From 71f0370ddde0d8b8e2a666a091081186fb6531e8 Mon Sep 17 00:00:00 2001 From: Kyle M Hall Date: Fri, 27 May 2016 12:42:17 +0000 Subject: [PATCH] Bug 16610 - Regression in SIP2 user password handling Previous to bug 14507, SIP2 only did internal authentication. A change to the way we check empty passwords has caused any empty password to send back a CQ of Y. Previous to that patch set, a CQ of Y would only be sent back of the patron password column was NULL. Now, an empty AD field *always* returns a CQ of Y. Test Plan: 1) Send a patron information request with an empty AD field Note: You must send the AD field or you won't get back a CQ field 2) Note you get back a CQ of Y 3) Apply this patch 4) Repeat step 1 5) Note you now get back a CQ of N Signed-off-by: Trent Roby Signed-off-by: Marcel de Rooy Signed-off-by: Brendan Gallagher --- C4/SIP/ILS/Patron.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/C4/SIP/ILS/Patron.pm b/C4/SIP/ILS/Patron.pm index d61b097ef8..9eb249c606 100644 --- a/C4/SIP/ILS/Patron.pm +++ b/C4/SIP/ILS/Patron.pm @@ -193,11 +193,11 @@ sub AUTOLOAD { sub check_password { my ( $self, $pwd ) = @_; - defined $pwd - or return 0; # you gotta give me something (at least ''), or no deal + # you gotta give me something (at least ''), or no deal + return 0 unless defined $pwd; - return 1 - if $pwd eq q{}; # if the record has a NULL password, accept '' as match + # If the record has a NULL password, accept '' as match + return $pwd eq q{} unless $self->{password}; my $dbh = C4::Context->dbh; my $ret = 0; -- 2.20.1