What this patch aims to accomplish?
* All new passwords are stored as Bcrypt-hashes
* For password verification:
- If the user was created before this patch was applied then use
MD5 to hash the entered password <-- backwards compatibility
- If the user was created after this patch was applied then use
Bcrypt to hash the entered password
* Any password change made via the staff interface or the OPAC will
be automatically Bcrypt-hashed; this applies to old users whose
passwords were stored as MD5 hashes previously
Test plan:
1) Add new users and check whether their passwords are stored as
Bcrypt hashes or not.
2) To test that authentication works for both old as well as new
users:
a) Login as an existing user whose password is stored as a
MD5 hash
b) Login as an existing user whose password is stored as a
Bcrypt hash
3) In the staff interface, change the password of an existing user
whose password is stored as an MD5 hash
a) Check the new password is stored as a Bcrypt-hash in the database
b) Try to login with the new password
4) In the OPAC, verify that
a) Old user with old pass can change password, new format
b) New user with new pass can change password
c) Old and new user with self-updated pass can login
Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The routing list tab displays on patron pages even if the RoutingSerials
preference is OFF. Display of the tab should be conditional on that pref
being turned on.
This patch adds a check for the RoutingSerials preference to the menu
include files and amends the affected scripts to make the variable
available on the pages where those includes are used.
To test, view the following pages with RoutingSerials both on and off.
The routing list tab should be shown and hidden accordingly:
- Circulation
- Patron details
- Patron fines
- Pay fines
- Pay amount/selected (click from the Pay fines page)
- Create manual invoice
- Create manual credit
- Patron circulation history
- Patron modification log
- Patron notices
- Patron routing lists
- Patron statistics
- Patron files
- Patron permissions
- Set patron password
- "Can't delete patron" page (try to delete a patron with checkouts).
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Touches a lot of files, but only a tiny change in each, works well.
Could perhaps be set in C4/Auth instead, but that's no reason not to
sign off
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
All tests and QA script pass.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
When OpacMaintenance is on, any opac page will redirect to maintenance.pl.
Some pages of intranet have the same behavior and you get 404 error.
This is because in checkauth, if type arg is undefined it is "opac" by default.
This patch adds type arg in all intranet calls of checkauth.
Test plan :
- Set syspref OpacMaintenance=Show
- Go to a borrower page
- Click on "Fines" and "Create manual invoice"
- Enter an amount and save
=> Check you go to members/boraccount.pl and not maintenance.pl with 404 error
OK
- Click on "Fines" and "Create manual credit"
- Enter an amount and save
=> Check you go to members/boraccount.pl and not maintenance.pl with 404 error
OK
- Edit borrower
- Set "Restricted" to yes and save
- Click on "Lift restriction" in messages
=> Check you keep in member page and not maintenance.pl with 404 error
OK
- Edit borrower
- Set "Expiry date" to a day in the past and save
- Click on "Renew" in messages
=> Check you keep in member page and not maintenance.pl with 404 error
OK
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Good catch, a tricky bug.
http://bugs.koha-community.org/show_bug.cgi?id=9952
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Removed a few tabs from mancredit.
All tests and QA script pass now.
Good test plan.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This patch changes the password field to a password type input on
member-password.pl and adds a confirmation field to both member-password.pl
and memberentry.pl requiring that the password be re-entered to
confirm.
Client-side and server-side validation for the two password fields has been added
to both pages. Multiple error messages can now be displayed together on
member-password.pl.
If the user wishes for Koha to suggest a random password on member-password.pl
they can click a link which will remove the password-type input fields, replace
them with text-type fields, and automatically fill them with the random
password suggestion.
Follow-up fix lets the members.js correctly handling errors when there are
no mandatory fields
LR followup: fixing slight error that corrects previously reported template error.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Tested password setting/changing utilities - all work as expected and described.
Passes prove t xt t/db_dependent tests congruent with current master failures (adds no new fails).
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The 'Add Child' button is not shown if 'borrowerRelationship' is empty.
System preference description changed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch adds a check for the value of the ExtendedPatronAttributes
preference to the scripts and corresponding logic to the templates
controlling the sidebar menu.
The patch also corrects a duplication of attributes code in moremember.pl
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
1) Added extended patron attributes in configuration, turned ExtendedPatronAttributes on
2) Altered patron details, added values for patron attributes
> Verified patron attributes show show correctly
3) Turned off ExtendedPatronAttributes
> Verified patron attributes were hidden everywhere
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Show patron attributes in the sidebar on circ and patron pages
[Edit from Owen Leonard: This patch takes changes originally in
Bug 5436 and isolates just the parts relating to display of
patron attributes. Because function for pulling patron attributes
was merged with the function for displaying address information
in SetMemberInfosInTemplate() (also found in Bug 5749), I moved
the call to GetBorrowerAttributes into the individual scripts.
That keeps the functionality relating specifically to patron
attributes separate from the proposed changes to displaying
addresses.
Because I think it's important to keep the display consistent,
I added display of patron attributes to all pages which include
the patron information sidebar.]
Rebased for compatability with bug 3489 and database documentation by
Ian Walls, 9-21-11
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Adding state variable to various circ and member pages so that
sidebar display of patron details includes state.
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This update the way Member is added and editing so that import and Edition
could be best automatized
GetMember evolves and allow ppl to serach on a hash of data
Adding SQLHelper A new package to deal with INSERT UPDATE and SELECT
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This patch fixes several improperly named variables and includes the home library variable on the pages that were missing it. The category
description was added to the GetMemberDetails function since a couple of the pages using that function required the variable.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Adding a new routine GetBorrowercategoryList in C4/Member
Displaying categoryname when listing categories in memberentrygen.pl
using categorytype returned with GetMember wherever it is possible.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
* rewrite-config.PL now puts in installed location
of koha-conf.xml in C4/Context.pm so that
correct config can be found even when
KOHA_CONF is not set. Note that setting KOHA_CONF
will still override path set by installer.
* changed references from koha.xml to koha-conf.xml
Toolbar needs to be made for members too, its using the same one as circ, which isnt right, will do this next
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
the 3 parameters :
intranetcolorstylesheet => C4::Context->preference("intranetcolorstylesheet"),
intranetstylesheet => C4::Context->preference("intranetstylesheet"),
IntranetNav => C4::Context->preference("IntranetNav"),
are filled by Auth.pm automatically, removing them in templates
Signed-off-by: Chris Cormack <crc@liblime.com>
Signed-off-by: Joshua Ferraro <jmf@liblime.com>
So this implies quite a change for files.
Sorry about conflicts which will be caused.
directory Interface::CGI should now be dropped.
I noticed that many scripts (reports ones, but also some circ/stats.pl or opac-topissues) still use Date::Manip.
