Bug 35445: Require OPAC user to confirm self-registration with button push

This change requires the OPAC user to confirm self-registration with
a button push when verifying registration using an emailed token.

Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Set syspref PatronSelfRegistrationVerifyByEmail to "Don't require"
2. Create a patron using the self-registration on the OPAC
3. Note that no confirmation step is needed when self-registering
4. Set syspref PatronSelfRegistrationVerifyByEmail to "Require"
5. Create a patron using the self-registration on the OPAC
6. Look in message_queue to find the URL with the token to
visit in the browser
7. Visit that URL
8. Note that the page says "Registration pending" and asks you to
click a button labeled "Confirm"
9. Click the button labeled "Confirm"
10. Note that the self-registration is confirmed and details are
shown on the page

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-registration-confirmation.tt

@@ -16,7 +16,11 @@
 <div class="main">
     [% WRAPPER breadcrumbs %]
         [% WRAPPER breadcrumb_item bc_active= 1 %]
-            <span>Registration complete</span>
+            [% IF ( ! confirmed ) %]
+                <span>Registration pending</span>
+            [% ELSE %]
+                <span>Registration complete</span>
+            [% END %]
         [% END %]
     [% END #/ WRAPPER breadcrumbs %]
 
@@ -42,6 +46,17 @@
                 <div class="col order-md-1 maincontent">
             [% END %]
 
+                [% IF ( ! confirmed ) %]
+                    <div id="registration-pending">
+                        <h1>Registration pending</h1>
+                        <p id="confirm-instruction" class="registration-line">Click the button below to confirm registration.</p>
+                        <form action="/cgi-bin/koha/opac-registration-verify.pl" method="post" name="confirm_registration" id="confirm_registration">
+                            <input type="hidden" name="token" value="[% token | html %]">
+                            <input type="hidden" name="op" value="confirmed">
+                            <input type="submit" value="Confirm" class="btn btn-primary">
+                        </form>
+                    </div>
+                [% ELSE %]
                     <div id="registration-complete">
                         <h1>Registration complete!</h1>
 
@@ -80,6 +95,7 @@
                             </div>
                         [% END %]
                     </div> <!-- /#registration-complete -->
+                [% END %]
                 </div> <!-- / .col-7/9 -->
 
                 <div class="col-12 col-lg-3 order-md-2">

opac/opac-memberentry.pl

@@ -263,6 +263,8 @@ if ( $action eq 'create' ) {
                 $template->param( password_cleartext => $patron->plain_text_password );
                 $template->param( borrower => $patron->unblessed );
 
+                $template->param( confirmed => 1 );
+
                 # If 'AutoEmailNewUser' syspref is on, email user their account details from the 'notice' that matches the user's branchcode.
                 if ( C4::Context->preference("AutoEmailNewUser") ) {
                     #look for defined primary email address, if blank - attempt to use borr.email and borr.emailpro instead

opac/opac-registration-verify.pl

@@ -41,18 +41,41 @@ unless ( C4::Context->preference('PatronSelfRegistration') ) {
 }
 
 my $token = $cgi->param('token');
+my $op = $cgi->param('op');
+my $confirmed;
+if ( $op && $op eq 'confirmed' ) {
+    $confirmed = 1;
+}
 my $m = Koha::Patron::Modifications->find( { verification_token => $token } );
 
 my ( $template, $borrowernumber, $cookie );
 my ( $error_type, $error_info );
 
+my $rego_found;
 if (
-    $m # The token exists and the email is unique if requested
+    $m    # The token exists and the email is unique if requested
-    and not(
+    and not(C4::Context->preference('PatronSelfRegistrationEmailMustBeUnique')
-            C4::Context->preference('PatronSelfRegistrationEmailMustBeUnique')
+        and Koha::Patrons->search( { email => $m->email } )->count )
-        and Koha::Patrons->search( { email => $m->email } )->count
     )
-  )
+{
+    $rego_found = 1;
+}
+
+if ( $rego_found
+    and !$confirmed )
+{
+    ( $template, $borrowernumber, $cookie ) = get_template_and_user(
+        {
+            template_name   => "opac-registration-confirmation.tt",
+            type            => "opac",
+            query           => $cgi,
+            authnotrequired => C4::Context->preference("OpacPublic") ? 1 : 0,
+        }
+    );
+    $template->param( "token" => $token );
+}
+elsif ( $rego_found
+    and $confirmed )
 {
     my $patron_attrs = $m->unblessed;
     $patron_attrs->{password} ||= Koha::AuthUtils::generate_password(Koha::Patron::Categories->find($patron_attrs->{categorycode}));
@@ -88,6 +111,7 @@ if (
                 authnotrequired => C4::Context->preference("OpacPublic") ? 1 : 0,
             }
         );
+        $template->param( "confirmed" => 1 );
         C4::Form::MessagingPreferences::handle_form_action($cgi, { borrowernumber => $patron->borrowernumber }, $template, 1, C4::Context->preference('PatronSelfRegistrationDefaultCategory') ) if C4::Context->preference('EnhancedMessagingPreferences');
 
         $template->param( password_cleartext => $patron->plain_text_password );