Bug 5995 Followup: checkpw was returning inconsistent values

In the case of LDAP, checkpw was returning the cardnumber of there user, but it was being treated as the
userid.  This patch updates checkpw_ldap to return the cardnumber AND the userid, and updates checkpw to
uniformly return cardnumber and userid in all instances, so that whoever is authenticating can use the
desired value in the right way.

diff --git a/C4/Auth.pm b/C4/Auth.pm
index b416449..0765732 100644 (file)
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -737,7 +737,7 @@ sub checkauth {
                    $info{'invalidCasLogin'} = 1 unless ($return);
                } else {
                    my $retuserid;
-                   ( $return, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
+                   ( $return, $cardnumber, $retuserid ) = checkpw( $dbh, $userid, $password, $query );
                    $userid = $retuserid if ($retuserid ne '');
                }
                if ($return) {
@@ -1389,8 +1389,8 @@ sub checkpw {
     my ( $dbh, $userid, $password, $query ) = @_;
     if ($ldap) {
         $debug and print "## checkpw - checking LDAP\n";
-        my ($retval,$retcard) = checkpw_ldap(@_);    # EXTERNAL AUTH
-        ($retval) and return ($retval,$retcard);
+        my ($retval,$retcard,$retuserid) = checkpw_ldap(@_);    # EXTERNAL AUTH
+        ($retval) and return ($retval,$retcard,$retuserid);
     }
 
     if ($cas && $query->param('ticket')) {
@@ -1416,7 +1416,7 @@ sub checkpw {
 
             C4::Context->set_userenv( "$borrowernumber", $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
         }
     }
     $sth =
@@ -1432,7 +1432,7 @@ sub checkpw {
 
             C4::Context->set_userenv( $borrowernumber, $userid, $cardnumber,
                 $firstname, $surname, $branchcode, $flags );
-            return 1, $userid;
+            return 1, $cardnumber, $userid;
         }
     }
     if (   $userid && $userid eq C4::Context->config('user')

diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index acbd923..26cee59 100644 (file)
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -155,7 +155,7 @@ sub checkpw_ldap {
             ($cardnumber eq $c2) or warn "update_local returned cardnumber '$c2' instead of '$cardnumber'";
         } else { # C1, D1
             # maybe update just the password?
-               return(1, $cardnumber); # FIXME dpavlin -- don't destroy ExtendedPatronAttributes
+               return(1, $cardnumber, $local_userid);
         }
     } elsif ($config{replicate}) { # A2, C2
         $borrowernumber = AddMember(%borrower) or die "AddMember failed";
@@ -182,7 +182,7 @@ sub checkpw_ldap {
                }
            C4::Members::Attributes::SetBorrowerAttributes($borrowernumber, $extended_patron_attributes);
        }
-return(1, $cardnumber);
+return(1, $cardnumber, $userid);
 }
 
 # Pass LDAP entry object and local cardnumber (userid).