Some devices are using patron information responses to validate
patron passwords to govern access to facilities as we
were using C4::Auth::checkpw_hash this only worked in a db password
context not other authentication routines.
The C4::Auth routines are not very consistent and there isnt a dropin
replacement for checkpw_hash this calls checkpw instead.
In a password only environment this behaves as the old version did
returning field CQ as Y if a valid password or no password is passed in
the patron info request and N if an incorrect password is supplied
It should also test against the appropriate authentication sources if
othere autrhentication schemes are in use
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tested this with a client who reports that this enables SIP authentication to work correctly with their LDAP server.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
use C4::Reserves;
use C4::Branch qw(GetBranchName);
use C4::Items qw( GetBarcodeFromItemnumber GetItemnumbersForBiblio);
use C4::Reserves;
use C4::Branch qw(GetBranchName);
use C4::Items qw( GetBarcodeFromItemnumber GetItemnumbersForBiblio);
-use C4::Auth qw(checkpw_hash);
+use C4::Auth qw(checkpw);
our $VERSION = 3.07.00.049;
our $VERSION = 3.07.00.049;
inet => ( !$debarred && !$expired ),
expired => $expired,
fee_limit => $fee_limit,
inet => ( !$debarred && !$expired ),
expired => $expired,
fee_limit => $fee_limit,
+ userid => $kp->{userid},
);
}
$debug and warn "patron fines: $ilspatron{fines} ... amountoutstanding: $kp->{amountoutstanding} ... CHARGES->amount: $flags->{CHARGES}->{amount}";
);
}
$debug and warn "patron fines: $ilspatron{fines} ... amountoutstanding: $kp->{amountoutstanding} ... CHARGES->amount: $flags->{CHARGES}->{amount}";
sub check_password {
my ($self, $pwd) = @_;
sub check_password {
my ($self, $pwd) = @_;
defined $pwd or return 0; # you gotta give me something (at least ''), or no deal
defined $pwd or return 0; # you gotta give me something (at least ''), or no deal
- my $hashed_pwd = $self->{password};
- defined $hashed_pwd or return $pwd eq ''; # if the record has a NULL password, accept '' as match
+ if ($pwd eq q{}) {
+ return 1;
+ }
- # warn sprintf "check_password for %s: '%s' vs. '%s'",($self->{name}||''),($self->{password}||''),($pwd||'');
- return checkpw_hash($pwd, $hashed_pwd);
+ my $dbh = C4::Context->dbh;
+ my $ret = 0;
+ ($ret) = checkpw($dbh, $self->{userid}, $pwd);
+ return $ret;
}
# A few special cases, not in AUTOLOADed %fields
}
# A few special cases, not in AUTOLOADed %fields