LP#1557621 Verify password barcode / deleted users repair

* Fixes bug that caused password verify calls to fail with an exception
  when tested with a barcode.

* Verify API always returns false when tested on deleted users.

To test:

1. In the staff client, navigate to Circulation -> Verify Credentials
2. Confirm username and barcode lookups return success for a non-deleted
   user using the correct password.
3. Delete a test user in the database:
   UPDATE actor.usr SET deleted = TRUE WHERE id = <id-of-test-user>;
4. Re-do step 2 confirming non-success results are returned.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
index 87fb870..1e0593d 100644 (file)
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
@@ -3293,11 +3293,10 @@ sub verify_user_password {
         $user_by_username = $e->search_actor_user({usrname => $username})->[0] or return 0;
         $user = $user_by_username;
     }
-    return 0 if (!$user);
+    return 0 if (!$user || $U->is_true($user->deleted));
     return 0 if ($user_by_username && $user_by_barcode && $user_by_username->id != $user_by_barcode->id);
     return $e->event unless $e->allowed('VIEW_USER', $user->home_ou);
-    return $U->verify_migrated_user_password(
-        $e, $user_by_username->id, $password, 1);
+    return $U->verify_migrated_user_password($e, $user->id, $password, 1);
 }
 
 __PACKAGE__->register_method (