Bug 22692: Check for patron using cardnumber and userid

TO test:
1 - Set failed login attempts to 1
2 - Attempt a login with a userid and bad password, no success
3 - Attempt a login with userid and correct password, prevented because
locked
4 - Attempt a login with cardnumber and right password, you are logged
in
5 - Log out, try again with userid and correct password, prevented
because locked?
6 - Apply patch
7 - Repeat 1-3 to lock account
8 - Attempt logging in with cardnumber, you are prevented

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit ebc15764ff3371a9327cfe60c22c1186e5a200ae)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

diff --git a/C4/Auth.pm b/C4/Auth.pm
index ff94fdb..6898c9e 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1767,6 +1767,7 @@ sub checkpw {
 
     my @return;
     my $patron = Koha::Patrons->find({ userid => $userid });
+    $patron = Koha::Patrons->find({ cardnumber => $userid }) unless $patron;
     my $check_internal_as_fallback = 0;
     my $passwd_ok = 0;
     # Note: checkpw_* routines returns: