Commit graph

1190 commits

Author SHA1 Message Date
fde33d7a4c
Bug 31562: Treat flags as other borrower fields
Rather than generate a custom hash for these fields, we should treat them as other borrower data fields

To test:
 1 - Edit a patron, note the 'Lost card' and 'Gone no address' fields
 2 - Edit syspref BorrowerunwantedField
 3 - Set gonenoaddress and lost as unwanted
 4 - Edit patron, the fields remain
 5 - Apply patch
 6 - Edit a patron, fields are hidden
 7 - Unhide one of the fields
 8 - Edit a patron and confirm it shows and saves correctly
 9 - Unhide the other field
10 - Confirm it can be edited and saved

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-22 09:24:41 -03:00
Julian Maurice
63f88a5742
Bug 31254: Add additional fields for accountlines
Test plan:
1. Go to Admin » Additional fields
   There are two new categories: "Account lines (credit)" and
   "Account lines (debit)"
2. Create fields for both categories, with and without an authorized
   value category
3. Go to a user's accounting page
4. Create a manual invoice. Verify that all "debit" fields are there,
   put a value in them and save
5. Create a manual credit. Verify that all "credit" fields are there,
   put a value in them and save
6. Make a payment. Verify that all "credit" fields are there, put a
   value in them and save
7. Go to the transactions tab, click on the "Details" button for the
   lines you just created and verify that the additional fields are
   there

Signed-off-by: Emmanuel Bétemps <e.betemps@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-21 18:58:28 -03:00
2954fbc9cc
Bug 30335: (follow-up) Bind new permissions to pages and tabs
This patch binds the new permissions added in the previous patch to the
tab display on the borrower account page.

Test plan
1) Apply the previous patch and run the database update
2) Configure a user without the new permissions
3) Confirm the 'Create manual invoice' and 'Create manual credit' tabs
   no longer appear under the 'Accounting' area when logged in as the
   above user.
4) Confirm that you cannot manually navigate to /members/mancredit.pl or
   /members/maninvoice.pl when logged in as the above user.
5) Confirm that users with the above permissions are still able to see
   the tabs and take actions on them.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-31 08:41:01 -03:00
6ce4d25bd3
Bug 23681: Move to ::Patron::Restriction::Type(s)
This patch moves the new classes under ::Patron::Restriction:: and
enhances the Unit tests for those classes.

NOTE: We should drop keyed_on_code as part of bug 31095
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-25 08:50:35 -03:00
Andrew Isherwood
a8448041ba
Bug 23681: Allow for selection of restriction type
This patch displays a restriction type select box (when appropriate)
when adding manual patron restrictions

Sponsored-by: Loughborough University
Signed-off-by: Benjamin Veasey <B.T.Veasey@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-25 08:41:01 -03:00
Andrew Isherwood
e0160b905b
Bug 23681: Allow for changes to debarments
The structure of debarments has changes slightly in that the displayed
text is now a product of a call to Koha::RestrictionTypes rather than
just the debarment's code. This patch allows for that

Sponsored-by: Loughborough University
Signed-off-by: Benjamin Veasey <B.T.Veasey@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-25 08:41:01 -03:00
48bf9b1d91
Bug 30718: Use flatpickr's altInput
The idea rely on the KohaDates TT plugin for the date formatting. We
should not have any output_pref calls in pl or pm (there are some
exceptions, for ILSDI for instance).

Also flatpickr will deal with the places where dates are inputed. We
will pass the raw SQL value (what we call 'iso' in Koha::DateUtils), and
the controller will receive the same value, no need to additional
conversion.
Note that DBIC has the capability to auto-deflate DateTime objects,
which makes things way easier. We can either pass the value we receive
from the controller, or pass a DT object to our methods.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-19 08:26:31 -03:00
bc0d561cf0
Bug 30874: Remove category_type
In which case do we pass category_type to this script? Am I missing
something?

