Bug 30813: Adjust TransformMarcToKoha to take kohafields parameter

[koha-ffzg.git] / C4 / Auth.pm

diff --git a/C4/Auth.pm b/C4/Auth.pm
index c1c27e0..a44cd09 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -831,6 +831,7 @@ sub checkauth {
           opac-registration-confirmation.tt
           opac-memberentry-update-submitted.tt
           opac-password-recovery.tt
+          opac-reset-password.tt
         );
         $authnotrequired = 0 unless grep { $_ eq $template_name }
           @allowed_scripts_for_private_opac;
@@ -910,7 +911,7 @@ sub checkauth {
         {
             my $patron    = Koha::Patrons->find( { userid => $userid } );
             my $auth      = Koha::Auth::TwoFactorAuth->new( { patron => $patron } );
-            my $verified = $auth->verify($otp_token);
+            my $verified = $auth->verify($otp_token, 1);
             $auth->clear;
             if ( $verified ) {
                 # The token is correct, the user is fully logged in!
@@ -966,6 +967,8 @@ sub checkauth {
                 $info{oldip}        = $more_info->{old_ip};
                 $info{newip}        = $more_info->{new_ip};
                 $info{different_ip} = 1;
+            } elsif ( $return eq 'password_expired' ) {
+                $info{password_has_expired} = 1;
             }
         }
     }
@@ -1147,7 +1150,7 @@ sub checkauth {
             }
 
             # $return: 1 = valid user
-            if ($return) {
+            if ($return > 0) {
 
                 if ( $flags = haspermission( $userid, $flagsrequired ) ) {
                     $auth_state = "logged_in";
@@ -1404,7 +1407,7 @@ sub checkauth {
         PatronSelfRegistration                => C4::Context->preference("PatronSelfRegistration"),
         PatronSelfRegistrationDefaultCategory => C4::Context->preference("PatronSelfRegistrationDefaultCategory"),
         opac_css_override                     => $ENV{'OPAC_CSS_OVERRIDE'},
-        too_many_login_attempts               => ( $patron and $patron->account_locked )
+        too_many_login_attempts               => ( $patron and $patron->account_locked ),
     );
 
     $template->param( SCO_login => 1 ) if ( $query->param('sco_user_login') );
@@ -1792,6 +1795,9 @@ sub check_cookie_auth {
 
         } elsif ( $userid ) {
             $session->param( 'lasttime', time() );
+            my $patron = Koha::Patrons->find({ userid => $userid });
+            $patron = Koha::Patron->find({ cardnumber => $userid }) unless $patron;
+            return ("password_expired", undef ) if $patron->password_expired;
             my $flags = defined($flagsrequired) ? haspermission( $userid, $flagsrequired ) : 1;
             if ($flags) {
                 C4::Context->_new_userenv($sessionID);
@@ -1903,7 +1909,7 @@ sub checkpw {
     # 0 if auth is nok
     # -1 if user bind failed (LDAP only)
 
-    if ( $patron and $patron->account_locked ) {
+    if ( $patron and ( $patron->account_locked )  ) {
         # Nothing to check, account is locked
     } elsif ($ldap && defined($password)) {
         my ( $retval, $retcard, $retuserid ) = checkpw_ldap(@_);    # EXTERNAL AUTH
@@ -1957,6 +1963,9 @@ sub checkpw {
     if( $patron ) {
         if ( $passwd_ok ) {
             $patron->update({ login_attempts => 0 });
+            if( $patron->password_expired ){
+                @return = (-2);
+            }
         } elsif( !$patron->account_locked ) {
             $patron->update({ login_attempts => $patron->login_attempts + 1 });
         }