From b3d6acc3de8a90cbb72e7aec5a5cc9c098ce0e0b Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 7 Oct 2019 20:09:04 +0000 Subject: [PATCH] Bug 23771: Don't look for patrons if we don't have a userid While the code requires external auth to test, the change is simple enough I think a good read would suffice To test: 1 - You either need Shib or CAS enabled and setup 2 - Add two users with blank.null cardnumbers 3 - Lock those user accounts Set failedloginattempts to 1 Try a bad login with the userid Or set via the DB 4 - Try a good login via the external auth 5 - Note it fails 6 - Apply patch 7 - Login now succeeds Signed-off-by: Mike Somers - Bridgewater State University Signed-off-by: Martin Renvoize (cherry picked from commit c9c6dd10167bc4c60cb384651f4dc802944c4228) Signed-off-by: Fridolin Somers --- C4/Auth.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 24296c5996..913aaa2ea2 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1781,8 +1781,11 @@ sub checkpw { my $shib_login = $shib ? get_login_shib() : undef; my @return; - my $patron = Koha::Patrons->find({ userid => $userid }); - $patron = Koha::Patrons->find({ cardnumber => $userid }) unless $patron; + my $patron; + if ( defined $userid ){ + $patron = Koha::Patrons->find({ userid => $userid }); + $patron = Koha::Patrons->find({ cardnumber => $userid }) unless $patron; + } my $check_internal_as_fallback = 0; my $passwd_ok = 0; # Note: checkpw_* routines returns: -- 2.39.5