This set of patches makes it possible to protect patrons from being accidetally
deleted or merged with other patrons, from the UI and from (well behaved) cron
jobs. The following subroutines are affected:
- Koha::Patron::delete
- Koha::Patron::merge_with
- Koha::Patron::safe_to_delete
- C4::Members::GetBorrowersToExpunge
Please note:
- This does not intend to protect patrons from being edited, only from being
deleted
To test:
* Tests
- Run the affected tests:
prove t/db_dependent/Members.t
prove t/db_dependent/Koha/Patrons.t
* Editing protected status and manual deletion
- Add a new user, note the presence of the "Protected" field under "Library
management", but leave it at the default "No", for now.
- Note that "Protected" is displayed in the "Library use" section of the patron
details.
- Note that More > Delete is avaiable as an action when the patron is saved
- Edit the user and set "Protected" to "Yes"
- Note that More > Delete is now disabled, with a note that the patron is protected
* Batch patron deletion
- Go to Tools > Batch patron deletion and anonymization
- Check the box for "Verify you want to delete patrons"
- Choose the category of your protected patron for "whose patron category is"
and click "Next" to run the actual deletion
- Check that your protected patron was not deleted
* Merging patrons
- Make sure you have two patrons with similar names or the same category, so
you can find them with one search. One should be protected, one not.
- Search for the patrons, tick their boxes and click on "Merge selected patrons"
- Select one of the patrons as the "patron to keep".
. Click on "Merge patrons"
- "No valid patrons to merge were found" should be shown
- Repeat this with the other patron as the "patron to keep"
(A future enhancement could be to not allow a protected patron to be selected for
merging in the first place.)
* misc/cronjobs/delete_patrons.pl
- Make sure you have a protected patron, in a category with at least one more
patron.
- Run something like this (at least in ktd):
$ perl misc/cronjobs/delete_patrons.pl --category_code <code> -v --confirm
(Replace <code> with the actual categorycode.)
- Make sure the borrowernumber of the protected patron is not mentioned in the
output of the script.
- Check the protected patron was not deleted
- Check the non-protected patrons were deleted
* REST API (with ktd)
- Make sure you still have a protected patron, and note their borrowernumber
- Enable RESTBasicAuth and restart all the things
- Run these two commands from the command line on the host:
$ curl -u koha:koha --request GET "http://localhost:8081/api/v1/patrons/54"
$ curl -u koha:koha --request DELETE "http://localhost:8081/api/v1/patrons/54"
(Replace 54 with the actual borrowernumber of your protected patron.)
- The first curl command should give you the patron details. The second should
give this output:
{"error":"Protected patrons cannot be deleted","error_code":"is_protected"}
There could be more functions/scripts where patrons are deleted that I have not
thought about. Please report them on the bug if you find any!
Update 2023-10-19: Fix "More > Delete" on patron, so link can not be clicked.
Update 2023-10-19: Rebase
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
When we create a patron with TestBuilder, we normally
do not expect an anonymized status. This will certainly
hold for the patrons we are creating for testing is_active
in a following patch.
Test plan:
Run t/db_dependent/Koha/Patron.t
Run t/db_dependent/Koha/Patrons.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
It should not mock calls for other sections than 'config' in
koha-conf.xml.
Test plan:
Without this patch:
[1] Enable AutoLinkBiblios, CatalogModuleRelink and LinkerRelink.
This will trigger a SearchAuthorities call when creating a sample biblio.
Note: SearchAuthorities calls Zconn and gets back information from
a wrong part of koha-conf.xml.
[2] Run t/db_dependent/Koha/Pseudonymization.t
You should see something like:
{UNKNOWN}: Can't use string ("authorities") as a HASH ref while "strict refs" in use at /usr/share/koha/C4/Context.pm line 587. at /usr/share/koha/C4/Biblio.pm line 302
With this patch:
[3] Run t/db_dependent/Koha/Pseudonymization.t. Should pass now.
[4] git grep -l mock_config | xargs -i{} prove {}
Exclude Mocks.pm.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marie-Luce <marie-luce.laflamme@inlibro.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
https://bugs.koha-community.org/show_bug.cgi?id=25508
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch changes the get_items_that_can_fill tests so they explicitly
set a 'datearrived' as the new defaults for fresh transfer objects from
TestBuilder is more sane and has this field undef. Tests *should always*
create their required scenarios explicitly.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a test that a pending stock rotation transfer is initiated on
checkin, as well as updating the defaults for creating transfer objects
To test:
prove -v t/db_dependent/Circulation.t
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
See bug 31447, we don't want the tests to deal with potential failures
because of some item groups.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Note: Test will be extended in follow-up. This fixes the
module_bit hash to follow the FK path from user_permissions
to permissions to userflags. One step was missed in the
existing test, although it did not fail. The change here
revealed that now.
