[Koha-bugs] [Bug 21997] SIP patron information requests can lock patron out of account
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jan 18 23:11:07 CET 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21997
Charles Farmer <charles.farmer at inlibro.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #83183|0 |1
is obsolete| |
--- Comment #2 from Charles Farmer <charles.farmer at inlibro.com> ---
Created attachment 84230
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84230&action=edit
Bug 21997 - SIP patron information requests can lock patron out of account
Many SIP services send an empty password field (AD). Even if
allow_empty_passwords is enabled for the given SIP account, this empty password
is run though Koha's password checker which increments the number of login
attempts for a patron. Thus repeated patron information requests can lock a
patron out! Empty password fields in SIP should not call for a password check
if allow_empty_passwords is enabled.
Test Plan:
1) Enable a patron password attempt with a limit of 3
2) Send 4 patron information requests with an empty AD field
3) Note the patron's account is now locked
4) Apply this patch
5) Repeat step 2 with a different patron
6) Note the patron's account does not get locked!
Signed-off-by: Charles Farmer <charles.farmer at inLibro.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list