Commit graph

42257 commits

Author SHA1 Message Date
16abe0f532 Bug 28442: Update template for new roles
We have multiple accessibility advocates this cycle, so we needed to
adapt the template. I've also added the meeting facilitator as a case
but not added to the team block as a whole.. seeking opinions, perhaps
wait and see if it lasts more than a cycle before adding it fully?

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-27 14:12:24 +02:00
467e7e4788 Bug 28442: Add 21.11 release team to teams.yaml
Add the 21.11 release team.

Test plan
1/ Check against https://wiki.koha-community.org/wiki/Release_Teams

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-27 14:12:24 +02:00
120a95cdb6 Bug 28368: Add fallback language for anonymous payment receipts
This adds a fallback for when a payment is made anonymously to allow
printing a receipt in the staff members current session language.

Test plan
1. Set `EnablePointOfSale` and `UseCashRegisters`
2. Add new cash register`
3. New debit type that 'can be sold'
4. Make a sale (via Point of Sale) using the above debit type.
5. Attempt to 'print receipt' from the subsequent prompt
6. Not the ISE: Can't call method "lang"
7. Apply patch
8. Attempt to 'print receipt' again, this time it should work.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-27 14:12:24 +02:00
2353700921 Bug 28158: Allow batchMod to run under plack
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-27 14:12:24 +02:00
48e5171214 Bug 28158: Remove additional backgroundjob related code
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-27 14:12:24 +02:00
41551dfda7 Bug 28158: Remove backgroundjob from batchMod
== Test plan ==
1 - In the default framework make sure the 952$1 is visible in opac & catalog & editor
2 - Set WhenLostChargeReplacementFee to charge
3 - Set MarkLostitemsAsReturned to return from batch modification
4 - Find/edit an item with a replacement cost
5 - Check out the item to a patron
6 - Batch modify the item
7 - Set the lost status
8 - Item is not returned or charged
9 - with the patch, it is

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-27 14:12:24 +02:00
f6b562da6d Bug 28419: Remove suspicious occurrence in opac-shelves.tt
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 15:09:41 +02:00
7efdbccfc2 Bug 28419: Fix addorderiso2709.tt translatability
It seems that the html tag within the TT comment breaks the translate
script

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 15:09:41 +02:00
4a15c972a8 Bug 28461: Fix orders, biblios, holds
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 15:05:58 +02:00
09e47b434c Bug 28461: Fix SMTP servers and extended attributes
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 14:59:26 +02:00
9de4594cf7 Bug 28461: Specify only one tag per route
Or the route will be misplaced when generated by redoc

git grep tags api|grep '",'

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 14:59:26 +02:00
fe65caf5fb Bug 28386: Disambiguate Tomas and Blou
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 12:30:59 +02:00
16851a23aa Bug 15720: Add connexion user and password options to connexion daemon
Currently the connexion daemon does not utilize the user and password passed in the requests, it expects a
user and password to be defined in the config file and for that user to be a valid Koha user with
cataloging permissions.

With that user in place all requests to the daemon are authorized.

As the connections are over TCP we allow defining a new connexion user and password to protect Koha account information.

If not defined current behaviour is preserved. Connexion user and password must both be set it either is set.

Sample config file:
host:
port: 8888
koha:http://localhost:8081
log:/var/log/koha/kohadev/connexion.log
match:ISBN
user:kohauser
password:kohapass
overlay_action:replace
nomatch_action:create_new
item_action:always_add
import_mode:redirect
debug:1

To test:
 1 - Create connexion file and save on the Koha serve
 2 - perl misc/bin/connexion_import_daemon.pl -c /kohadevbox/koha/connexion.cnf
 3 - Ensure the user specified above (connexuser) exists and has edit catalogue permissions
 4 - In another terminal make a request to the server:
        echo -en 'U6turtleA9connexionP5shell00024    a62clear00024   4500' | nc -v localhost 8888
 5 - The request should succeed and record added to batch (probably the import fails, but not important)
 6 - Add to config file
        connexion_user:conuser
 7 - Stop and restart the daemon - it should fail on missing connexion_password
 8 - Comment out connexion_user and add
        connexion_password:conpass
 9 - Stop and restart daemon, it fails on missing connexion_user
10 - Uncomment the user and restart
11 - Make another request
        echo -en 'U6turtleA9connexionP5shell00024    a62clear00024   4500' | nc -v localhost 8888
12 - It fails 'Unauthorized request'
13 - Make another request
        echo -en 'U7conuserA9connexionP7conpass00024    a62clear00024   4500' | nc -v localhost 8888
14 - It succeeds!

