Comment 26 for bug 1468422

Hey Bill, looks good. My cobbled version wasn't so far off after all, so maybe I'll be more confident next time :)

On first pass, the only concern I had when I was working on it (which is still present in your version) is what to do about the "PATRON_CARD_INACTIVE" event. Your code replicates the current behavior properly (it sends it along to the client), but I'm wondering why we currently hide "PATRON_INACTIVE" behind a password check but not "PATRON_CARD_INACTIVE". I'm not a good judge of what should be private or not, but it does seem at least a little odd to hide one and not the other. Certainly no big deal, so just bringing it up while we're in here thinking about things.

I'll also definitely jump on the auth_proxy bits very soon while everything is still fresh in my mind.