To reproduce:
- Allow commenting in OPAC (Syspref reviewson)
- Log in to OPAC
- Do a search with many results
- Click on a biblio in result list
- Verify that you can browse the results in detail view ("Browse results")
- Repeat teh search above
- Click on the same biblio as above
- Add a comment (Tab "Comments")
- Close commenting window
- Click on "Next" in result browser
Result: The next biblio is displayed, but result browser has disappeared.
To test:
- Apply patch
- Try to reproduce issue above, verify that result browser does no longer disappear
AMended to remove whitespace chars. / MV
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Bug & solution checked, works well. No koha-qa errors
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.
Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients. t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.
In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.
Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.
The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.
catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.
Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.
Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.
opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.
t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.
In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.
C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.
The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.
TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
(tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
(since code with comments about plak were sliced out)
- configuring Koha to use CAS
(may be requires for the CAS test)
1) Apply patch
2) Make sure OPACBaseURL is set without the protocol included.
UPDATEDATABASE
3) back up your DB
4) ./installer/data/mysql/updatedatabase.pl
-- It should run without errors.
5) Look up the OPACBaseURL system preference in the staff
client
-- It should have http:// prepended.
6) Run the mysqlclient from your koha git directory
USE koha_library;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
-- There should be no prepended http:// on the
<<OPACBaseURL>>.
7) restore your DB
8) Make sure OPACBaseURL is set with the protocol included,
preferably https.
-- Using https requires a bunch of apache2 tweaks.
AUTH
9) Call up staff client.
10) Call up OPAC.
-- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
-- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t
CONTEXT
14) Home -> Koha administration -> Global System Preferences
-> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
on it.
-- It should be modified to include http://
16) Modify and save another system preference.
-- It should save normally
17) prove -v t/db_dependent/Context.t
CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
-- There should be a "OPAC view" link which has the
correct http:// or https:// in it.
SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
USE koha_library;
DELETE FROM letter;
source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/en/mandatory/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/it-IT/necessari/notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
DELETE FROM letter;
source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
-- Each of the selects should should lines that have
<<OPACBaseURL>> starting them, but no hard-coded http://
DELETE FROM systempreferences;
source installer/data/mysql/sysprefs.sql;
SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
-- The explanation should reflect the new explanation.
QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
preferably https.
-- Using https requires a bunch of apache2 tweaks.
SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
-- the URL beside 'OPAC View' should have the appropriate
http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
-- the URL beside 'OPAC View' should have the appropriate
http:// or https://
OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
-- the Share links should have the appropriate protocol on
the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
-- the Share links should have the appropriate protocol on
the OPACBaseURL.
AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t
OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.
AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
-- needs to be tests on Debian, because I can't get
the Test::DBIx::Class installed in Ubuntu. :(
Rebased again on kohadevbox...
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
TEST PLAN
---------
1) $ prove t/db_dependent/Auth.t
-- warnings
2) Apply this patch
3) $ prove t/db_dependent/Auth.t
-- only one specific type of warning
4) Apply bug 5010 patch
5) $ prove t/db_dependent/Auth.t
-- noisy is eliminated
6) koha qa test tools.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
With patch only one warn
With 5010 no more warns
No errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Test plan:
Same as previous patch for opacuserjs
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Worked before and after updatedatabase.pl, though after
is less confusing to the programmer unaware of case-insensitivity.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To match IntranetUserCSS, intranetuserjs should be renamed
IntranetUserJS.
Test plan:
1/ Be sure there is no occurrence of intranetuserjs
2/ Confirm the pref still works as before
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
NOTE: Worked before and after updatedatabase.pl, though after
is less confusing to the person unaware of case insensitivity.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This code causes the installer to re-check dependencies during the
upgrade process.
Test Plan
---------
1) Log in to staff client
2) Koha Administration -> Global system preferences -> Local
3) Change Version to previous version -- DO NOT HIT SAVE YET!
4) In command line: sudo apt-get purge libpdf-fromhtml-perl
NOTE: This could be ANY required library. I chose
PDF::FromHTML, because it has been a thorn in my side.
5) NOW! Hit the 'Save' button.
6) Log in, etc. etc...
-- Blows up on redirect to log in.
7) In command line, add it back (I had to compile my own so,
I used sudo dpkg -i /path/to/libpdf-fromhtml-perl...)
8) Apply patch
9) Edit the C4/Installer/PerlDependencies.pm to make
PDF::FromHTML required. See also bug 14103.