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:36 -03:00
a2330a84e0
Bug 30874: Simplify categories loop construction
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:36 -03:00
71611bb146
Bug 30874: 2 more - need more investigation
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:35 -03:00
18d7c7fdf9
Bug 30874: Reduce number of category fetches
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:35 -03:00
36cb2bff47
Bug 30874: Replace categoryname
== Test plan ==
1. Apply all patches
2. Create a new patron in a given category
   => Form show the dropdown with the selected category
3. Edit again
   => Value is kept
4. Edit a category to give it specific values for: messaging prefs,
   password strength/length, can be guarantee
5. Edit the patron, change the category, and confirm that the different
   limitation are correctly applied.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:35 -03:00
87aa05f9de
Bug 26689: Prepend letter codes.
This patch prepends the credit_type_code and debit_type_code with
CREDIT_ and DEBIT_ respectively when doing a lookup on the notice letter
code.

Test plan
1) As previous patches, however instead of just naming your notice to
   match the credit_type_code or debit_type_code use
   CREDIT_credit_type_code and DEBIT_debit_type_code respectively.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:01:36 -03:00
8e46612d7c
Bug 26689: Check for specific template then fallback - printinvoice
This patch adds a check for a more specific ACCOUNT_DEBIT template
(named to match the debit_type_code of the credit line) prior to
falling back to the ACCOUNT_DEBIT template.

Test plan
1/ On a patrons account page use the print option on a series of debit
lines with differing credit types (Overdue, Payout)
2/ Note that the same template 'ACCOUNT_DEBIT' is used for all types
3/ Apply the patch
4/ Run step 1 again and note all still print using ACCOUNT_DEBIT
5/ Add a new notice template under the 'circulation' module with a code
that matches one of your account debit types (OVERDUE, PAYOUT)
6/ Run step 1 again and note that where you have added a specific notice
for that debit type it has been used.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:01:36 -03:00
422ab47283
Bug 26689: Check for specific template then fallback - printfeercpt
This patch adds a check for a more specific ACCOUNT_CREDIT template
(named to match the credit_type_code of the credit line) prior to
falling back to the ACCOUNT_CREDIT template.

Test plan
1/ On a patrons account page use the print option on a series of credit
lines with differing credit types (Payment, Lost Item Return, Writeoff)
2/ Note that the same template 'ACCOUNT_CREDIT' is used for all types
3/ Apply the patch
4/ Run step 1 again and note all still print using ACCOUNT_CREDIT
5/ Add a new notice template under the 'circulation' module with a code
that matches one of your account credit types (PAYMENT, WRITEOFF,
LOST_FOUND)
6/ Run step 1 again and note that where you have added a specific notice
for that credit type it has been used.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:01:36 -03:00
Andrew Isherwood
968c5865e7
Bug 23838: Add renewals modal
This patch adds the display of the renewals modal when appropriate. A
"View" link is displayed next to renewals count where appropriate.
Clicking the link opens the modal that displays the logged renewals.

Sponsored-by: Loughborough University
Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Ben Veasey <B.T.Veasey@lboro.ac.uk>

Rescued-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

I rescued this patchset by squashing previous work and updating it to
utilise the new renewals API routes introduced in bug 30275.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 11:39:09 -03:00
146423f1bc
Bug 7660: Use first available categorycode when none passed in
The code that populates the patron messaging preferences on initial form load
expects to have a category selected. Currently we only have one if one was
passed to the form. When creating an account from a parent, we don't have a
category explicitly selected - so we can just select the first of the possible
categories

To test:
 1 - In KTD set 'Juvenile' category to have some messaging preferences
 2 - Find a patron, say Edna Acosta, and 'Add guarantee'
 3 - In new form preferences are blank, cancel
 4 - Apply patch, restart all
 5 - Go to Edna, click 'Add guarantee'
 6 - Preferences are populated!
 7 - Cancel
 8 - Go to 'Patrons' module
 9 - Click "+ New patron"
10 - Confirm messaging preferences load correctly when not adding child

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-20 10:07:08 -03:00
Aleisha Amohia
952f00f20b
Bug 30905: Show waiting recalls in patron account
This enhancement shows recalls ready for pick-up on the patron's account
so they can't be missed.

To test:
1) Enable the UseRecalls system preference and set up your
recalls-related circulation rules.
2) Check out an item to Patron B.
3) Log into the OPAC as Patron A and search for the item.
4) Place a recall on that item. Note the pickup library.
5) Go back to the staff client. At the top right of the page, confirm
your logged in library matches the recall pickup library. Set the
library to the recall pickup library if needed.
6) Check in the recalled item and confirm the recall as waiting for
Patron A.
7) Go to Patron A's account (members/moremember.pl). Confirm the recall
shows under 'Recalls waiting here' and all the information is correct.
8) Go to Patron A's checkouts (circ/circulation.pl). Confirm the recall
shows under 'Recalls waiting here' and all the information is correct.
9) Click on the menu at the top right of the page and choose 'Set
library'. Change the library to some other library.
10) Repeat steps 7 and 8, however this time the recall should show under
'Recalls waiting at other libraries'.

