From 456a7ae6d452a4a805b521f0123c666bb8e84085 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Fri, 12 Apr 2019 01:23:34 +0000 Subject: [PATCH] Bug 22692: Check for patron using cardnumber and userid TO test: 1 - Set failed login attempts to 1 2 - Attempt a login with a userid and bad password, no success 3 - Attempt a login with userid and correct password, prevented because locked 4 - Attempt a login with cardnumber and right password, you are logged in 5 - Log out, try again with userid and correct password, prevented because locked? 6 - Apply patch 7 - Repeat 1-3 to lock account 8 - Attempt logging in with cardnumber, you are prevented Signed-off-by: Martin Renvoize Signed-off-by: Chris Cormack Signed-off-by: Nick Clemens --- C4/Auth.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index 9ac819b437..5b2434a585 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1786,6 +1786,7 @@ sub checkpw { my @return; my $patron = Koha::Patrons->find({ userid => $userid }); + $patron = Koha::Patrons->find({ cardnumber => $userid }) unless $patron; my $check_internal_as_fallback = 0; my $passwd_ok = 0; # Note: checkpw_* routines returns: -- 2.39.5