From: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Date: Mon, 11 Jun 2012 20:23:32 +0000 (-0400)
Subject: Prevent login by deleted and barred users
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=55d809fe0550e57fb927e5269041a6cc92fe8cae;p=evergreen%2Fequinox.git

Prevent login by deleted and barred users

An existing comment in the code suggested that we thought we were already
keeping barred users out.  LP #1010671 brings up that deleted users were
not being kept out.

Signed-off-by: Lebbeous Fogle-Weekley <lebbeous@esilibrary.com>
Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
---

diff --git a/Open-ILS/src/c-apps/oils_auth.c b/Open-ILS/src/c-apps/oils_auth.c
index 4b2a4dc844..cf19fdf3aa 100644
--- a/Open-ILS/src/c-apps/oils_auth.c
+++ b/Open-ILS/src/c-apps/oils_auth.c
@@ -629,7 +629,20 @@ int oilsAuthComplete( osrfMethodContext* ctx ) {
 		}
 	}
 
-	if(!userObj) {
+	int     barred = 0, deleted = 0;
+	char   *barred_str, *deleted_str;
+
+	if(userObj) {
+		barred_str = oilsFMGetString( userObj, "barred" );
+		barred = oilsUtilsIsDBTrue( barred_str );
+		free( barred_str );
+
+		deleted_str = oilsFMGetString( userObj, "deleted" );
+		deleted = oilsUtilsIsDBTrue( deleted_str );
+		free( deleted_str );
+	}
+
+	if(!userObj || barred || deleted) {
 		response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
 		osrfLogInfo(OSRF_LOG_MARK,  "failed login: username=%s, barcode=%s, workstation=%s",
 				uname, (barcode ? barcode : "(none)"), ws );
@@ -638,7 +651,8 @@ int oilsAuthComplete( osrfMethodContext* ctx ) {
 		return 0;           // No such user
 	}
 
-	// Such a user exists.  Now see if he or she has the right credentials.
+	// Such a user exists and isn't barred or deleted.
+	// Now see if he or she has the right credentials.
 	int passOK = -1;
 	if(uname)
 		passOK = oilsAuthVerifyPassword( ctx, userObj, uname, password );