[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password

Thu Dec 7 07:14:32 CET 2023

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204

--- Comment #4 from David Cook <dcook at prosentient.com.au> ---
While this works... I don't think it's the right solution.

It looks like we should change "unless ($status)" to "unless ($status &&
$status > 0)".

I'm basing that off these lines

2004     # INTERNAL AUTH
2005     if ( $check_internal_as_fallback ) {
2006         @return = checkpw_internal( $userid, $password, $no_set_userenv);
2007         $passwd_ok = 1 if $return[0] > 0; # 1 or 2
2008     }

I don't think the -2 for an expired password actually gets used anywhere so
that's fun. The "password_expired" message at login time seems to come from
$patron->password_expired in a different auth function. 

I don't know what a return value of 2 means either... 

(One of these days auth in Koha won't be a nightmare...)

-- 
You are receiving this mail because:
You are watching all bug changes.