From ebc15764ff3371a9327cfe60c22c1186e5a200ae Mon Sep 17 00:00:00 2001
From: Nick Clemens <nick@bywatersolutions.com>
Date: Fri, 12 Apr 2019 01:23:34 +0000
Subject: [PATCH] Bug 22692: Check for patron using cardnumber and userid

TO test:
1 - Set failed login attempts to 1
2 - Attempt a login with a userid and bad password, no success
3 - Attempt a login with userid and correct password, prevented because
locked
4 - Attempt a login with cardnumber and right password, you are logged
in
5 - Log out, try again with userid and correct password, prevented
because locked?
6 - Apply patch
7 - Repeat 1-3 to lock account
8 - Attempt logging in with cardnumber, you are prevented

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
---
 C4/Auth.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 51f34aee5e..572ac5a6e6 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1774,6 +1774,7 @@ sub checkpw {
 
     my @return;
     my $patron = Koha::Patrons->find({ userid => $userid });
+    $patron = Koha::Patrons->find({ cardnumber => $userid }) unless $patron;
     my $check_internal_as_fallback = 0;
     my $passwd_ok = 0;
     # Note: checkpw_* routines returns:
-- 
2.39.5