git.evergreen-ils.org Git - Evergreen.git/commit

author	Galen Charlton <gmc@esilibrary.com>
	Sat, 7 May 2016 01:40:12 +0000 (21:40 -0400)
committer	Galen Charlton <gmc@esilibrary.com>
	Mon, 9 May 2016 20:41:22 +0000 (16:41 -0400)
commit	9289743a74491deb7f4b960340eda2ff14ede493
tree	c468d87b0e8d7a714cb331ad9dd50237594f8fad	tree
parent	82c0202c1e3ba3066fd831fef6b447de11c5c15d	commit \| diff

LP#1579225: fix handling of passwords in patron registration

This patch improves how the new password hashing is invoked
by open-ils.actor.patron.update; in particular, it fixes
a problem whereby newly registered patrons could not
log in.  It also fixes other issues:

- actor.usr.passwd would be set to an MD5 of the password
  for new users, vitiating the strong hashes in actor.passwd
- certain types of updates via patron registration, such as
  adding or deleting addresses, could result in the patron's
  password getting doubly-hashed, thereby locking them out
  of their account.

To test
-------
[1] Register a new patron; verify that they can log in.
[2] Edit an existing patron and change their password; verify
    that they can log in.
[3] Edit an existing patron but do NOT change their password;
    verify that they can still log in.
[4] Inspect the actor.usr rows for these patrons and verify
    that actor.usr.passwd is set to the value MD5(''), not
    the MD5 of their password.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>