10) Log in to staff client
11) Koha Administration -> Global system preferences -> Local
12) Change Version to previous version -- DO NOT HIT SAVE YET!
13) In command line: sudo apt-get purge libpdf-fromhtml-perl
14) NOW! Hit the 'Save' button.
15) Log in, etc. etc...
16) Once warned you are missing it, add it back at the command line.
17) Click 'Recheck'
-- Proceeds as expected now.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It will permit not to run another perl interpreter.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch adds:
- links to the new pages.
- syspref description
- links on the main page (intranet)
- the DISCHARGE type for debarment
Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
http://bugs.koha-community.org/show_bug.cgi?id=9987
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch allows to use CAS authentication for intranet login.
It works exactly the same as the OPAC login, except that the
staffClientBaseURL syspref must be set for intranet login
(like OPACBaseURL must be set for OPAC login).
Signed-off-by: Koha Team AMU <koha.aixmarseille@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
In C4::Auth there is a use C4::VirtualShelves.
Virtualshelves are displayed in all OPAC pages, but not in intranet.
For performance, we should move this into a require only for opac pages.
This patch adds a condition to fetch virtualshelves only if opac and moves the dependancy on C4::VirtualShelves into require calls.
On my desktop, I have those compilation times for C4/Auth.pm :
- Without patch : 0,41 seconds
- With patch : 0,22 seconds
This performance improvement is very usefull for pages that only use a few as dependancy, like errors/404.pl
Test plan :
- Be sure there are some public lists
- Apply patch
- Go to opac (not logged-in)
- Click on "Lists"
- Check you see the public lists
- Login with a user
- Be sure this user has some private lists
- Click on "Lists"
- Check you see the public and private lists
- Logout
- Go to /cgi-bin/koha/opac-reserve.pl
- You see the loggin page
- Click on "Lists"
- Check you see the public lists
- Go to intranet
- Check you can loggin
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Test plan (from comment #1)
1) Apply this patch
2) Run updatedatabase.pl
3) Verify the system pref OpacColorStyleSheet still works
i.e. no change should be noted
Additionally, I changed the path to an other stylesheet and verified that it worked.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described and no more occurences of opaccolorstylesheet were found.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If the user is already logged-in, do not trigger CAS authentication
even if there is a ticket in the parameters.
1) Authenticate to the OPAC through CAS.
2) Once redirected to your account, hit F5 or the refresh button of your browser.
3) You're logged out.
Signed-off-by: Koha Team Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Luce Barbey <luce.barbey@cirad.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Added sign of lines according to bug.
Works as described, small change.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
C4::Reserves:
* Added OnShelfHoldsAllowed() to check issuingrules
* Added OPACItemHoldsAllowed() to check issuingrules
* IsAvailableForItemLevelRequest() changed interface, now takes
$item_record,$borrower_record; calls OnShelfHoldsAllowed()
opac/opac-reserve.pl and opac/opac-search.pl:
* rewrote hold allowed rule to use OPACItemHoldsAllowed()
* also use OnShelfHoldsAllowed() through
* IsAvailableForItemLevelRequest()
templates:
* Removed AllowOnShelfHolds and OPACItemHolds global flags, they now
only have meaning per item type
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
I have tested this patch left, right and upside down for the last
several months. All tests have passed.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
There were multiple calling conventions for C4::Context's
set_userenv routine. So the following commands were used to
find discrepancies:
grep "::set_userenv" `find .`
grep "\->set_userenv" `find .`
The first grep demonstrated that the smaller change is from
:: to -> as only C4/Auth.pm, installer/InstallAuth.pm, and
t/db_dependent/Circulation.t would need to be modified. This
patch corrects C4::Context's set_userenv routine to be object
call based (use ->) by using a shift to ignore the first
parameter, and modify the three files found with :: calls.
As the result of trying to roll a distribution,
t/Circulation_barcodedecode.t was discovered to be faulty. The
cause being incorrect parameters! This was hidden when there
was no shift in the set_userenv routine. However, with its
correction, the test broke.
This led me to read the POD documentation for the function
set_userenv in C4::Context and realize it was outdated as
well. It has been revised to match the current version of
the function.
Then intentionally bad parameters passed to the set_userenv
routine in C4::Context were hunted down. The biggest problems
were missing surnames or branch names.
