https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21997
Kyle M Hall <k...@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #84230|0 |1 is obsolete| | --- Comment #5 from Kyle M Hall <k...@bywatersolutions.com> --- Created attachment 84990 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84990&action=edit Bug 21997 - SIP patron information requests can lock patron out of account Many SIP services send an empty password field (AD). Even if allow_empty_passwords is enabled for the given SIP account, this empty password is run though Koha's password checker which increments the number of login attempts for a patron. Thus repeated patron information requests can lock a patron out! Empty password fields in SIP should not call for a password check if allow_empty_passwords is enabled. Test Plan: 1) Enable a patron password attempt with a limit of 3 2) Send 4 patron information requests with an empty AD field 3) Note the patron's account is now locked 4) Apply this patch 5) Repeat step 2 with a different patron 6) Note the patron's account does not get locked! Signed-off-by: Charles Farmer <charles.far...@inlibro.com> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/