Verify password API fails on barcode; returns success on deleted users

Bug #1557621 reported by Bill Erickson on 2016-03-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Evergreen 2.10 (beta).

The API call, used by the staff client to test passwords, fails when tested with a barcode. As a result of the following change, the code assumes a username is supplied:;a=commitdiff;h=5ddb3f61b5cf9c97cf5b45c42209a1083e8efff8#patch1

As a secondary part of this, I confirmed that the API call returns true even if the patron tested is marked as deleted. It should probably return false.

Patch en route.

Bill Erickson (berick) wrote :

Fixes pushed:;a=shortlog;h=refs/heads/user/berick/lp1557621-pass-verify-cards-and-deleted

From the commit:

    * Fixes bug that caused password verify calls to fail with an exception
      when tested with a barcode.

    * Verify API always returns false when tested on deleted users.

    To test:

    1. In the staff client, navigate to Circulation -> Verify Credentials
    2. Confirm username and barcode lookups return success for a non-deleted
       user using the correct password.
    3. Delete a test user in the database:
       UPDATE actor.usr SET deleted = TRUE WHERE id = <id-of-test-user>;
    4. Re-do step 2 confirming non-success results are returned.

tags: added: pullrequest
Changed in evergreen:
milestone: none → 2.10-rc
Changed in evergreen:
milestone: 2.10-rc → 2.10.0
Galen Charlton (gmc) on 2016-03-15
Changed in evergreen:
status: New → Confirmed
importance: Undecided → High
assignee: Bill Erickson (berick) → Galen Charlton (gmc)
Galen Charlton (gmc) wrote :

Pushed to master and rel_2_10. Thanks, Bill!

Changed in evergreen:
status: Confirmed → Fix Committed
assignee: Galen Charlton (gmc) → nobody
Galen Charlton (gmc) on 2016-03-17
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers