From e3e0f22a06ced29c9e871891ed6aae26f316abe5 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Mon, 14 Aug 2017 11:28:55 -0400 Subject: [PATCH] JBAS-1786 Remote auth 2.10-style password test Teach our custom version of remoteauth.cgi to use the new 2.10-style in-database password check. Signed-off-by: Bill Erickson --- Open-ILS/examples/remoteauth.cgi | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Open-ILS/examples/remoteauth.cgi b/Open-ILS/examples/remoteauth.cgi index 3ee752f2b7..5c62a271bf 100755 --- a/Open-ILS/examples/remoteauth.cgi +++ b/Open-ILS/examples/remoteauth.cgi @@ -25,7 +25,6 @@ use strict; use warnings; use CGI; -use Digest::MD5 qw(md5_hex); use DateTime; use DateTime::Format::ISO8601; use OpenSRF::Utils qw/:datetime/; @@ -36,6 +35,7 @@ use OpenSRF::AppSession; use OpenILS::Utils::Fieldmapper; use OpenILS::Utils::CStoreEditor qw/:funcs/; use OpenILS::Application::AppUtils; +my $U = 'OpenILS::Application::AppUtils'; my $bootstrap = '/openils/conf/opensrf_core.xml'; my $cgi = new CGI; @@ -115,7 +115,7 @@ if (!($u || $usrname || $barcode) || !$p) { exit 0; } - if ($user->passwd ne md5_hex($p)) { + if (!$U->verify_migrated_user_password($e, $user->id, $p)) { $logger->warn("remoteauth: bad password for $logtag"); print '+NO'; exit 0; @@ -140,8 +140,7 @@ if (!($u || $usrname || $barcode) || !$p) { $logger->info("remoteauth: successful authentication for $logtag"); - OpenILS::Application::AppUtils - ->log_user_activity($user->id, $agent, 'verify'); + $U->log_user_activity($user->id, $agent, 'verify'); print '+VALID'; } -- 2.11.0