From 44375ad31f8e74cac362912caf3e322c8b822ae3 Mon Sep 17 00:00:00 2001 From: Colin Campbell Date: Wed, 5 Aug 2015 12:55:41 +0100 Subject: [PATCH] Bug 14507 Use checkpw to check password in Patron Info MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Some devices are using patron information responses to validate patron passwords to govern access to facilities as we were using C4::Auth::checkpw_hash this only worked in a db password context not other authentication routines. The C4::Auth routines are not very consistent and there isnt a dropin replacement for checkpw_hash this calls checkpw instead. In a password only environment this behaves as the old version did returning field CQ as Y if a valid password or no password is passed in the patron info request and N if an incorrect password is supplied It should also test against the appropriate authentication sources if othere autrhentication schemes are in use Signed-off-by: Liz Rea Tested this with a client who reports that this enables SIP authentication to work correctly with their LDAP server. Signed-off-by: Kyle M Hall Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com (cherry picked from commit 0810027bfadd50fe4b93088e9939327fd4c7f6e9) Signed-off-by: Julian Maurice (cherry picked from commit cd5640eb9f8835862d695a2572ad9017b771c13c) Signed-off-by: Frédéric Demians --- C4/SIP/ILS/Patron.pm | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/C4/SIP/ILS/Patron.pm b/C4/SIP/ILS/Patron.pm index 4e9c1521ab..fe21903b7b 100644 --- a/C4/SIP/ILS/Patron.pm +++ b/C4/SIP/ILS/Patron.pm @@ -22,7 +22,7 @@ use C4::Members; use C4::Reserves; use C4::Branch qw(GetBranchName); use C4::Items qw( GetBarcodeFromItemnumber GetItemnumbersForBiblio); -use C4::Auth qw(checkpw_hash); +use C4::Auth qw(checkpw); our $VERSION = 3.07.00.049; @@ -102,6 +102,7 @@ sub new { inet => ( !$debarred && !$expired ), expired => $expired, fee_limit => $fee_limit, + userid => $kp->{userid}, ); } $debug and warn "patron fines: $ilspatron{fines} ... amountoutstanding: $kp->{amountoutstanding} ... CHARGES->amount: $flags->{CHARGES}->{amount}"; @@ -192,13 +193,17 @@ sub AUTOLOAD { sub check_password { my ($self, $pwd) = @_; + defined $pwd or return 0; # you gotta give me something (at least ''), or no deal - my $hashed_pwd = $self->{password}; - defined $hashed_pwd or return $pwd eq ''; # if the record has a NULL password, accept '' as match + if ($pwd eq q{}) { + return 1; + } - # warn sprintf "check_password for %s: '%s' vs. '%s'",($self->{name}||''),($self->{password}||''),($pwd||''); - return checkpw_hash($pwd, $hashed_pwd); + my $dbh = C4::Context->dbh; + my $ret = 0; + ($ret) = checkpw($dbh, $self->{userid}, $pwd); + return $ret; } # A few special cases, not in AUTOLOADed %fields -- 2.39.5