This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.
I needed it to better understand if an edge case was actually possible
(it wasn't).
Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.
I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds the checkpw return value change to the REST API
route for validating user identifiers and password.
Test plan:
0. Apply patch
1. prove t/db_dependent/api/v1/password_validation.t
Bonus points:
1. koha-plack --reload kohadev
2. Enable syspref RESTBasicAuth
3. curl -XPOST -H "Content-Type: application/json" \
-u <staff_userid>:<staff_password> \
-d '{"identifier":"<cardnumber>","password":"<password>"}' \
http://localhost:8081/api/v1/auth/password/validation
4. Validation doesn't fail. It gives you cardnumber, patron_id, userid
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.
Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
and password being the password you set for that patron
http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Tests currently fail due to a modal remaining open. This patch closes the modal to make the tests pass
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
AssertionError: Timed out retrying after 10000ms: Expected to find element: `main div[class='dialog message']`, but never found it.
We moved from message to alert.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
== Test plan ==
0. Have Selenium running
ktd --selenium up
1. prove t/db_dependent/selenium/regressions.t
2. It should still work
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes some templates where the messages include was appearing
in the wrong place, for instance above the left-hand sidebar instead of
at the top of the main content.
The patch also adds the new include to some templates which lacked it.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
* cc is an abbreviation, so updated to CC
* Adding consistency with punctuation for error messages
* Updated a borrower to patron
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch adds further delivery details to the notices tab in patron
details in the staff client.
Once a message is sent, we display the 'from:', 'to:' and 'cc:'
addresses in the 'Delivery note' column when they exist.
Test plan
1. Enable KTD to send email [1] (without email configured the
delivery note displayed "Unhandled email failure, check the logs for
further details").
2. Add email addresses to two patrons and to KohaAdminEmailAddress,
and run misc/cronjobs/process_message_queue.pl after generating
notices.
3. For the two patrons with email addresses, make one a guarantor.
4. Sent Welcome messages (Patron account > More > Send welcome email) -
nothing in delivery note column.
5. Checkout out an item to the guarantee (item checkout email enabled) -
nothing in delivery note column.
6. Send the notices by running misc/cronjobs/process_message_queue.pl
again.
7. Now the 'Delivery note' columns should contain from:, to: and cc:
address details.
[1] Option 1 - smpt-sink (aka the sandboxes way)
- Install the postfix package inside ktd (sudo apt install postfix)
When asked in the wizard, I named mine 'local'
- Start smpt-sink with
`nohup smtp-sink -u root -D mail 127.0.0.1:25 100 </dev/null >/dev/null 2>&1 &`
Option 2 - To test sending emails using a Google account:
- Set up an App password for your Google Account
- Edit /etc/koha/sites/kohadev/koha-conf.xml file and add this
configuration near the end (where <user_name> = your Google email
address; <password> = your APP password, not your Google account
password):
<smtp_server>
<host>smtp.gmail.com</host>
<port>587</port>
<timeout>5</timeout>
<ssl_mode>STARTTLS</ssl_mode>
<user_name>GOOGLEACCOUNTUSER</user_name>
<password>GOOGLEAPPPASSWORD</password>
<debug>1</debug>
</smtp_server>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1 - Install the Kitchen Sink plugin
2 - Restart all
3 - Enable 'CronjobLog' system preference
4 - perl misc/cronjobs/plugins_nightly.pl
5 - Note you see on the command line 'Remember to clean the kitchen' - this indicates the plugin cron ran
6 - Tools->log viewer, select 'cronjob' and view
7 - Note you only see 'plugins_nightly.pl' Run and End lines
8 - Apply patches
9 - perl misc/cronjobs/plugins_nightly.pl
10 - View logs agian
11 - Note you now see Run and End lines for 'Koha::Plugin::Com::ByWaterSolutions::KitchenSink'
12 - Confirm they look like the other lines
13 - Edit KitchenSink.pm and add 'die "Kittens";' to the cronjob nightly
14 - perl misc/cronjobs/plugins_nightly.pl
15 - View logs, confirm there is a FAILED error message for the KitchenSink cron
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When running the plugins_nightly.pl cronjob, we should record the plugins that have a nightly method, logging the start and end of each plugins routine
Test Plan:
1) Enable CronjobLog
2) Install a plugin with a nightly cronjob ( e.g.
https://github.com/bywatersolutions/koha-plugin-book-list-printer )
3) Run plugins_nightly.pl
4) Note new entries in the cronjob viewer for the start and end of the
plugin's nightly cronjob run
5) Edit the plugin, add a line like "die 'this is a test';" to the
plugin's nightly cronjob
6) Run plugins_nightly.pl
7) View the action logs, not the log for the error you added!
Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Compile module, run qa tools.
