routines are not very consistent and there isnt a dropin replacement for checkpw_hash this calls checkpw instead. In a password only environment this behaves as the old version did returning field CQ as Y if a valid password or no password is passed in the patron info request and N if an incorrect password is supplied It should also test against the appropriate authentication sources if othere autrhentication schemes are in use Signed-off-by: Liz Rea Tested this with a client who reports that this enables SIP authentication to work correctly with their LDAP server. Signed-off-by: Kyle M Hall Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com --- C4/SIP/ILS/Patron.pm | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/C4/SIP/ILS/Patron.pm b/C4/SIP/ILS/Patron.pm index 4e9c1521ab..fe21903b7b 100644 --- a/C4/SIP/ILS/Patron.pm +++ b/C4/SIP/ILS/Patron.pm @@ -22,7 +22,7 @@ use C4::Members; use C4::Reserves; use C4::Branch qw(GetBranchName); use C4::Items qw( GetBarcodeFromItemnumber GetItemnumbersForBiblio); -use C4::Auth qw(checkpw_hash); +use C4::Auth qw(checkpw); our $VERSION = 3.07.00.049; @@ -102,6 +102,7 @@ sub new { inet => ( !$debarred && !$expired ), expired => $expired, fee_limit => $fee_limit, + userid => $kp->{userid}, ); } $debug and warn "patron fines: $ilspatron{fines} ... amountoutstanding: $kp->{amountoutstanding} ... CHARGES->amount: $flags->{CHARGES}->{amount}"; @@ -192,13 +193,17 @@ sub AUTOLOAD { sub check_password { my ($self, $pwd) = @_; + defined $pwd or return 0; # you gotta give me something (at least ''), or no deal - my $hashed_pwd = $self->{password}; - defined $hashed_pwd or return $pwd eq ''; # if the record has a NULL password, accept '' as match + if ($pwd eq q{}) { + return 1; + } - # warn sprintf "check_password for %s: '%s' vs. '%s'",($self->{name}||''),($self->{password}||''),($pwd||''); - return checkpw_hash($pwd, $hashed_pwd); + my $dbh = C4::Context->dbh; + my $ret = 0; + ($ret) = checkpw($dbh, $self->{userid}, $pwd); + return $ret; } # A few special cases, not in AUTOLOADed %fields -- 2.39.5