Verify password API fails on barcode; returns success on deleted users
Bug #1557621 reported by
Bill Erickson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Evergreen |
Fix Released
|
High
|
Unassigned | ||
Bug Description
Evergreen 2.10 (beta).
The API call open-ils.
As a secondary part of this, I confirmed that the API call returns true even if the patron tested is marked as deleted. It should probably return false.
Patch en route.
Revision history for this message
| Bill Erickson (berick) wrote | #1 |
| tags: | added: pullrequest |
| Changed in evergreen: | |
| milestone: | none → 2.10-rc |
| Changed in evergreen: | |
| milestone: | 2.10-rc → 2.10.0 |
| Changed in evergreen: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| assignee: | Bill Erickson (berick) → Galen Charlton (gmc) |
Revision history for this message
| Galen Charlton (gmc) wrote | #2 |
| Changed in evergreen: | |
| status: | Confirmed → Fix Committed |
| assignee: | Galen Charlton (gmc) → nobody |
| Changed in evergreen: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixes pushed:
http://
From the commit:
* Fixes bug that caused password verify calls to fail with an exception
when tested with a barcode.
* Verify API always returns false when tested on deleted users.
To test:
1. In the staff client, navigate to Circulation -> Verify Credentials
2. Confirm username and barcode lookups return success for a non-deleted
user using the correct password.
3. Delete a test user in the database:
UPDATE actor.usr SET deleted = TRUE WHERE id = <id-of-test-user>;
4. Re-do step 2 confirming non-success results are returned.