SendPasswordRecoveryEmail relies on the calling script to tell if there is an
existing valid recovery already. If there's an expired recovery-entry the
members/notices.pl script will try to create a new entry resulting in a duplicate
key error.
This patch fixes the bug by removing the need for the calling script to do the check as
since SendPasswordRecoveryEmail does the same thing anyway.
SendPasswordRecoveryEmail will now use DBIx ->update_or_create instead of looking at
the $update param to determine if it should update an existing entry or create a new.
The update param is removed from all calling scripts and test are updated.
To test:
1. Generate a password recovery mail for a patron
2. Let it expire.
3. Generate a new password recovery from staff to the same patron - Fail!
4: Apply patch
5. Generate a new password recovery from staff to the same patron - Success!
6. Opac password recovery flow should also work.
7. Tests pass.
Sponsored-by: Lund University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit
043017af13a80ad432c597699f35e50260ed21ca)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
sub SendPasswordRecoveryEmail {
my $borrower = shift; # Koha::Patron
my $userEmail = shift; #to_address (the one specified in the request)
- my $update = shift;
my $staff = shift // 0;
my $schema = Koha::Database->new->schema;
my $days = $staff ? STAFF : PATRON;
my $expirydate =
dt_from_string()->add( days => $days );
- if ($update) {
- my $rs =
- $schema->resultset('BorrowerPasswordRecovery')
- ->search( { borrowernumber => $borrower->borrowernumber, } );
- $rs->update(
- { uuid => $uuid_str, valid_until => $expirydate->datetime() } );
- }
- else {
- my $rs = $schema->resultset('BorrowerPasswordRecovery')->create(
+ my $rs = $schema->resultset('BorrowerPasswordRecovery')->update_or_create(
{
borrowernumber => $borrower->borrowernumber,
uuid => $uuid_str,
valid_until => $expirydate->datetime()
- }
+ },
+ { key => 'primary' }
);
- }
# create link
my $opacbase = C4::Context->preference('OPACBaseURL') || '';
if ($emailaddr) {
- # check if there's already a recovery in process
- my $update = ValidateBorrowernumber( $patron->borrowernumber );
-
# send staff initiated password recovery
- SendPasswordRecoveryEmail( $patron, $emailaddr, $update, 1 );
+ SendPasswordRecoveryEmail( $patron, $emailaddr, 1 );
}
# redirect to self to avoid form submission on refresh
username => $username
);
}
- elsif ( SendPasswordRecoveryEmail( $borrower, $email, scalar $query->param('resendEmail') ) ) { # generate uuid and send recovery email
+ elsif ( SendPasswordRecoveryEmail( $borrower, $email ) ) { # generate uuid and send recovery email
$template->param(
mail_sent => 1,
email => $email
my $borrower = Koha::Patrons->search( { userid => $userid1 } )->next;
my $success;
warning_is {
- $success = Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1, 0); }
+ $success = Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1 ); }
"Fake sendmail",
'[SendPasswordRecoveryEmail] expecting fake sendmail';
ok( $success == 1, '[SendPasswordRecoveryEmail] Returns 1 on success');
my $tempuuid1 = $bpr->next->uuid;
warning_is {
- Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1, 1); }
+ Koha::Patron::Password::Recovery::SendPasswordRecoveryEmail($borrower, $email1 ); }
"Fake sendmail",
'[SendPasswordRecoveryEmail] expecting fake sendmail';