Bug 21547: Use set_password in opac-passwd and remove sub goodkey

Remove sql statement to change password by calling set_password.
Remove sub goodkey by calling C4::Auth::checkpw_hash.
Adding the scalar before param Oldkey (from bug 21036).

Rebased on top of 21178 (using set_password instead of update_password).

Test plan:
Try to change password in OPAC with good and bad pw.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 085cfc6bca30718a6d719d645709097cf86f01db)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

diff --git a/opac/opac-passwd.pl b/opac/opac-passwd.pl
index b58bc14..f183506 100755 (executable)
--- a/opac/opac-passwd.pl
+++ b/opac/opac-passwd.pl
@@ -46,7 +46,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
 
 my $patron = Koha::Patrons->find( $borrowernumber );
 if ( C4::Context->preference("OpacPasswordChange") ) {
-    my $sth =  $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?");
     if (   $query->param('Oldkey')
         && $query->param('Newkey')
         && $query->param('Confirm') )
@@ -54,7 +53,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) {
         my $error;
         my $new_password = $query->param('Newkey');
         my $confirm_password = $query->param('Confirm');
-        if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) {
+        if ( C4::Auth::checkpw_hash( scalar $query->param('Oldkey'), $patron->password ) ) {
 
             if ( $new_password ne $confirm_password ) {
                 $template->param( 'Ask_data'       => '1' );
@@ -68,8 +67,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) {
                     $error = 'password_has_whitespaces' if $error eq 'has_whitespaces';
                 } else {
                     # Password is valid and match
-                    my $clave = hash_password( $new_password );
-                    $sth->execute( $clave, $borrowernumber );
+                    $patron->set_password( $new_password );
                     $template->param( 'password_updated' => '1' );
                     $template->param( 'borrowernumber'   => $borrowernumber );
                 }
@@ -111,23 +109,3 @@ $template->param(
 
 
 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };
-
-sub goodkey {
-    my ( $dbh, $borrowernumber, $key ) = @_;
-
-    my $sth =
-      $dbh->prepare("SELECT password FROM borrowers WHERE borrowernumber=?");
-    $sth->execute($borrowernumber);
-    if ( $sth->rows ) {
-        my $hash;
-        my ($stored_hash) = $sth->fetchrow;
-        if ( substr($stored_hash,0,2) eq '$2') {
-            $hash = hash_password($key, $stored_hash);
-        } else {
-            $hash = md5_base64($key);
-        }
-        if ( $hash eq $stored_hash ) { return 1; }
-        else { return 0; }
-    }
-    else { return 0; }
-}