Commit graph

8 commits

Author SHA1 Message Date
charles
db0ecc3cc5 Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset
As promised, here is the long-awaited sequel to #8753.

What has changed :

    - The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery
    - That ugly shift-grep contraption is no more (goodbye old friend)
    - The generated unique key won't end in a dot anymore

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-22 23:08:21 +00:00
77e1e7c4ef Bug 15548 [QA Followup] - More new uses of Koha::Borrower
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-03 14:39:00 -07:00
8ec7572d0c Bug 8753: [QA Follow-up] Primary key and collation
This patch includes:
[1] Adds primary key borrowernumber to new table.
[2] Fixes collation.
[3] Removes manual PK in DBIx schema file.
[4] Fixes typo CompletePasswordRevovery.
[5] Removes use strict from opac-password-recovery; Modern::Perl is used.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:56 +00:00
Liz Rea
563688050c Bug 8753 - Various little things - removing new dependency, changes to errors, textual updates
Koha already has a sub that creates salts, so lets use that instead of math::Random::secure, so as not to add a new dependency.

Made the references to "Forgotten password" consistent, including adding it to the title of the page.

Also removed the individual error for "this email doesn't belong to this account" as that could expose the existence of a login, which I think we'd rather not do.

Made some of the text more grammatically correct, and more library specific.

To test:

Apply on top of all of the other patches.

All the usual checks, plus make sure there are no typos in any text references.

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:54 +00:00
Charles Farmer
76d1509838 Bug 8753 - Smartmatch substitute, Math::Random::Secure, Perltidy, Passwordrecovery.t
This is a collection of changes taken from different comments (but mostly comment 21 and comment 122).

Passes qa and prove, on my machine at least.

There's also a new test file, Passwordrecovery.t, which covers every method of C4::Passwordrecovery.

To test:

All normal checks plus :

    1/ Receive the email
    2/ Click on the link
    3/ Change the pwd
    4/ Click again on the link
    5/ You should immediately get an error message

Problems with Math/Random/Secure.pm, is solved in following patch, signing off
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:54 +00:00
mxbeaulieu
0f2aea716a Bug 8753 - Use Koha::Borrowers instead of C4::Members
Use the new library to search for borrowers.
Changed how the $borrower variable is used since it is now a Koha::Borrower object.

Removed the $protocol parameter from the generated link. It should be included in the OPACBaseURL syspref.

	modified:   C4/Passwordrecovery.pm
	modified:   opac/opac-password-recovery.pl

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:53 +00:00
Liz Rea
b99f1dcbfc Bug 8753 - Followup - change value text on syspref
Followup changes text from "The user can reset | can not reset their password on OPAC" to "Library users are allowed | not allowed to recover their password via e-mail in the OPAC"

This change more clearly differentiates the purpose of this new preference from OpacPasswordChange.

Bug 8753 - followup - update text for link to match common UI paradigms, fixes OpacPublic disabled view

Also corrects OpacNav being included on the reset page on private catalogues.

Updated the link for forgotten passwords to more closely match common UI paradigms, i.e. Facebook and Twitter

To test:
apply all patches, link should now be the less verbose "Forgot your password?"
disable OpacPublic, anything in opacnav should not appear (you may need to add something to opacnav to test properly)

Bug 8753 - [followup] fix the title on opac-password-recovery.tt

The title stanza was missing a <title></title> around it, causing the extra text to appear.

To test, apply all patches and make sure it looks ok and there is no extra text at the top or bottom of the page.

Bug 8753 - [followup} Correcting spelling mistakes

Make sure it all still works

Bug 8753 - [followup] fix error when no information is provided

To test:

All normal checks plus make sure that a nice error is displayed when no data is provided.

fixing the deprecated thing

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:53 +00:00
Maxime Beaulieu
d5abcbc8f3 Bug 8753 - Add forgot password link to OPAC
I've addressed a lot of Liz Rea's points.

1.  I have moved the code from updatedatabase.pl and kohastructure.sql to a file in the atomicupdates directory.
1a. The feature is now off by default when the atomicupdate is run.

2.  The password reset link is now visible on the home page, in the modal box and on opac-user.pl .

3.  The password recovery pages now use bootstrap markup.

4.  I am unsure here. I see "New Password:" and "Confirm new password:".

5.  This should still work :).

6.  I could not reproduce.

7.  I have added the userid field.
    You can now reset the password by submitting either your useid or email address.
    Both fields can be filled, but the email address must be one of the borrower's (email, emailpro or b_email).
    When entering only the email address and two borrowers use that same address, the system tells the user to try with another address or to specify his userid.

8.  The text is in the atomicupdate file. Have at it, anyone.

Concerning the email. It is inconvenient for the use to have to wait X minutes for the message queue the be processed.
Maybe we could add a sub in Letters.pm that:
    Takes the same argments as EnqueueLetter
    Sends the letter.
    Saves the letter in the message queue with a 'sent' status.

 TEST PLAN:

Setup)
    1) apply the patch
    2) go to system preferences OPAC>>Privacy and set 'OpacResetPassword' to ON.
    2b) make sure that OpacPasswordChange is also ON.
A)
    1) refresh front page, click on 'Forgot your password' and enter a VALID address
    1b) Also try an INVALID address (valid yet not in your koha db).  An error message will show up.
    2) An email should be received at that address with a link.
    3) Follow the link in the mail to fill the new password.
    Until a satisfactory new password is entered, the old password is not reset.
    4) Go to main page try the new password.
B)
    1) Repeat the password reset, this time use the userid (username) field.
    2) Try to reset the password using a userid and an email not linked to the account. An error appears.
    3) Make sure the borrower has many available email addresses.
    4) For each email, reset the password using both the userid and the email. The link should be sent to the specified address
C)
    1) Make sure two borrowers use the same email.
    2) Repeat the reset procedure in test case A). An error message appears

http://bugs.koha-community.org/show_bug.cgi?id=13068

 Author:    Maxime Beaulieu <maxime.beaulieu@inlibro.com>

Followed test plan. Works as described.
Signed-off-by: Marc Veron <veron@veron.ch>

New sign-off after testing all patches together
Signed-off-by: Marc Veron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
2016-01-27 06:40:53 +00:00