This patch modifies opac-memberentry.pl so that the list of libraries is
sorted by library name instead of library code.
To test, apply the patch and restart services.
- If using the default testing data you'll have to go to Administration
-> Libraries and edit one or more libraries so that the library name
is alphabetically different than the library code. e.g. Centerville ->
Zanzibar.
- Go the OPAC and click "Create an account" (requires the
PatronSelfRegistration system preference).
- Under "Home library," the dropdown of libraries should be ordered by
library name.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We should no longer need to check CSRF token from pl files
TODO - there is a change for some files where we returned 403
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We do not longer need to generate_csrf from pl files
TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted
Bug 34478: [TO SQUASH] Remove generate_csrf from pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This change requires the OPAC user to confirm self-registration with
a button push when verifying registration using an emailed token.
Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Set syspref PatronSelfRegistrationVerifyByEmail to "Don't require"
2. Create a patron using the self-registration on the OPAC
3. Note that no confirmation step is needed when self-registering
4. Set syspref PatronSelfRegistrationVerifyByEmail to "Require"
5. Create a patron using the self-registration on the OPAC
6. Look in message_queue to find the URL with the token to
visit in the browser
7. Visit that URL
8. Note that the page says "Registration pending" and asks you to
click a button labeled "Confirm"
9. Click the button labeled "Confirm"
10. Note that the self-registration is confirmed and details are
shown on the page
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If there is no default category defined in PatronSelfRegistrationDefaultCategory the full feature must be displayed.
We already hide the link from the OPAC main page, but the form is still accessible.
Test plan (for the whole patch set):
1. Turn on PatronSelfRegistration
2. Don't set PatronSelfRegistrationDefaultCategory
3. Go to the OPAC main page and confirm that the "Register here" link is
not displayed
4. Hit opac-memberentry.pl and confirm that you are redirected to the
OPAC main page
5. Go to the about page and confirm that you see a warning in the
"System information" tab
6. Set PatronSelfRegistrationDefaultCategory to an invalid patron's
category
7. Repeat 3, 4, 5
8. Set PatronSelfRegistrationDefaultCategory to a valid patron's
category
9. Self-register a patron and confirm it works as expected
10. Edit PatronSelfRegistrationBorrowerUnwantedField and confirm that
you cannot remove dateexpiry and categorycode
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
The idea here is to confirm this patch does not introduce regression.
For that you will play with the CardnumberLength syspref and create a
new user, modify an existing one, and check that the UI does not let you
modify an invalid cardnumber.
The onboarding process and the patron import tool will also have to be tested
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Bug 33940: Fix selfreg
please squash with first patch
Bug 33940: Fix messages we sent to templates
please squash with the first patch
Bug 33940: Fix what we send to memberentry
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
GDPR is a European Union (and, at time of writing, UK) law.
The GDPR_Policy system preference is about a patron
giving consent to their personal data being processed in
line with the library's privacy policy.
The name of the preference is vague: there could be
many policies implemented by libraries to comply with
GDPR. It also makes the preference look irrelevant for
libraries outside the areas where GDPR applies, while
it may be useful for libraries anywhere.
This renames GDPR_Policy to PrivacyPolicyConsent and
adjusts the system preference descriptions.
To test:
* Apply the patch
* Run database update
* Search for GDPR_Policy in the system preference
- you should not find anything.
* Search for DataPrivacyConsent in the system preferences
- you should find it and be able to activate it
* Verify the feature works as expected
- If the preference is set to "enforced", you will be
asked to give consent to the data privacy agreement
in the OPAC when you log in
* Verify the page is now phrased neutrally using 'privacy policy'
Bonus: Consent date is now formatted according to DateFormat
system preference.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Enable self registration, pick a default category too for it.
The changes will be tested later with a plugin, but now change
Koha/Patron.pm as follows:
sub _generate_userid_legacy { # as we always did
my ($self) = @_;
+return $self;
So, add the return $self line only.
Restart all. Try to register an account on OPAC.
You should see an alert about problems processing your registration.
Undo the change in Patron.pm and restart all.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
We are sanitizing other attributes but "extended patron attributes".
