LP#
1579225: fix handling of passwords in patron registration
This patch improves how the new password hashing is invoked
by open-ils.actor.patron.update; in particular, it fixes
a problem whereby newly registered patrons could not
log in. It also fixes other issues:
- actor.usr.passwd would be set to an MD5 of the password
for new users, vitiating the strong hashes in actor.passwd
- certain types of updates via patron registration, such as
adding or deleting addresses, could result in the patron's
password getting doubly-hashed, thereby locking them out
of their account.
To test
-------
[1] Register a new patron; verify that they can log in.
[2] Edit an existing patron and change their password; verify
that they can log in.
[3] Edit an existing patron but do NOT change their password;
verify that they can still log in.
[4] Inspect the actor.usr rows for these patrons and verify
that actor.usr.passwd is set to the value MD5(''), not
the MD5 of their password.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Mike Rylander <mrylander@gmail.com>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
projects / evergreen / equinox.git / commit