Rebase required because of shibboleth change in C4/Context.pm
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
There was an instance of the pragma missed which meant the the original
patch set didn't actually solve the problem in a large number of cases
This patch adds in the relevant statement.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To Test:
1) Enable the system preference SessionRestrictionByIP
2) Change your system IP. It will not checkout your system IP or signout.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
A failed login should not leave the user in a half logged authenticated
state, but rather return them to an anonymouse session as per the
pre-login attempt state.
To replicate error:
1. Try to log in with some nonexisting user id or wrong password in the
OPAC
2. Go directly to /opac-user.pl (e.g., enter it in the browser address
bar, or just click on the "Log in" link)
3. Observe a DBI error displayed on the screen
4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
display the login screen, no matter how many times you try to reload
it); to break the deadloop, one needs to:
- remove session cookie from the browser (or cause the session to
expire in some other way - closing browser window would be probably
enough for that)
- remove offending session on the server (from mysql sessions table,
..)
- log in with proper credentials using some other page (like
opac/opac-main.pl right-side panel), which does not involve
opac/opac-user.pl being called without "userid" CGI parameter.
To test:
1. Test as above, the DBI error should no longer be present
2. Check that search history works across failed and sucessful login
attempts
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Add a missing semicolon to the end of a template variable assignment
line. This patch should not affect operation.
Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Removed an uneeded semicolon from the end of an 'if' block. This should
not affect operation of the script.
Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This tidy should only change whitespace and not line breaks, thus
retaining history.
There are no code changes, and thus there should be no regressions to
test for koha wise.
To test the non-destrcutive nature of the patch, run a 'git blame -w' on
the file before and after the patch. The resulting blame should include
a comparabile history of the file, with only some additional blank
lines being attributed to this commit.
A 'git blame -wM' may also be useful for comparison purposes.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
The password should be encoded before hashing.
Test plan:
- Before applying the patch, create a user with utf-8 in password
- apply patches
- try to log in
- change the password
- log out
- try to log in
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch adds links to "My account" and "My checkouts" to drop down in staff client header.
To test:
Apply patch
Got to drop down of logged in user (top right)
See new links to "My account" and "My checkout" (above "Log out")
Test the links.
Signed-off-by: Magnus Enger <digitalutvikling@gmail.com>
Works as advertised. The options are not displayed when you are logged
in as the db/admin user.
Added classes "toplinks-myaccount" and "toplink-mycheckouts" to li tags to make it possible to hide them (per Kyle M $
Switching back to "Signd-off" (Hope this is OK becuause it is a tiny string addition)
Marc
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
While testing a bug, warnings in the opac error log were
building up due to a particular line in C4::Auth. After
reviewing the code, it was discovered that removal of the
OpacMainUserBlockMobile system preference created this.
Since the system preference no longer exists, and is not
used, the line was deleted from C4/Auth.pm to prevent this
warning from occuring.
TEST PLAN
----------
1) Go to any OPAC page.
2) Check your opac error log.
-- there should be something about uninitialized values
used in C4/Auth.pm around line 443.
3) Apply the patch
4) Refresh the page.
-- that same error should not be triggered.
5) prove -v t/db_dependent/Auth.t
-- this runs the get_template_and_user function
which had the parameter removed.
6) run the koha qa test tools
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
With CCSR now deprecated there is no longer a need for the
OPACMobileUserCSS system preference. This patch removes it.
To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
With CCSR having been deprecated there is no longer a use for the
OpacShowLibrariesPulldownMobile system preference. This patch removes
it.
To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- The shibboleth patch introduced an undefined message into the error
logs, when shiboleth is disabled.
Testplan
1. Ensure shibboleth is disabled.
2. Refresh any opac page
3. See 'Use of uninitialized value $ENV{"REMOTE_USER"} in string ne at
/home/koha/kohaclone/C4/Auth.pm line 711.' popup in the opac-error.log
4. Apply patch
5. Refresh opac page
6. Error should no longer appear
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Convert Auth_with_shibboleth to use dbic stanzas.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- A number of issues were highlighted whilst writing sensible unit tests
for this module.
- Removed unnessesary call to context->new();
- Global variables are BAD!
- Croaking is a wimps way out, we should handle errors early and
properly.
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Local fallback was not very well implemented, this patch adds
better handling for such cases allowing clearer failure messages
- This patch also adds the ability to use single sign on via the
top bar menu in the bootstrap theme.
BUG8446, Follow up: Adds perldoc documentation
- Add some documentation to the Auth_with_Shibboleth module
including some guidance as to configuration.
BUG8446, Follow up: Correct filenames to match guidlines
- Moved Auth_with_Shibboleth.pm to Auth_with_shibboleth.pm to match
other files present on the system.