Test plan:
Make a patron attribute editable at the OPAC
Edit an existing patron, or register a new one
Use a script tag in the new value ("<script>alert("booh!")</script>" for
instance)
With this patch the value is remove if containing an HTML tag that is
not br b i em big small strong (see C4::Scrubber)
Signed-off-by: Mark Hofstetter <koha@trust-box.at>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
1. Apply all patches
2. Update database
3. Restart services
4. Set email addresses in:
- KohaAdminEmailAddress syspref
- EmailAddressForPatronRegistrations syspref
- Email address in the library branch
5. Enable PatronSelfRegistration syspref
6. Test the following use cases:
- EmailPatronRegistrations syspref = 'none'.
Submit OPAC registration.
= OUTCOME: Confirm no OPAC_REG notice in message_queue table
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch just removes two redundant use directives in opac-memberentry.pl
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
The idea rely on the KohaDates TT plugin for the date formatting. We
should not have any output_pref calls in pl or pm (there are some
exceptions, for ILSDI for instance).
Also flatpickr will deal with the places where dates are inputed. We
will pass the raw SQL value (what we call 'iso' in Koha::DateUtils), and
the controller will receive the same value, no need to additional
conversion.
Note that DBIC has the capability to auto-deflate DateTime objects,
which makes things way easier. We can either pass the value we receive
from the controller, or pass a DT object to our methods.
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch replaces the AutoEmailOpacUser system preference with a new
AutoEmailNewUser preference. This makes the functionof the preference
clearer.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates all references to the former ACCTDETAILS notice to
use the new WELCOME email notice instead.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The self registration form stores a new borrower as a borrower modification when verifying by email.
Borrower modifications can handle extended attributes.
This patch simply sotres the extended attributes in the modifications table, and approves a modification
to the extended attributes only after patron is created
To test:
1 - Apply patch
2 - Create a patron attribute and set it as viewable/editable in the OPAC
3 - Set system preference PatronSelfRegistrationVerifyByEmail
4 - Reigster a new patron on the OPAC, provide an email and populate the extended attribute
5 - Retrieve the verification token, the last on in the messages table
SELECT * FROM message_queue;
6 - Go tot he url from above
7 - Confirm successful patron creation
8 - View patron record and confirm attribute was set
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch adds the ACCTDETAILS notice trigger to the opac self
registration process. Allowing new users, without varification enabled,
to receive the ACCTDETAILS notice immediately after their account is
created.
Test plan
1) Enable AutoEmailOpacUser system preference
2) Ensure the ACCTDETAILS notice is configured
3) Ensure `PatronSelfRegistrationVerifyByEmail` is disabled
4) Register a new user via the opac self registration process using an
email address you have access to
5) The new user should have been created and you should be able to see
the account details notice in their associated notices
6) Confirm that the email address used above has received the notice.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.
This patch only removes the obvious places, not the tricky ones.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
and some more...
There are lot of inconsistencies in our ->search calls. We could
simplify some of them, but not in this patch. Here we want to prevent
regressions as much as possible and so don't add unecessary changes.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
TEST PLAN:
1. Apply patch, updatedatabase, restart_all
2. In the PatronSelfRegistrationBorrowerMandatoryField add the field password.
3. Go to the self registration page on make sure password is required.
4. Now go to the OPAC modification page, make some changes and attempt to submit. It should work.
5. Go to PatronSelfModificationMandatoryField and select some fields.
6. The columns you selected should now be required.
7. On the PatronSelfModificationMandatoryField page, make sure the select all and clear all buttons work.
Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons
To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
* selfreg and selfmod for OPAC
* patron's edition on staff
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested OPAC and staff side. Prevents mangling flags column.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To ease testing and future changes if needed.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.
That way we will need to explicitely define the subroutine we want to
use from a module.
This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests
And a lot of other manual changes.
export.pl is a dirty script that can be found on bug 17600.
"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;
The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules
Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).
EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.
@EXPORT and @EXPORT_OK are the two main variables used during export operation.
@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.
@EXPORT_OK does export of symbols on demand basis.