Signed-off-by: Allison Blanning <ablanning@hotchkiss.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 09:27:19 +02:00
146f7314cf Bug 27942: Prevent XSS vulnerabilities in quote-upload
When uploading new quotes the JS variables are not escaped correctly.

Test plan:
Create a new file with the following content (remove the first and last lines containing """):
"""
":this is a source","this is a text"
"this is another ❤one","and another text❤"
"this <script>alert('foo');</script>","and <script>alert('❤');</script>"
"""

Go to Home › Tools › Quote editor
Click Import quote
Select the file
Edit the third line, hit enter
Import quotes

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 09:26:56 +02:00
abf1b6596c Bug 20982: Sanitize category to prevent XSS on opac-shelves.pl
== Test plan ==
1. Go to http://localhost:8080/cgi-bin/koha/opac-shelves.pl?category=function(){window.location.href%20=%20%27https://git.koha-community.org/stats/koha-master/authors.html%27}()
2. Note that you are redirected to another website
3. Apply the patch & restart services
4. Repeat the above and you are not redirected

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-26 09:26:54 +02:00
335382e455 Bug 28386: Add more disambiguations to .mailmap
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 16:32:31 +02:00
8b4f2db7ef Bug 28385: Use ldapserver only if exists
Fix test
t/db_dependent/Auth_with_ldap.t .. 1/4
 #   Failed test 'use C4::Auth_with_ldap;'
 #   at t/db_dependent/Auth_with_ldap.t line 123.
 #     Tried to use 'C4::Auth_with_ldap'.
 #     Error:  No ldapserver "id="ldapserver"" defined in KOHA_CONF: /etc/koha/sites/kohadev/koha-conf.xml at /kohadevbox/koha/C4/Auth_with_ldap.pm line 55.
 # Compilation failed in require at t/db_dependent/Auth_with_ldap.t line 123.
 # BEGIN failed--compilation aborted at t/db_dependent/Auth_with_ldap.t line 123.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 10:34:51 +02:00
e10b25d594 Bug 28385: Add tests
This does not test bug 28385 directly but 28278 instead.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:45:22 +02:00
Dobrica Pavlinusic
1c9f8defcb Bug 28385: ldap server configuration broken since migration from XML::Simple
Bug 28278 removed usage of XML::Simple which had side-affect that
C4::Context->config("ldapserver") returns one more level of hash
based on id of element, so ldap configuration was no longer
available generating error in log:

No ldapserver "hostname" defined in KOHA_CONF: /etc/koha/sites/srvgit/koha-conf.xml

which is very confusing since hostname is there, but we are looking
at wrong place for it.

== Test plan ==
1. Setup an LDAP server with users or use a public one
     See https://wiki.koha-community.org/wiki/Ldap_testing
2. Configure Koha to use it, see example config above
3. Go to OPAC
4. Koha doesn't compile due to LDAP config not parsed correctly
5. Apply the patch
6. Koha compiles and page loads
7. Log in successfully with one of the LDAP users
8. Bonus: Try to log-in with a wrong username & a good password and
     vice-versa

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:45:22 +02:00
07e760bff8 Bug 28414: Fix labels for return claims
The way labels are used with RedDoc, we need to tidy them better. We
should do it with all the routes, but this one is specially noisy on the
UI.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:45:22 +02:00
9f8abe3618 Bug 28386: Add the 3 unknown authors back into the contributors list with a note
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:30:33 +02:00
9aced846d3 Bug 28386: Update history using script
This is an example of what will be regenerated.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
4c5dc08598 Bug 28386: Update contributors using script
This is an example of what will be regenerated.
It will need to be regenerated once it will be pushed

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
d4139e39aa Bug 28386: Fix Pawel history notes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
88d2db265c Bug 28386: fisheye is certainly Olwen
After a chat with Chris it seems that fisheye was Olwen.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
d102651d1b Bug 28386: Add sponsors to .mailmap
They were in dev_map.yaml, we are cheating with the <sponsor> email but
it seems to work fine in my tests

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
d7363cd523 Bug 28386: Disambiguate Séverine (to squash)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
d7a6bd08ba Bug 28386: Add history_notes
The "developer" lines of history.txt will be regenerated using the git
history so we need to add this as a separate info.
See the release_tools changes for more info

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
c906e55c01 Bug 28386: Update Hector
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
bb94360721 Bug 28386: Meenakshi.R vs Meenakshi R
Needs to match .mailmap

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
137c271512 Bug 28386: Update Kyle
Need to match .mailmap

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
1e51ed3ba6 Bug 28386: Update Nicole
Need to match .mailmap

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
6a701b363f Bug 28386: Remove unknown authors
Those 3 authors are not in the git history, we should remove them from
the author list.
However we could re-add them to the contributor list with a note saying
for instance they were part of the Catalyst Academy (need to double
check that first)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
b8818ac568 Bug 28386: Some manual removals from contributors.yaml
Those are not real authors and should be removed from the
contributors.yaml file

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
7b44702027 Bug 28386: Adjust .mailmap
Again, we need to adjust our .mailmap
This time the goal is the use it in place of the dev_map.yaml we have in
the release tools.