BUG8446, Follow up: Correct paths after file rename
BUG8446, Follow up: Implemented single sign out
- This follow up rebases the code against 3.16+ which managed to break
some of the original logic.
- As a side effect of the rebasing, we've also implemented the single
sign out element. Upon logout, koha will request that the shibboleth
session is destroyed, and then clear the local koha session upon
return to koha. Due to the nature of shibboleth however, you will
only truly be signed out of the IdP if they properly support Single
Sign Out (which many do not). As a consequence, although you may
appear to be logged out in koha, you might find that upon clicking
'login' the IdP does NOT request your login details again, but instead
logs you silently back into your koha session. This is NOT a koha bug,
but a shibboleth implementation issue that is well known.
BUG8446, Follow up: Fixed bootstrap login via modal
- The bootstrap theme enable login from any opac page via modal. To
enable this with shibboleth we had to make some template parameters
globally accessible when shibboleth is enabled.
BUG8446, Follow up: Add template rules for Shibboleth and CAS
- Add template rules so that CAS and Shibboleth can coexist.
BUG8446, Follow up: Added default config to config file
BUG8446, Follow up: Embellished perldoc documentation
- Updated perldoc to correct detail about configuring shibboleth
authentication.
- Updated perldoc to include subroutines and their respective functions.
BUG8446, Follow up: Enable configuration of match field
- Added clearer, more flexible, configuration of shibboleth attribute to
koha borrower field matching for authentication
- Correcting of documentation to make it more clear to the current
implementation
- Minor refactoring of code to reduce some code duplication
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
- Use the shibbolethAuthentication syspref to enable Shibboleth authentication
- Configure the shibbolethLoginAttribute to specify which shibboleth user
attribute matches the koha login
- Make sure the OPACBaseURL is correctly set
BUG8446, Follow-up: Adds Shibboleth authentication
- Fix logout bug: shibboleth logout now occurs only when
the session is a shibboleth one.
- Do some refactoring: getting shibboleth username is now
done in C4::Auth_with_Shibboleth.pm (get_login_shib function)
BUG8446, Follow-up: Adds Shibboleth authentication
- Adds redirect to opac after logout
BUG8446, Follow-up: Adds Shibboleth authentication
- Shibboleth is not compatible with basic http authentication
in C4/Auth.pm. This patch fixes that.
BUG8446, Follow-up: Adds Shibboleth authentication
- Use ENV{'SERVER_NAME'} instead of syspref OpacBaseURL in order to work with
multiple vhosts.
BUG8446, Follow-up: Adds Shibboleth authentication
- Adds missing protocol for $ENV{'SERVER_NAME'}
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jesse Weaver <pianohacker@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with the feide idp.
- LDAP login and logout are working
- local login/logout are still working
- CAS login/logout are still working
Instructions for setup can be found on the wiki:
http://wiki.koha-community.org/wiki/Shibboleth_Configuration
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
It is kosher now to use the Koha template toolkit plugin for retrieving
system preferences values. This followup does that.
It also changes the class for ids, for people considering this patch
introduces too much noise on the home screen being able to control
its visibility.
Regards
To+
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Enable staff to setting a text for OPAC user/pass information
Modified:
C4/Auth.pm
koha-tmpl/opac-tmpl/bootstrap/en/includes/usermenu.inc -add a text to the popup login page
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-main.tt -add a text to the main login page
Testing:
I Apply the patch
0) Search NoLoginInstructions preference
1) Add/modify a text
2) Open OPAC main page
3) Validate the text added under Login button
4) Click in "Log in to your account" link
5) Validate the text added under input password (popup)
Sponsored-by: CCSR ( http://www.ccsr.qc.ca )
Patch behaves as expected.
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch covers LDAP auth_by_bind configuration so that wrong
LDAP password will return -1 to C4::Auth so we can abort local auth
and prevent users logging in with stale database passwords.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
http://bugs.koha-community.org/show_bug.cgi?id=8148
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
CCSR having been deprecated there is no longer a use for the
OpacShowFiltersPulldownMobile system preference. This patch removes
it.
To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
The opacsmallimage system preference is unused in the bootstrap theme.
It can be removed now that prog and ccsr are deprecated. This patch does
so.
To test, apply the patch and run updatedatabase. Confirm that the OPAC
works properly and the preference can no longer be found.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.
This patch changes the occurences of '.tmpl' in favour of '.tt'.
