git.evergreen-ils.org Git - working/Evergreen.git/commit

author	Galen Charlton <gmc@esilibrary.com>
	Sat, 7 May 2016 01:40:12 +0000 (21:40 -0400)
committer	Dan Wells <dbw2@calvin.edu>
	Mon, 9 May 2016 16:18:05 +0000 (12:18 -0400)
commit	4d2a6cab9561fb69dfe6345f03cbf6b2d210a5c9
tree	3f4b65fb25c8cfc3ba8ff241936ab395854e4583	tree
parent	2cf65ef923145aade9a6ced615dfd29d4d6216b3	commit \| diff

LP#1579225: fix handling of passwords in patron registration

This patch improves how the new password hashing is invoked
by open-ils.actor.patron.update; in particular, it fixes
a problem whereby newly registered patrons could not
log in.  It also fixes other issues:

- actor.usr.passwd would be set to an MD5 of the password
  for new users, vitiating the strong hashes in actor.passwd
- certain types of updates via patron registration, such as
  adding or updating address, could result in the patron's
  password getting doubly-hashed, thereby locking them out
  of their account.

To test
-------
[1] Register a new patron; verify that they can log in.
[2] Edit an existing patron and change their password; verify
    that they can log in.
[3] Edit an existing patron but do NOT change their password;
    verify that they can still log in.
[4] Inspect the actor.usr rows for these patrons and verify
    that actor.usr.passwd is set to the value MD5(''), not
    the MD5 of their password.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>