[Koha-bugs] [Bug 31431] Cannot change one's own userid if logged in as staff
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri May 5 12:57:14 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31431
Janusz Kaczmarek <januszop at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |januszop at gmail.com
--- Comment #3 from Janusz Kaczmarek <januszop at gmail.com> ---
Same effect (Internal Server Error) in 22.11.03. In log we find:
Can't call method "password_expired" on an undefined value at
/usr/share/koha/lib/C4/Auth.pm line 1785.
This is because, in function C4::Auth::check_cookie_auth, the following is
done:
my $userid = $session->param('id');
[...]
my $patron = Koha::Patrons->find({ userid => $userid });
$patron = Koha::Patrons->find({ cardnumber => $userid })
unless $patron;
return ("password_expired", undef ) if $patron->password_expired;
$userid is taken from stored session data and contains the old user login (=
userid). At the same time, the content of the borrowers table is already
updated with the new userid. So no patron object is found. As a consequence,
$patron->password_expired is called on an undefined patron (without checking if
it exists).
So, maybe while self-modifying the userid the session data should also be
updated? Would it work? And how about SSO methods, should any of them be
used?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list