Capture and log AuthProxy logins with no account

The current AuthProxy.pm code assumes that if the external auth
passes, the Evergreen account will be there.  This protects
against cases where a user is in the external auth system but
has no matching account in Evergreen.

Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Bill Erickson <berick@esilibrary.com>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
index be1d05b..a555be7 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
@@ -257,6 +257,10 @@ sub _do_login {
             "open-ils.cstore.direct.actor.user.search.atomic",
             { usrname => $args->{'username'} }
         );
+        if (!$user->[0]) {
+            $logger->debug("Authenticated username '" . $args->{'username'} . "' has no Evergreen account, aborting");
+            return OpenILS::Event->new( 'LOGIN_FAILED' );
+        }
         $args->{'password'} = md5_hex( $seed . $user->[0]->passwd );
     } else {
         $args->{'password'} = md5_hex( $seed . md5_hex($real_password) );