[open-ils-commits] r13623 - trunk/Open-ILS/src/c-apps (scottmk)
svn at svn.open-ils.org
svn at svn.open-ils.org
Sat Jul 18 08:07:50 EDT 2009
Author: scottmk
Date: 2009-07-18 08:07:49 -0400 (Sat, 18 Jul 2009)
New Revision: 13623
Modified:
trunk/Open-ILS/src/c-apps/oils_auth.c
Log:
In oils_auth.c: changed the treatment of inactive accounts.
Previously, if someone tried to log on to an inactive account,
the error message reported to the client would identify the
account as inactive, without regard to the password.
Now the message identifies the account as inactive only if the
password matches. Otherwise it reports it simply as a failure.
Also: changed the barcode to a pointer to const, pointing to
an existing string, rather than allocating a separate copy
that we have to free later.
Also: tinkered with a couple of info messages to avoid
invoking undefined behavior when barcode is NULL.
Modified: trunk/Open-ILS/src/c-apps/oils_auth.c
===================================================================
--- trunk/Open-ILS/src/c-apps/oils_auth.c 2009-07-17 20:54:17 UTC (rev 13622)
+++ trunk/Open-ILS/src/c-apps/oils_auth.c 2009-07-18 12:07:49 UTC (rev 13623)
@@ -370,7 +370,7 @@
const char* type = jsonObjectGetString(jsonObjectGetKeyConst(args, "type"));
double orgloc = jsonObjectGetNumber(jsonObjectGetKeyConst(args, "org"));
const char* workstation = jsonObjectGetString(jsonObjectGetKeyConst(args, "workstation"));
- char* barcode = jsonObjectToSimpleString(jsonObjectGetKeyConst(args, "barcode"));
+ const char* barcode = jsonObjectGetString(jsonObjectGetKeyConst(args, "barcode"));
const char* ws = (workstation) ? workstation : "";
@@ -378,7 +378,6 @@
if(!type) type = OILS_AUTH_STAFF;
if( !( (uname || barcode) && password) ) {
- free(barcode);
return osrfAppRequestRespondException( ctx->session, ctx->request,
"username/barcode and password required for method: %s", ctx->method->name );
}
@@ -398,10 +397,10 @@
if(!userObj) {
response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
- osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s", uname, barcode, ws );
+ osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s",
+ uname, (barcode ? barcode : "(none)"), ws );
osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
oilsEventFree(response);
- free(barcode);
return 0;
}
@@ -413,18 +412,20 @@
if( passOK < 0 ) {
jsonObjectFree(userObj);
- free(barcode);
return passOK;
}
/* first see if their account is inactive */
char* active = oilsFMGetString(userObj, "active");
if( !oilsUtilsIsDBTrue(active) ) {
- response = oilsNewEvent(OSRF_LOG_MARK, "PATRON_INACTIVE");
+ if( passOK )
+ response = oilsNewEvent( OSRF_LOG_MARK, "PATRON_INACTIVE" );
+ else
+ response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
+
osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
oilsEventFree(response);
jsonObjectFree(userObj);
- free(barcode);
free(active);
return 0;
}
@@ -435,7 +436,6 @@
osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
oilsEventFree(response);
jsonObjectFree(userObj);
- free(barcode);
return 0;
}
@@ -443,7 +443,6 @@
/* check to see if the user is even allowed to login */
if( oilsAuthCheckLoginPerm( ctx, userObj, type ) == -1 ) {
jsonObjectFree(userObj);
- free(barcode);
return 0;
}
@@ -456,7 +455,6 @@
jsonObjectFree(userObj);
osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
oilsEventFree(response);
- free(barcode);
return 0;
}
@@ -477,13 +475,13 @@
} else {
response = oilsNewEvent( OSRF_LOG_MARK, OILS_EVENT_AUTH_FAILED );
- osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s", uname, barcode, ws );
+ osrfLogInfo(OSRF_LOG_MARK, "failed login: username=%s, barcode=%s, workstation=%s",
+ uname, (barcode ? barcode : "(none)"), ws );
}
jsonObjectFree(userObj);
osrfAppRespondComplete( ctx, oilsEventToJSON(response) );
oilsEventFree(response);
- free(barcode);
if(freeable_uname) free(freeable_uname);
More information about the open-ils-commits
mailing list