[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Dec 7 07:14:32 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204
--- Comment #4 from David Cook <dcook at prosentient.com.au> ---
While this works... I don't think it's the right solution.
It looks like we should change "unless ($status)" to "unless ($status &&
$status > 0)".
I'm basing that off these lines
2004 # INTERNAL AUTH
2005 if ( $check_internal_as_fallback ) {
2006 @return = checkpw_internal( $userid, $password, $no_set_userenv);
2007 $passwd_ok = 1 if $return[0] > 0; # 1 or 2
2008 }
I don't think the -2 for an expired password actually gets used anywhere so
that's fun. The "password_expired" message at login time seems to come from
$patron->password_expired in a different auth function.
I don't know what a return value of 2 means either...
(One of these days auth in Koha won't be a nightmare...)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list