The password should be encoded before hashing.
Test plan:
- Before applying the patch, create a user with utf-8 in password
- apply patches
- try to log in
- change the password
- log out
- try to log in
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
use Koha::AuthUtils qw(hash_password);
use POSIX qw/strftime/;
use List::MoreUtils qw/ any /;
+use Encode qw( encode is_utf8);
# use utf8;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug $ldap $cas $caslogout $shib $shib_login);
sub checkpw_internal {
my ( $dbh, $userid, $password ) = @_;
+ $password = Encode::encode( 'UTF-8', $password )
+ if Encode::is_utf8($password);
+
if ( $userid && $userid eq C4::Context->config('user') ) {
if ( $password && $password eq C4::Context->config('pass') ) {
# Koha superuser account
use Modern::Perl;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
+use Encode qw( encode is_utf8 );
use Fcntl qw/O_RDONLY/; # O_RDONLY is used in generate_salt
use base 'Exporter';
# Using Bcrypt method for hashing. This can be changed to something else in future, if needed.
sub hash_password {
my $password = shift;
+ $password = Encode::encode( 'UTF-8', $password )
+ if Encode::is_utf8($password);
# Generate a salt if one is not passed
my $settings = shift;