Previous to bug 14507, SIP2 only did internal authentication. A change
to the way we check empty passwords has caused any empty password to
send back a CQ of Y. Previous to that patch set, a CQ of Y would only be
sent back of the patron password column was NULL. Now, an empty AD field
*always* returns a CQ of Y.
Test Plan:
1) Send a patron information request with an empty AD field
Note: You must send the AD field or you won't get back a CQ field
2) Note you get back a CQ of Y
3) Apply this patch
4) Repeat step 1
5) Note you now get back a CQ of N
Signed-off-by: Trent Roby <troby@bclib.info>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
sub check_password {
my ( $self, $pwd ) = @_;
- defined $pwd
- or return 0; # you gotta give me something (at least ''), or no deal
+ # you gotta give me something (at least ''), or no deal
+ return 0 unless defined $pwd;
- return 1
- if $pwd eq q{}; # if the record has a NULL password, accept '' as match
+ # If the record has a NULL password, accept '' as match
+ return $pwd eq q{} unless $self->{password};
my $dbh = C4::Context->dbh;
my $ret = 0;