From dcb4ac77fbfd813cc0eb39e060b49a7b8d491016 Mon Sep 17 00:00:00 2001
From: Ian Walls <ian.walls@bywatersolutions.com>
Date: Fri, 14 Oct 2011 16:37:54 -0400
Subject: [PATCH] Bug 5995 Followup: checkpw was returning inconsistent values

In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the
userid.  This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to
uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the
desired value in the right way.
---
 C4/Auth.pm           | 10 +++++-----
 C4/Auth_with_ldap.pm |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index b41644995d..0765732aa1 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -737,7 +737,7 @@ sub checkauth {
 		    $info{'invalidCasLogin'} = 1 unless ($return);
         	} else {
 		    my $retuserid;
-		    ( $return, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
+		    ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
 		    $userid = $retuserid if ($retuserid ne '');
 		}
 		if ($return) {
@@ -1389,8 +1389,8 @@ sub checkpw {
     my ( $dbh, $userid, $password, $query ) = @_;
     if ($ldap) {
         $debug and print "## checkpw - checking LDAP\n";
-        my ($retval,$retcard) = checkpw_ldap(@_);    # EXTERNAL AUTH
-        ($retval) and return ($retval,$retcard);
+        my ($retval,$retcard,$retuserid) = checkpw_ldap(@_);    # EXTERNAL AUTH
+        ($retval) and return ($retval,$retcard,$retuserid);
     }
 
     if ($cas && $query->param('ticket')) {
@@ -1416,7 +1416,7 @@ sub checkpw {
 
             C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
         }
     }
     $sth =
@@ -1432,7 +1432,7 @@ sub checkpw {
 
             C4::Context->set_userenv( $borrowernumber, $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
         }
     }
     if (   $userid && $userid eq C4::Context->config('user')
diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index acbd923514..26cee59aec 100644
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -155,7 +155,7 @@ sub checkpw_ldap {
             ($cardnumber eq $c2) or warn "update_local returned cardnumber '$c2' instead of '$cardnumber'";
         } else { # C1, D1
             # maybe update just the password?
-		return(1, $cardnumber); # FIXME dpavlin -- don't destroy ExtendedPatronAttributes
+		return(1, $cardnumber, $local_userid);
         }
     } elsif ($config{replicate}) { # A2, C2
         $borrowernumber = AddMember(%borrower) or die "AddMember failed";
@@ -182,7 +182,7 @@ sub checkpw_ldap {
 		}
            C4::Members::Attributes::SetBorrowerAttributes($borrowernumber, $extended_patron_attributes);
   	}
-return(1, $cardnumber);
+return(1, $cardnumber, $userid);
 }
 
 # Pass LDAP entry object and local cardnumber (userid).
-- 
2.39.5