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-19 09:41:08 -03:00
fd49601079
Bug 20439: Sort SMS providers in alphabetical order by DB field
To test:
1/ Add 'Email' to the 'SMSSendDriver' system preference.
2/ Make sure 'EnhancedMessagingPreferencesOPAC' and 'EnhancedMessagingPreferences' are turned on.
3/ Add some SMS providers (/cgi-bin/koha/admin/sms_providers.pl) with different names.
4/ Notice on memberentry.pl and opac-messaging.pl the SMS providers sort by when they were added, not alphabetically.
5/ Apply patch and restart services.
6/ Look at memberentry.pl and opac-messaging.pl and notice that they SMS providers now sort alphabetically.

Signed-off-by: George Williams <george@nekls.org
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-18 14:51:57 -03:00
d533a92aa8
Bug 23991: Move SearchSuggestion to Koha::Suggestions
The C4::Suggestions::SearchSuggestion subroutine is badly written and
can be replaced by calls to Koha::Suggestions->search.
The hard part in this patch is suggestion.pl, the other occurrences have
been replaced easily.

Test plan:
The idea is to test the whole suggestion workflow.
1. Create a suggestion on OPAC
2. Create a suggestion on the staff interface
3. Edit suggestions
4. Filter suggestions (use the different filters and "organize by"
values)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Remove SearchSuggestion tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (QA follow-up) Save some DB queries

This patch makes the suggestion-related pages rely on array size instead
of querying the DB each time they need to. In the case of
suggestion/suggestion.pl it goes from 4 COUNT(*) to 1.

To test, with KTD:
1. Run on the host machine:
    $ docker exec -ti koha_db_1 bash
    $ mysql -ppassword
    > SET GLOBAL general_log_file='/var/log/mysql/mycustom.log';
    > SET GLOBAL log_output = 'FILE';
    > SET GLOBAL general_log = 'ON';
    > \q
    $ tail -f /var/log/mysql/mycustom.log | grep suggestions
2. Visit the different pages changed on this bug
=> SUCCESS: Some queries
3. Apply this patch
4. Repeat 2
=> SUCCESS: Less queries!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix branchcode and budgetid filtering

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix conflict with bug 28941

Well, this patchset fixed the security bug...
Redoing on top of bug 28941

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (follow-up) Missing semicolon

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix 'all' libraries

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (follow-up) Add value to filter_archived

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-27 12:30:28 -03:00
251a3bb584 Bug 12446: (QA follow-up) Rename canbeguarantee => can_be_guarantee
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:34:05 -03:00
The Minh Luong
eae7eb4dc0
Bug 12446: Fix typos
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

JD Amended patch: squashed and edited commit message

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:33:20 -03:00
Maryse Simard
b69a7977d8
Bug 12446: Limit available categories when using "Add guarantee" button
Test plan:
1) Have some patron categories that can and cannot be guarantee
2) Visit a patron's account and click the "Add guarantee" button
3) In the "category" dropdown, note that all categories are available
4) Apply this patch
5) Repeat step 2 and 3; the dropdown now only contains the categories
for which "can be guarantee" is set to "Yes".

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:33:12 -03:00
Maryse Simard
b8f1b0e73d
Bug 12446: Ability to allow guarantor relationship for all patron category types
This adds a new field "Can be guarantee" to patron categories so it
becomes possible for any category type to have a guarantor.

To test:
1) Have a patron category of type 'Adult' and one of type 'Child'
2) Confirm, by searching for the "Patron guarantor" fieldset in the
edit/create form, that:
    => a patron of the first category can't have a guarantor
    => a patron from the second category can
3) Apply patch and run updatedatabase.pl
4) Edit the categories and note the new "Can be guarantee" field
5) It should have been set to "yes" for the "Child" and to "no" for
the "Adult"
5) Repeat step 2. It should behave in the same way.
6) Edit the "Can be guarantee" for any of the category and check
that the fieldset only appears when "Can be guarantee" is set to "yes"
7) prove t/db_dependent/Patrons.t
    => tests should still pass

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:33:01 -03:00
5e5b642067
Bug 30420: Rename Koha::Patron->get_overdues with ->overdues
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-14 08:46:05 -03:00
c3fd42b550
Bug 30807: Migrate to patron-title in pay and paycollect
This patch updates the member-flags template to use the patron-title.inc
include wherever patron names are referenced.

