User opt-in when staff member has logged in via proxied authentication fails due to missing workstation ID
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Evergreen | Status tracked in Main | |||||
2.10 |
Fix Released
|
Undecided
|
Unassigned | |||
Main |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
* Evergreen master & 2.10.6
When we went live on our production 2.10.6 system, we noticed that opting-in users would fail if the staff member had logged into the staff client using their LDAP password (and thus going through auth_proxy and LDAP) instead of their Evergreen internal password.
The calls in syslog looked like the following:
Sep 6 18:23:39 hostname open-ils.actor: [ACT:1701:
Sep 6 18:23:40 hostname open-ils.cstore: [ERR :31314:
The lack of a value for opt_in_ws results in failure because, as indicated, it needs to be a non-null value per the actor.usr_
I have reproduced this on master as well. I see code in oils_auth.c and oils_auth_
BTW, my temporary workaround is to set a default value for the opt-in workstation column, like so:
INSERT INTO actor.workstati on(name, owning_lib) VALUES ('automatic- for-the- people' , 1); ------- ------- ------- ----+-- ------- --- for-the- people | 1 org_unit_ opt_in ALTER COLUMN opt_in_ws SET DEFAULT 929;
# SELECT * FROM actor.workstation WHERE owning_lib = 1;
id | name | owning_lib
-----+-
929 | automatic-
(1 row)
ALTER TABLE actor.usr_
Obviously a gross hack that I hope doesn't have to live long!