DIS-437 When authenticating the user, only authenticate with the Account Profile attached to the active library

Author: mdnoble73

code/web/release_notes/25.03.00.MD

@@ -42,6 +42,7 @@
 ### Other Updates
 - Remove unused AspenLiDASettings class. (DIS-393) (*MDN*)
 - Set translation metadata properly when creating a new collection spotlight. (DIS-427) (*MDN*)
+- When authenticating the user, only authenticate with the Account Profile attached to the active library. (DIS-437) (*MDN*)
 
 // kirstien
 

code/web/sys/UserAccount.php

@@ -731,7 +731,21 @@ public static function validateAccount(?string $username, ?string $password, ?st
 		}
 
 		foreach ($driversToTest as $driverName => $additionalInfo) {
-			if ($accountSource == null || $accountSource == $additionalInfo['accountProfile']->name) {
+			/** @var AccountProfile $accountProfile */
+			$accountProfile = $additionalInfo['accountProfile'];
+			$okToCheckAccountProfile = false;
+			if ($accountSource == null) {
+				if ($accountProfile->id == $library->accountProfileId) {
+					$okToCheckAccountProfile = true;
+				}elseif ($accountProfile->authenticationMethod == 'db' || $accountProfile->authenticationMethod == 'sso') {
+					$okToCheckAccountProfile = true;
+				}
+			}else{
+				$okToCheckAccountProfile = $accountSource == $accountProfile->name;
+			}
+
+			if ($okToCheckAccountProfile) {
+				$logger->log("authenticating $username with profile $accountProfile->name", Logger::LOG_DEBUG);
 				try {
 					$authN = AuthenticationFactory::initAuthentication($additionalInfo['authenticationMethod'], $additionalInfo);
 				} catch (UnknownAuthenticationMethodException $e) {