Test plan
1) Navigate to a patron and click through to their accounts tab
2) Note how the patron name displays in the title, breadcrumb and
   headings
3) Click through to make a payment
4) Note how the patron name displays in the title, breadcrumb and
   headings
5) Apply the patch and reload the page
6) Confirm the patron name still appears in each location and is
   consistently formatted and linked as you would expect

Note: This patch also removes a superflous hidden title form element
that was simply passed to and from the controller but not actually used
in any way.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-08 11:44:03 -03:00
b5a93edea5 Bug 30611: Add ability for staff to send password reset emails
This patch adds the ability for staff with the edit_borrowers permission
to send password reset emails to users.

The staff initiated password reset has it's own notice,
STAFF_PASSWORD_RESET, and the reset link produced has an extended
timeout of 5 days, as apposed to the usual 2 day limit.

Test plan
1) Apply patch and run the database update
2) Login to the staff client with a user who has the 'edit_borrowers'
   permission.
3) Note that a new, 'Send password reset' option appears under the
   'More' menu on the patron details page.
4) Clicking the button will queue the STAFF_PASSWORD_RESET notice and
   redirect the user to the Notices tab.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
6ae0b3c76c Bug 29926: Add ability for superlibrarian to view/edit password expiration
To  test:
 1 - Sign in as a superlibrarian
 2 - Find a patron account with no password expiration set
 3 - View member detials
 4 - note expiration says 'Never'
 5 - Edit patron
 6 - Set patron expiration
 7- Save
 8 - View details, confirm password expiration shows correctly
 9 - Sign in as non-superlibrarian
10 - Confirm you don't see expirationdate on details page
11 - Edit patron and confirm password expiration does not show
12 - Edit HTML and confirm you epxiration date not saved
     <input type="text" name="password_expiration_date" value="2052-05-02">

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
Aleisha Amohia
674e385bf1 Bug 30291: Changes to staff client files
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-05 11:17:36 -10:00
e225ee3b15 Bug 28998: (QA follow-up) Improve output on error
This patch updates the output_and_exit call to instead pass an error
parameter in the template and use it to display the warning instead of
the rest of the page content in the 'Manage two-factor authentication'
page.

This allows for translation and makes the page adhere to normal
practices.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 05:18:31 -10:00
f300a7d363 Bug 28998: (follow-up) Check missing encryption key in script and module
Script prints a warning.
Module raises an exception.
Unit test added.

Test plan:
Run t/db_dependent/Koha/Encryption.t
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t
Remove entry and check script.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 05:18:31 -10:00
b515208fa2 Bug 28998: (follow-up) Apply changes to TwoFactorAuth module and script
Test plan:
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t
Walk thru cycle register - logout/login - deregister - logout/login.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 05:18:31 -10:00
0988807436 Bug 29894: (QA follow-up) Get rid of send_confirm_notice
Chose here to fall back to $patron->queue_notice. Which is tested
already, so removing the additional test code.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
279d9d62a3 Bug 29894: Send a confirmation notice
When registering or deregistering, send a confirmation.

Test plan:
Register or deregister with patron having email address.
Verify that you got a confirmation mail.
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
2e4345cc77 Bug 29894: Clear secret when disabling 2FA
Test plan:
Deregister 2FA for patron.
Check if secret is empty in borrowers.secret.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
d42cd2b629 Bug 29894: Add some exceptions to TwoFactorAuth module
Test updated accordingly.
Adding utf8 flag to CGI in staff script.

Test plan:
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
8bd314fe0b Bug 29873: Create QR code
Instead of using deprecated Google Charts API, and exposing our
secret in a GET parameter, we generate QR data ourselves.

Test plan:
[1] Enable two factor authentication in the prefs.
[2] Login in staff. Go to account. Select Manage 2FA.
[3] Verify that QR code is displayed.
[4] Register the QR in your authenticator app and test 2FA
    by logging in again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested with Google Authenticator and FreeOTP.

