From a6b8fc9b2e29b91cef62def4f8b4fed98efa9aea Mon Sep 17 00:00:00 2001 From: Alex Arnaud Date: Fri, 6 Jul 2018 13:40:53 +0000 Subject: [PATCH] Bug 21046: Return the correct borrowernumber when there is empty cardnumber(s) Test plan: - Use a patron with an empty cardnumber to authenticate with ILSDI AuthenticatePatron (cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=userid&password=pass), - make sure you have other patron(s) with empty cardnumber and there borrowernumber is smaller than the one you authenticate with, - you should get a wrong borrowernumber, - apply this patch, - test again, you should get the right one Signed-off-by: Kyle M Hall Signed-off-by: Chris Cormack Signed-off-by: Nick Clemens --- C4/ILSDI/Services.pm | 2 +- t/db_dependent/ILSDI_Services.t | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/C4/ILSDI/Services.pm b/C4/ILSDI/Services.pm index 158ff8e..5534d3c 100644 --- a/C4/ILSDI/Services.pm +++ b/C4/ILSDI/Services.pm @@ -357,7 +357,7 @@ sub AuthenticatePatron { my ($status, $cardnumber, $userid) = C4::Auth::checkpw( C4::Context->dbh, $username, $password ); if ( $status ) { # Get the borrower - my $patron = Koha::Patrons->find( { cardnumber => $cardnumber } ); + my $patron = Koha::Patrons->find( { userid => $userid } ); return { id => $patron->borrowernumber }; } else { diff --git a/t/db_dependent/ILSDI_Services.t b/t/db_dependent/ILSDI_Services.t index d918e43..1eca594 100644 --- a/t/db_dependent/ILSDI_Services.t +++ b/t/db_dependent/ILSDI_Services.t @@ -42,9 +42,17 @@ subtest 'AuthenticatePatron test' => sub { my $plain_password = 'tomasito'; + $builder->build({ + source => 'Borrower', + value => { + cardnumber => undef, + } + }); + my $borrower = $builder->build({ source => 'Borrower', value => { + cardnumber => undef, password => Koha::AuthUtils::hash_password( $plain_password ) } }); -- 1.7.2.5