Verify password API fails on barcode; returns success on deleted users
Bug #1557621 reported by
Bill Erickson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
High
|
Unassigned |
Bug Description
Evergreen 2.10 (beta).
The API call open-ils.
As a secondary part of this, I confirmed that the API call returns true even if the patron tested is marked as deleted. It should probably return false.
Patch en route.
Changed in evergreen: | |
milestone: | 2.10-rc → 2.10.0 |
Changed in evergreen: | |
status: | New → Confirmed |
importance: | Undecided → High |
assignee: | Bill Erickson (berick) → Galen Charlton (gmc) |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixes pushed:
http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ berick/ lp1557621- pass-verify- cards-and- deleted
From the commit:
* Fixes bug that caused password verify calls to fail with an exception
when tested with a barcode.
* Verify API always returns false when tested on deleted users.
To test:
1. In the staff client, navigate to Circulation -> Verify Credentials
2. Confirm username and barcode lookups return success for a non-deleted
user using the correct password.
3. Delete a test user in the database:
UPDATE actor.usr SET deleted = TRUE WHERE id = <id-of-test-user>;
4. Re-do step 2 confirming non-success results are returned.