"""
If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
- use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Display the value in the patron detail page
- Adds support for BorrowerUnwantedField (staff)
- Removes unecessary code in opac/opac-memberentry.pl
Sponsored-by: CCSR ( http://www.ccsr.qc.ca )
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the "Main Contact Method" field in the borrower
modification form.
This field is useful for reporting purposes, or to
know which contact method to use first when trying to contact a borrower.
Test plan:
0) Apply patch
1) updatedatabase.pl
2) In the staff client, edit a patron's contact info. There should be a new dropdown select to choose the main contact method
3) In the opac page, edit the personal details.There should be a new dropdown select to choose the main contact method.
4) Save the form. It should work.
Sponsored-by: CCSR ( http://www.ccsr.qc.ca )
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
1. Add some values to the ROADTYPE authorized value
2. Go to PatronSelfRegistrationBorrowerUnwantedField and make sure
streettype is NOT checked
3. Go the self reg form, no street type field
4. Apply patch
5. Check the self reg form, streettype should be there with all the
options defined in ROADTYPE a.v.
6. Check the self modification form, street type should be there.
7. Make sure PatronSelfRegistrationBorrowerUnwantedField and
PatronSelfModificationBorrowerUnwantedField hide the field correctly.
8. Make sure PatronSelfRegistrationBorrowerMandatoryField properly makes
the field required.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
TEST PLAN:
1 Set up some patron extended attributes
2 Make sure you check 'Display in OPAC' and 'Editable in OPAC'
3 Go to self registration and attempt to register
4 you get an error ( Not a SCALAR reference at /kohadevbox/koha/opac/opac-memberentry.pl line 110 )
5 Apply patch
6 repeat steps 1-3, ther should be no error now
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The check methods were positioned under the 'Internal methods' section
of the meodule but are used externally.
It also felt strange to have a noop or die method. Instead, I propose
renaming them to `repeatable_ok` and `unique_ok` and returning a
boolean denoting their state.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If the pref KohaAdminEmailAddress was not set correctly (invalid email)
and has been used to generate message, the message_queue table can contain
some messages that are not sent (pending) and will be processed each
time a new self-reg is done.
The PatronSelfRegistrationVerifyByEmail feature must send only the
notice we just generated, not the whole pending queue.
Test plan:
1. Do not apply the patches
2. Set KohaAdminEmailAddress to an invalid email (root@localhost for
instance)
3. Turn on PatronSelfRegistrationVerifyByEmail
4. Self-reg a patron
5. Boom (that must be fixed on a separate bug report)
6. Set KohaAdminEmailAddress to a valid email (root@example.org)
7. Self-reg a patron
8. Still Boom! (because it's processing the first invalid email)
9. Apply the patches, restart_all
10. Self-reg a patron
=> The email is sent!
Notice the change in DB, the first email is still there with status
"pending" and second email is sent!
QA: at step 10. TODO first email must be 'failed' (highlight in tests)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
It seems that we don't really need all this overhead.
YesNo must be a boolean and contain 1 or 0.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
If categorycode is selected in
PatronSelfRegistrationBorrowerUnwantedField and
PatronSelfRegistrationVerifyByEmail is turned on, the patron self registration
fails with
[You must provide a patron's category to validate password's strength
and length] at /usr/share/perl5/Exception/Class/Base.pm line 88
Test plan:
0. Select categorycode in PatronSelfRegistrationBorrowerUnwantedField
and turn on PatronSelfRegistrationVerifyByEmail
1. Self register a patron
2. Confirm that it works as expected with this patch applied.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The value of PatronSelfRegistrationLibraryList is used to display the dropdown
list of the libraries, but not after the form is submitted.