To test:
- Apply the patch
- Install koha, and verify that every page can be accesed
Regards
To+
P.S. a followup will remove the glue code.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch changes how the OPACBaseURL parameter gets set in the subroutine
get_template_and_user in Auth.pm.
Currently, it's being set by the $ENV{'SERVER_NAME'} variable. In many
cases, this will probably match the URL that the user uses to access a
page. However, this causes problems with reverse proxies.
There are ways to compensate for proxy servers (such as inspecting
other variables set by the web server), but such a solution seems
a bit convoluted...especially since we already use the system preference
OPACBaseURL in many other parts of Koha.
We probably shouldn't be passing OPACBaseURL from Auth.pm at all, and
instead use the Koha TT plugin and using_https param to determine
protocol. However, that's outside the scope of this bug/patch.
This patch is just meant to fix an existing bug.
I did leave the $ENV{'SERVER_NAME'} as a full back if OPACBaseURL isn't
set, but that's it.
_TEST PLAN_
Before applying:
1) Clear your OPACBaseURL preference
2) Perform a search in the OPAC
3) Click on or hover over the orange RSS icon
4) Note that the URL used for the RSS links is either:
a) The same URL you used to access Koha (no reverse proxy)
b) The ServerName from your Koha apache conf which isn't the
same URL you used to access Koha (reverse proxy)
5) Add an OPACBaseURL that isn't the same as the actual OPAC URL
6) Note that the OPACBaseURL system preference has no effect here
After applying the patch:
7) Refresh the page
8) Note that the URL you see now is actually the OPACBaseURL system
preference that you set
9) Clear your OPACBaseURL system preference
10) Refresh your search page
11) Note that the URL has reverted back to the URL that you saw before
(either the original Koha site URL or the Koha ServerName defined
in Apache and not the URL of the proxy)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If flagsrequired is set, authnotrequired should be 0.
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
To test:
Verify that pages in the OPAC and staff interface display correctly.
Note that there are cases where 'authnotrequired' was not passed
at all to get_template_and_user, so there may be pages that start
requiring authentication. Whether that is correct or not depends
on context.
Follow up patches are to remove all the unnessecary setting of this
value, so that the only places we set are when we do want
authnotrequired=1
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
This patch implements 2 suggestions on comment #3
- Prevents creation of a new user with same userid
of database user
- When checking password, if userid matches database user,
only check against pass on config file
To test:
1. Create a new user with same login as database user
any password different from real db user
2. Check that you can login on staff using this user/pass
and you are superlibrarian
3. Apply the patch
4. Login again using new pass, it must fail
5. Login again using db pass, you are now superuser,
but system does not warn you :( No problem, that's
for having one borrower with that login
6. Delete user with same login as db user
7. Try to create one again as in 1, system must return
an error of duplicate login!
8. Check for no regressions on user/pass authentication
Resubmited, has an error
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
This works nicely and as described.
Also editing the former 'superuser' will force you to
change the userid in order to save any other change.
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Since the addition of search groups to Koha, the branch limiting
parameter in multiple PAC by URL support should also support
limiting by these search groups. This patch adds this ability.
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Bug 10029 tries to fix the use of URL parameters in CAS authentication.
But is does not work.
The full URL must be used in all methods of C4::Auth_with_cas.
Also, in checkpw_cas(), the 'ticket' parameter must be removed to find
the original URL.
This patch removes the 'ticket' parameter from query before calling
checkpw_cas() since the ticket is passed as method arguemnt.
In C4::Auth_with_cas, many methods use the same code to get the CAS
handler and the service URI. This patch adds a private method
_get_cas_and_service() to do the job.
Test plan:
- Enable CAS
- Go to opac without been logged-in
- Try to place hold on a record
=> You get to /cgi-bin/koha/opac-reserve.pl?biblionumber=XXX showing
authentication page
=> Check that CAS link contains query param "biblionumber"
- Click on CAS link and log in
=> Check you return well logged-in to reserve page with biblionumber
param
- Check CAS loggout
- Check Proxy CAS auth
Signed-off-by: Koha team AMU <koha.aixmarseille@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests in t, xt, and t/db_dependent/Auth.t.
Also passes QA script.
As I have no working CAS server, I focused on regression testing:
Activated Persona and casAuthentication.
- Verified normal login against database still works.
- Verified Persona login works.
Note: With Persona you are always forwarded to the patron
account - so you have to search for the record again before
you can place a hold.
- Verified that the CAS URL contains the biblionumber when
logging in while placing a hold.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Retested 2014-04-12
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>