This will be generated for the release notes, history.txt and
contributors.yaml file

This can be tested using:
  git check-mailmap "author <email>"

For instance:
  git check-mailmap "Wrong name <jonathan.druart@bugs.koha-community.org>"

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
223541bba4 Bug 28369: (QA follow-up) Restore PUT with deprecation message
This patch restores the PUT route, but adding a deprecation message. The
controller method is the same, and relevant patch tests are duplicated
but calling PUT, so it still gets tested.

To test:
1. Apply this patch
2. Reload plack
3. Open https://<>/api/v1/.html and find the PUT /holds/{hold_id} route
=> SUCCESS: There's a deprecation wargning!
4. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/holds.t
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
a554b5a545 Bug 28369: Set additionalProperties: false and fix things
This patch performs a cleanup on the holds routes:
- It adds additionalProperties: false to all missing routes
- It syncs the spec with the guidelines
- additionalProperties: false highlighted some attributes read in the
  controlled weren't declared on the spec, adding them
- PUT /holds/:hold_id is moved to PATCH, as it makes more sense and
  gathered opinions lean towards that

To test:
1. Apply the tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: Lots of things are wrong with the API
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
cfe3e013a2 Bug 28369: Regression tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Joonas Kylmälä <joonas.kylmala@helsinki.fi>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
f6308ae4f1 Bug 28370: Fix invalid responses in /patrons
This response codes are not actually used.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
18a332e608 Bug 28370: (follow-up) More cases
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
65927d0acb Bug 28370: Rewrite tests
This patch rewrites the tests, and also doesn't enforce
additionalProperties to be false. We could need it, and there are routes
that need to be reviewed that would break otherwise now: error.json, for
example, is used everywhere, and some routes add some payload to it.

The main change this patch introduces is using the resolved spec instead
of finding each .json file, which wasn't even correct as we have .yaml
files already. Parameters and responses are tested.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove xt/api.t
=> SUCCESS: Tests fail! A nice report on the failures is printed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
49ce9d9726 Bug 28370: Add tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:18 +02:00
051a06e69b Bug 28370: Add missing additionalProperties in spec
This patch adds missing attribute to the object definitions in the spec.
We wrongly supposed it was the default, but it proved not.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1
=> SUCCESS: Tests pass, nothing breaks!
3. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:17 +02:00
ef2f066503 Bug 28424: (follow-up) Do not create account lines manually
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:17 +02:00
d934d66f00 Bug 28424: (28370 follow-up) Fix response definition
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:17 +02:00
cfcc34fde7 Bug 28424: Fix patron credits route (POST)
This patch makes the route follow the coding guidelines and thus:
- Return the generated object
- Use the status code 201 for the response

To test:
1. Apply the tests patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/api/v1/patrons_accounts.t
=> FAIL: Tests fail. The reponse body and status is incorrect
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:17 +02:00
d86fbe95d3 Bug 28424: Regression tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-25 09:28:17 +02:00
421fdc3d8f Bug 28302: Update packages to ignore CGI::Compile 0.24 (2)
to test...
 1/ build package
 2/ install package on focal
 3/ check that libcgi-compile-perl 0.24 is not installed

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-20 17:08:04 +02:00
c2c16cde6e Bug 28273: (follow-up) Remove unused variable
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-20 08:43:34 +02:00
a2510a51b5 Bug 28273: Add form validation for pickup locations
This patch introduces validation on the new pickup locations column.
This way, if a selected title doesn't have a pickup location set, it
will prevent form submission and a suitable error message will pop-up.

To test:
1. Apply this patch
2. Attempt to place multi-title level holds
3. Make sure some selected titles don't have the pickup location set
4. Submit
=> SUCCESS: Form submission halts, an idiomatic error message shows.
5. Unselect all biblios and repeat 4
=> SUCCESS: You are not allowed to proceed, a message is displayed.
6. Have all selected titles set a pickup location, submit
=> SUCCESS: Holds are placed as they should.
7. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-20 08:43:34 +02:00