Search for the use of C4::Items in C4/Biblio.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Staging modal area had issues listing availability checks for each request in the batch creation process
To test:
1) Run bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev-plus.sh)
2) Install a metadata enrichment plugin, e.g. https://github.com/PTFS-Europe/koha-plugin-api-pubmed/releases
3) Install and configure an availability plugin, e.g. eds https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds/releases
4) Enable ILLCheckAvailability sys pref
5) Create a new ILL batch and input some pubmedids, i.e. 34898594, 31452466
6) Verify that the availability results show and are working, for each request in the batch
Signed-off-by: Edith Speller <Edith.Speller@ukhsa.gov.uk>
Sponsored-by: UKHSA (UK Health Security Agency)
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
As Katrin spotted, we need to not forget the sidebar menu.
Test plan:
Check if the item is visible/invisible on the sidebar menu of
Circulation. (Depending on StockRotation pref.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Test plan:
Disable StockRotation pref. Check if report is hidden on circ home.
Enable. Check if report is visible.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
It prevents the label to be removed when the selected option is not
longer in the item list.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
We need to use the same data, for instance we had "license name" and
"first license name" for the license with license_id=1
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch addresses an annoying scroll bump when new data loads. Previously the
scrollbar would jump all the way to the top of the selct before resetting, this
has now been stopped.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes a duplicate API call and fixes the "required" attribute
Test plan as before
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To encode q parameter correctly, based on bug 33623
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Otherwise we are loosing all the point of the pagination!
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch is an example ajax based v-select. The v-select will load the first
20 items and then continue to load paginated sections of 20 items as the user
scrolls down. The v-select also offers ajax based searches (unpaginated) and
will return to 20 item pagination if the search is cleared.
Currently the pagination just works with an Intersection Observer based on
scrolling - the main issue with this is that the size of the v-select window
changes every time new data is added to the list and this causes the scrollbar
to jump before resetting at the correct size. This can be a bit annoying,
especially when scrolling quickly.
The only way round this will either be to paginate using buttons i.e.
(previous/next page) or to limit the data to 20 items at all times and
re-paginate when scrolling back up - interested to hear thoughts/suggestions
on this or whether anyone has a magic CSS fix that solves it ;)
The new v-select is only in one location so far as a test - Agreement Licenses
Test plan:
1) You will need to add multiple licenses in order to see the pagination,
attached is a script that will create 100 dummy licenses at a time if you
wish to use that
2) Once licenses are created, apply patch and run yarn build
3) Navigate to Agreements and click the New Agreement button
4) Scroll down to the Add new license option and click the button
5) The License select is the InfiniteScrollSelect and should display the
licenses you have added
6) Open the dropdown and 20 items will be listed
7) Scroll down and as you scroll, more items will be loaded (this can be seen
in the Network tab in developer tools)
8) Enter a search query and the results should reflect the search query
9) Delete the search query and the dropdown should return to the first 20
paginated items and pagination will work again when scrolling
10) Try submitting the form with paginate/searched options and the form should
still work as intended
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Anneli Österman <anneli.osterman@koha-suomi.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
1. Apply patch
2. Add item level hold to a record/item, make sure patron has no other
holds on that record
3. Go to /cgi-bin/koha/reserve/request.pl?biblionumber=xxx where xxx is
the record you placed the hold for
4. Under "Existing holds" table, in "Details" column you should see
"Only item <barcode>" dropdown
5. Select "Next available" from the dropdown
6. Click Update hold(s)
7. Observe dropdown is gone and cell value has changed from
"Only item <barcode>" to "Next available"
8. Cancel the hold and add two item level holds for the same patron
9. Under "Existing holds" table, in "Details" column you should see
"Only item <barcode>", but no select dropdown
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Anneli Österman <anneli.osterman@koha-suomi.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
When an existing report is saved and an incorrect AV category is selected,
the UI is asking "do you want to save anyway", but the "Update SQL" button
leads to a blank page and the report is not saved.
On bug 33966 the value is been adjust to 'update_sql' but this incorrect
was left.
To test you need to use the browser inspector to adjust the value of the
selected option.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
To test:
* Enable AcqEnableFiles system preference
* Go to acquisitions
* Search for a vendor and receive shipment
* Enter an invoice number and create new invoice
* Finish receive
* Click on 'manage invice files' link
* Upload a sample file
* Verify the table is missing the usual white background
* Apply patch
* Verify the the table now displays with the usual white
background
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This patch fixes even more markup errors and HTML validation issues.
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Without this patch the "Add a new checkout" label showed
up twice in the Checkouts section of the API documentation.
This adds (public) to the end of one, to make it possible
to distinguish them.
To test (ON YOUR HOST MACHINE):
1. Run:
$ cd api/v1/swagger
$ docker run --rm -v $(pwd):/api --workdir /api redocly/cli \
build-docs swagger.yaml --output index.html
2. Open the generated index.html in your browser
3. Verify doubled up headings
4. Apply patch
5. Re-run docker command form 1.
6. Verify there are now 2 different labels and "(public)" is on the
right one.
Note: if you have wrong permissions on the file, chown it to your
own user to open it in the browser.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
The patron module should now show up in the staff main navigation on
top of the page if the user only has the new list_borrowers permission.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
One of the follow-ups fixed the description in the
atomic update, but missed the SQL and include files.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