Bug 29873: (follow-up) Rename qr_dataurl

As requested by a QA team member.
We're moving to qr_code as method name. This is the same name as
the method in the underlying base class.
Apart from one sed statement, changing to self->SUPER on one line.

Test plan:
Can you still register, logout and login?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 29873: (follow-up) Switch to GD

We do not need a new module, we could use GD instead.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
75e11d85d0 Bug 28786: (QA follow-up) Check the returned CSRF token
We're doing this in the registering stage and at disabling.

Test plan:
Ënable two-factor auth but logout/login on another tab. You should
get the Wrong CSRF token when submitting.
Do similar thing while disabling.
Verify that you can register / disable when in the same session.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
9ea5a8268d Bug 28786: (QA follow-up) Do not call generate_secret32
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
a47833c24b Bug 28786: (QA follow-up) Fix qa warnings
FAIL   members/two_factor_auth.pl
   FAIL   file permissions
                File must have the exec flag
 FAIL   koha-tmpl/intranet-tmpl/prog/en/modules/members/two_factor_auth.tt
   FAIL   filters
                missing_filter at line 42 (                        <p>Account: [% issuer %]</p>)
                missing_filter at line 43 (                        <p>Key: [% key_id %]</p>)
                missing_filter at line 54 (                            <input type="hidden" name="secret32" value="[% secret32 %]" />)
                missing_filter at line 58 (                                    <img id="qr_code" src="[% qr_code_url %]" />)
 FAIL   Koha/Auth/TwoFactorAuth.pm
   FAIL   pod coverage
                POD is missing for 'new'

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
d827ee310a Bug 28786: Correctly inherit from Auth::GoogleAuth
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
639f96376a Bug 28786: Add controller script and template
Sponsored-by: Orex Digital

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
30f598cebe Bug 9097: Add option to manually send welcome email
This patch adds a new 'Send welcome email' option to the 'More' dropdown
menu in the patrons toolbar.

Clicking the button will queue the welcome email again for the patron and
redirect the user to the Notices tab to view it's contents.

Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Jessie Zairo <jzairo@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
3d5e974f8f Bug 30237: Replace AutoEmailOpacUser with AutoEmailNewUser
This patch replaces the AutoEmailOpacUser system preference with a new
AutoEmailNewUser preference. This makes the functionof the preference
clearer.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
a4da023bae Bug 30237: Reference new WELCOME notice
This patch updates all references to the former ACCTDETAILS notice to
use the new WELCOME email notice instead.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
0aeb470814 Bug 30485: (bug 30063 follow-up) Display all patrons if not term passed
Regression from bug 30063. If you are searching all patrons (not search term passed) from the header, the patron search result is not displayed.

Test plan:
Go to the Koha homepage, search patrons, don't enter a search term and
click "submit"
All patrons must be returned.
Regression test: on the other patron search forms, confirm that there is
no regression, ie. no patron displayed until you search for something

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:39 +02:00
f6394501f2 Bug 30063: Restore back behaviour
Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:47:02 +02:00
565bf8a006 Bug 30063: Make the main patron search use the REST API
To test:
* Length menu (PatronsPerPage)
* Query description
* Highlight of the current library

* sticky header - Does not work (?)

If the table does not show when you submit the filter form, make sure
you regenerated the compiled CSS.

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:47:01 +02:00
89a54da63e Bug 30093: Make patron search from request.pl use the REST API
In this patch we want to reuse what has been done in the previous bug
report to search patrons using the REST API route.
The code is mainly in members/search.tt, for all the patron searches
that "add" or "select" a patron (popup windows).
The patron search for holds is a bit different, we don't want to open a
popup window.
We are moving to code to an include file (patron-search.tt) to make it
reusable easily.

Note that we are improving how the patron's addresses are displayed, and
provide a JS equivalent to the TT includes files.

Test plan:
Search for patrons from the "Place a hold on" view.
You should see the same view as behaviour, with more filters.

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:47:00 +02:00
c07c6da529 Bug 30055: Put extended attributes search back
Last patches remove the ability to search on extended attributes.
C4::Utils::DataTables::Members::search is searching on all the
attributes that are flagged as "searchable", we want to keep this
behaviour.

I have tried several things and this is the simplest I have found.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Séverine Queune <severine.queune@bulac.fr>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-04 09:46:58 +02:00