Verify password API fails on barcode; returns success on deleted users

Bug #1557621 reported by Bill Erickson
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Evergreen 2.10 (beta).

The API call, used by the staff client to test passwords, fails when tested with a barcode. As a result of the following change, the code assumes a username is supplied:;a=commitdiff;h=5ddb3f61b5cf9c97cf5b45c42209a1083e8efff8#patch1

As a secondary part of this, I confirmed that the API call returns true even if the patron tested is marked as deleted. It should probably return false.

Patch en route.

Revision history for this message
Bill Erickson (berick) wrote :

Fixes pushed:;a=shortlog;h=refs/heads/user/berick/lp1557621-pass-verify-cards-and-deleted

From the commit:

    * Fixes bug that caused password verify calls to fail with an exception
      when tested with a barcode.

    * Verify API always returns false when tested on deleted users.

    To test:

    1. In the staff client, navigate to Circulation -> Verify Credentials
    2. Confirm username and barcode lookups return success for a non-deleted
       user using the correct password.
    3. Delete a test user in the database:
       UPDATE actor.usr SET deleted = TRUE WHERE id = <id-of-test-user>;
    4. Re-do step 2 confirming non-success results are returned.

tags: added: pullrequest
Changed in evergreen:
milestone: none → 2.10-rc
Changed in evergreen:
milestone: 2.10-rc → 2.10.0
Galen Charlton (gmc)
Changed in evergreen:
status: New → Confirmed
importance: Undecided → High
assignee: Bill Erickson (berick) → Galen Charlton (gmc)
Revision history for this message
Galen Charlton (gmc) wrote :

Pushed to master and rel_2_10. Thanks, Bill!

Changed in evergreen:
status: Confirmed → Fix Committed
assignee: Galen Charlton (gmc) → nobody
Galen Charlton (gmc)
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers