LP#
1468422 Report inactive card on password OK
Prevent leaking information from authentication by only reporting that a
card is inactive if the caller provided the correct credentials. This
is consistent with how the code handles inactive patrons.
To avoid a lot of code duplication and to reduce the potential for
leaking memory (C code, amiright?), this commit includes a number of
changes to avoid exiting the API function early and saving the memory
cleanup routines until the end of the API call.
Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>