Test plan:
- Use a patron with an empty cardnumber to authenticate with ILSDI
AuthenticatePatron
(cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=userid&password=pass),
- make sure you have other patron(s) with empty cardnumber and there
borrowernumber is
smaller than the one you authenticate with,
- you should get a wrong borrowernumber,
- apply this patch,
- test again, you should get the right one
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
my ($status, $cardnumber, $userid) = C4::Auth::checkpw( C4::Context->dbh, $username, $password );
if ( $status ) {
# Get the borrower
- my $patron = Koha::Patrons->find( { cardnumber => $cardnumber } );
+ my $patron = Koha::Patrons->find( { userid => $userid } );
return { id => $patron->borrowernumber };
}
else {
my $plain_password = 'tomasito';
+ $builder->build({
+ source => 'Borrower',
+ value => {
+ cardnumber => undef,
+ }
+ });
+
my $borrower = $builder->build({
source => 'Borrower',
value => {
+ cardnumber => undef,
password => Koha::AuthUtils::hash_password( $plain_password )
}
});