From: Dan Wells <dbw2@calvin.edu>
Date: Wed, 10 Oct 2012 13:22:33 +0000 (-0400)
Subject: Capture and log AuthProxy logins with no account
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=4e3fdd7ab78bdfec38f1858e1af2076010bfb757;p=evergreen%2Fmasslnc.git

Capture and log AuthProxy logins with no account

The current AuthProxy.pm code assumes that if the external auth
passes, the Evergreen account will be there.  This protects
against cases where a user is in the external auth system but
has no matching account in Evergreen.

Signed-off-by: Dan Wells <dbw2@calvin.edu>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
index be1d05b7f4..a555be7797 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm
@@ -257,6 +257,10 @@ sub _do_login {
             "open-ils.cstore.direct.actor.user.search.atomic",
             { usrname => $args->{'username'} }
         );
+        if (!$user->[0]) {
+            $logger->debug("Authenticated username '" . $args->{'username'} . "' has no Evergreen account, aborting");
+            return OpenILS::Event->new( 'LOGIN_FAILED' );
+        }
         $args->{'password'} = md5_hex( $seed . $user->[0]->passwd );
     } else {
         $args->{'password'} = md5_hex( $seed . md5_hex($real_password) );