From 2e659d2f1b52066d949560789d7bc931d8bd18c0 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Thu, 11 Apr 2024 12:18:30 +0200 Subject: [PATCH] Bug 36575: (QA follow-up) Signed-off-by: Martin Renvoize Signed-off-by: Kyle M Hall Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi Signed-off-by: Lucas Gass --- C4/Auth.pm | 17 +++++++-------- t/db_dependent/api/v1/password_validation.t | 24 ++++++++++++--------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 11aa0b4321..db947c3e86 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1968,8 +1968,7 @@ sub checkpw { my $ticket = $query->param('ticket'); $query->delete('ticket'); # remove ticket to come back to original URL my ( $retval, $retcard, $retuserid, $cas_ticket ); - ( $retval, $retcard, $retuserid, $cas_ticket, $patron ) = - checkpw_cas( $ticket, $query, $type ); # EXTERNAL AUTH + ( $retval, $retcard, $retuserid, $cas_ticket, $patron ) = checkpw_cas( $ticket, $query, $type ); # EXTERNAL AUTH if ($retval) { @return = ( $retval, $retcard, $retuserid, $patron, $cas_ticket ); } else { @@ -2001,22 +2000,22 @@ sub checkpw { $check_internal_as_fallback = 1; } - if ( $check_internal_as_fallback ){ - # INTERNAL AUTH - @return = checkpw_internal( $userid, $password, $no_set_userenv ); - $passwd_ok = 1 if $return[0] > 0; # 1 or 2 - $patron = Koha::Patrons->find({ cardnumber => $return[1] }) if $passwd_ok; + if ($check_internal_as_fallback) { + # INTERNAL AUTH + @return = checkpw_internal( $userid, $password, $no_set_userenv ); + $passwd_ok = 1 if $return[0] > 0; # 1 or 2 + $patron = Koha::Patrons->find( { cardnumber => $return[1] } ) if $passwd_ok; push @return, $patron if $patron; } - if ( defined $userid && !$patron ) { + if ( defined $userid && !$patron ) { $patron = Koha::Patrons->find( { userid => $userid } ); $patron = Koha::Patrons->find( { cardnumber => $userid } ) unless $patron; push @return, $patron if $check_internal_as_fallback; } if ($patron) { - if( $patron->account_locked ){ + if ( $patron->account_locked ) { @return = (); } elsif ($passwd_ok) { $patron->update( { login_attempts => 0 } ); diff --git a/t/db_dependent/api/v1/password_validation.t b/t/db_dependent/api/v1/password_validation.t index 1aef718700..e5d891200f 100755 --- a/t/db_dependent/api/v1/password_validation.t +++ b/t/db_dependent/api/v1/password_validation.t @@ -248,7 +248,7 @@ subtest 'password validation - users with shared cardnumber / userid' => sub { my $patron_1 = $builder->build_object( { class => 'Koha::Patrons', - value => { } + value => {} } ); my $patron_password_1 = 'thePassword123'; @@ -269,7 +269,8 @@ subtest 'password validation - users with shared cardnumber / userid' => sub { }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201) - ->json_is({ cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid} ); + ->json_is( + { cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid } ); $json = { identifier => $patron_2->userid, @@ -277,23 +278,26 @@ subtest 'password validation - users with shared cardnumber / userid' => sub { }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201) - ->json_is({ cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid} ); + ->json_is( + { cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid } ); - my $json = { - userid => $patron_1->cardnumber, - password => $patron_password_1, + $json = { + userid => $patron_1->cardnumber, + password => $patron_password_1, }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201) - ->json_is({ cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid} ); + ->json_is( + { cardnumber => $patron_1->cardnumber, patron_id => $patron_1->borrowernumber, userid => $patron_1->userid } ); $json = { - userid => $patron_2->userid, - password => $patron_password_2, + userid => $patron_2->userid, + password => $patron_password_2, }; $t->post_ok( "//$userid:$password@/api/v1/auth/password/validation" => json => $json )->status_is(201) - ->json_is({ cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid} ); + ->json_is( + { cardnumber => $patron_2->cardnumber, patron_id => $patron_2->borrowernumber, userid => $patron_2->userid } ); $schema->storage->txn_rollback; }; -- 2.39.5