Test plan:
1. Empty PatronSelfRegistrationLibraryList
2. Self register a new patron
=> Confirm the dropdown list with the libraries contain all the
libraries
3. Fill in PatronSelfRegistrationLibraryList with branchcodes (eg. "CPL|MPL")
4. Self register a new patron
5. Edit the HTML form and replace the option's value with another
branchcode (FPL)
6. Save
=> Without this patch the branchcode FPL is used
=> With this patch applied an ugly 500 is returned
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
When a patron edit their personal details at the OPAC, the password must
be removed from the mandatory fields
Test plan:
0 - Don't apply the patch
1 - Set PatronSelfRegistrationBorrowerMandatoryField to require password
2 - Create or sign in as a patron on the opac
3 - Click 'Your personal details'
4 - Attempt to edit
5 - Save changes
=> They are rejected because not all required fields are populated
6 - Apply the patch
7 - Repeat 3 to 5
=> details are saved successfully
8 - Test the self registration feature and confirm that the password is
required
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch fixes the bug when there is no patron category available for
selection in self registration form. It uses PatronSelfRegistrationDefaultCategory
to get patron's password length and strength.
To test:
1. Do not apply this patch
2. Allow SeflRegistration, set PatronSelfRegistrationDefaultCategory to
a valid patron category and finally add categorycode to PatronSelfRegistrationBorrowerUnwantedField
3. Go to opac and enter self registration form
CHECK => There is no patron category available for selection
=> Password's info alert shows "Password must contain at least
undefined characters"
4. Fill the form setting a password and send.
CHECH => You get an exception saying "You must provide a patron's
category to validate password's strength and length"
5. Apply this patch and restart_all
6. repeat steps 3 and 4
SUCCESS => Password's info alert message shows a number instead of
"undefined"
=> Password's strength and length checks are working
=> If you change default category's lenght or strength parameter it get's reflected when you refresh the page
=> When you click send, patron is saved
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category
To test:
1. koha-shell kohadev
2. koha-mysql kohadev
3. drop database koha_kohadev;
4. create database koha_kohadev;
5. go to admin page and start webinstaller. There continue the steps until onboarding.
6. reach step 3 of onboarding and create a new administrator patron
CHECH => Password control woks as normal (Minimum length 3 and strong required)
7. finish Koha installation and enter admin with your new administrator
8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require”
9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password
10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2)
CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password.
CHECK => Try changing patron category before saving. Password requirements will change with category change.
11. Edit CAT1 and set minimum password length to 5
12. Go to patron1 details page, and change password.
CHECH => Now password minimum length is 5, but still it doesn’t require strong password
13. Edit CAT1, leave blank minimum password length and set require strong password to yes.
14. Go to patron1 details page, and change password.
CHECH => Password minimum length is back to 3, but now strong password is required
15. Set minimum password length in CAT2 to 12.
16. Go to patron2 details page, and click to fill a random generated password
CHECK => generated password should be 12 characters length
17. Set PatronSelfRegistration to Allow in admin settings
18. Go to OPAC and fill self registration from.
CHECK => Play with patron category. For each change in category, password requirements are modified.
CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input.
19. Create a patron for CAT1 and another for CAT2, leaving password blank
CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12
20. In admin set PatronSelfRegistrationVerifyByEmail to require
21. Fill self registration form again with CAT2 as category
CHECK => Password requirements works as previous case.
22. Leave password blank and click submit
23. select * from message_queue;
24. Copy the link in the message and paste it in OPAC
CHECH => Generated password is 12 characters long. (Copy user id for next steps)
25. In admin set OpacResetPassword to Allow
26. Go back to OPAC, reload and click on “Forgot password?” link
27. Paste user id and click submit
28. Repeat steps 23 and 24
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in warning.
29. Login OPAC with the last user and your newly created password
30. Go to “Change your password” option
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in below “New password” input.
31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t
32. Sign off
Sponsored-by: Northeast Kansas Library - NEKLS
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Testplan for this patch:
1. Apply patch.
2. Make sure syspref "AutoApprovePatronProfileSettings" is set to "Disable".
3. Edit patron personal details via opac interface.
4. Expect modifications to require manual approval by staff via link on main page.
5. Set syspref "AutoApprovePatronProfileSettings" to "Enable".
6. Edit patron personal details via OPAC interface again.
7. Expect modifications to have been approved automatically.
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
This works, we may want some different text for this situation in the OPAC, it still says the librarian has to approve the change.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
- Set 1+ patron's attribute(s) mandatory
- Use the self-registration feature and confirm that you cannot selfreg
if the attribute has no value (or empty string)
- Same with the modification form (logged in)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>