From 6903cc0607efa6ec5f84ac9b750fe962088d1e07 Mon Sep 17 00:00:00 2001 From: Alex Arnaud Date: Fri, 6 Jul 2018 13:40:53 +0000 Subject: [PATCH] Bug 21046: Return the correct borrowernumber when there is empty cardnumber(s) Test plan: - Use a patron with an empty cardnumber to authenticate with ILSDI AuthenticatePatron (cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=userid&password=pass), - make sure you have other patron(s) with empty cardnumber and there borrowernumber is smaller than the one you authenticate with, - you should get a wrong borrowernumber, - apply this patch, - test again, you should get the right one Signed-off-by: Kyle M Hall Signed-off-by: Chris Cormack Signed-off-by: Nick Clemens Signed-off-by: Martin Renvoize (cherry picked from commit e7501a92aa6b4ca91a55f984443cfcfbeb76a797) Signed-off-by: Fridolin Somers --- C4/ILSDI/Services.pm | 2 +- t/db_dependent/ILSDI_Services.t | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/C4/ILSDI/Services.pm b/C4/ILSDI/Services.pm index e1aadddb3c..3203b836fa 100644 --- a/C4/ILSDI/Services.pm +++ b/C4/ILSDI/Services.pm @@ -354,7 +354,7 @@ sub AuthenticatePatron { my ($status, $cardnumber, $userid) = C4::Auth::checkpw( C4::Context->dbh, $username, $password ); if ( $status ) { # Get the borrower - my $patron = Koha::Patrons->find( { cardnumber => $cardnumber } ); + my $patron = Koha::Patrons->find( { userid => $userid } ); return { id => $patron->borrowernumber }; } else { diff --git a/t/db_dependent/ILSDI_Services.t b/t/db_dependent/ILSDI_Services.t index a433551947..588daf31ea 100644 --- a/t/db_dependent/ILSDI_Services.t +++ b/t/db_dependent/ILSDI_Services.t @@ -42,9 +42,17 @@ subtest 'AuthenticatePatron test' => sub { my $plain_password = 'tomasito'; + $builder->build({ + source => 'Borrower', + value => { + cardnumber => undef, + } + }); + my $borrower = $builder->build({ source => 'Borrower', value => { + cardnumber => undef, password => Koha::AuthUtils::hash_password( $plain_password ) } }); -- 2.39.5