Test plan:
Run t/db_dependent/TestBuilder.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
If we are waiting for ajax (there is a sleep 1s) and the alert pops up
at the same time, Selenium is raising "unexpected alert open"
We should not wait for the ajax request, but better wait for the
alert actually.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Hooks added:
after_recall_action with new action add
How to test:
Run tests in t/db_dependent/Koha/Plugins/Recall_hooks.t
Sponsored by: Gothenburg University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT} Adding get_from_storage ;) For current consistency.
See further bug 32107.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lukasz Koszyk <lukasz.koszyk@kit.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
assume that tinyint are boolean (not really true but shouldn't hurt)
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Hooks added:
after_account_action with new action add_credit
How to test:
Run tests in t/db_dependent/Koha/Plugins/Account_hooks.t
Sponsored by: Gothenburg University Library
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This will fix t/db_dependent/www/batch.t and t/db_dependent/www/search_utf8.t
QA - improvement ideas welcome! It's definitely not the best we can do.
Test plan:
prove t/db_dependent/www/search_utf8.t t/db_dependent/www/batch.t
must return green
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This adds the API routes and tests
Sponsored-by: Sponsored by: Round Rock Public Library [https://www.roundrocktexas.gov/departments/library/]
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Run xt/find-missing-filters.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
What this patch does:
- change the navigation bar style
- change the breadcrumbs style
- change the "last borrower" link style
- move the search bar inside the navigation bar
- move the help link to the same row as the breadcrumbs
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch makes the following changes to the 'background_jobs' API:
* We now call them 'jobs'
* Removed deprecated query parameter definitions
* Added only_current query parameter
* Controller gets adapted to use $rs->filter_by_current when
only_current is passed
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Test plan:
Run t/db_dependent/Koha/BackgroundJob.t
Run t/db_dependent/Koha/BackgroundJobs.t
Prove t/db_dependent/Koha/BackgroundJobs
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This is a convenience bug - when koha testing docker creates sample vendors and budgets there are small issues:
1 - The vendor website gets a random string - you can't edit the vendor without removing this
2 - The funds have random values for statistical categories, and you get empty dropdowns when choosing a fund in ordering
To test:
1 - Apply patch
2 - Restart all
3 - Edit 'My vendor'
4 - note webstie is empty and you can save without changing anythign
5 - Add order to basket for my vendor
6 - Confirm that when selecting a fund statistic 1 and statistic 2 remain as text input fields
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds 'CheckoutRenewal.checkout_id' to the list of non-foreign
key relations found in _should_be_fk.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
This patch adds a unit test for the 'enqueue' part of the bug. We check
that the mocked context (and interface) are recorded with the job
enqueue in the new 'context' field.
We do not yet test the 'process' end, where we then read the context out
and set the job Context from it.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
To test:
prove -v t/db_dependent/Koha/Import/Record/Items.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patchset introduces the Two-factor authentication (2FA) idea in
Koha.
It is far for complete, and only implement one way of doing it, but at
least it's a first step.
The idea here is to offer the librarian user the ability to
enable/disable 2FA when logging in to Koha.
It will use time-based, one-time passwords (TOTP) as the second factor,
an application to handle that will be required.
https://en.wikipedia.org/wiki/Time-based_One-Time_Password
More developements are possible on top of this:
* Send a notice (sms or email) with the code
* Force 2FA for librarians
* Implementation for OPAC
* WebAuthn, FIDO2, etc. - https://fidoalliance.org/category/intro-fido/
Test plan:
0.
a. % apt install -y libauth-googleauth-perl && updatedatabase && restart_all
b. To test this you will need an app to generate the TOTP token, you can
use FreeOTP that is open source and easy to use.
1. Turn on TwoFactorAuthentication
2. Go to your account, click 'More' > 'Manage Two-Factor authentication'
3. Click Enable, scan the QR code with the app, insert the pin code and
register
4. Your account now requires 2FA to login!
5. Notice that you can browse until you logout
6. Logout
7. Enter the credential and the pincode provided by the app
8. Logout
9. Enter the credential, no pincode
10. Confirm that you are stuck on the second auth form (ie. you cannot
access other Koha pages)
11. Click logout => First login form
12. Enter the credential and the pincode provided by the app
Sponsored-by: Orex Digital
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This patch updates t::lib::Koha::BackgroundJob::BatchTest to the new
style, and also removes a couple stray cases in which job_id was still
passed as a parameter.
Tests are rewritten a bit, so they actually test more of the behaviors.
To test:
1. Apply this patch
2. Run:
$ kshell
k$ prove t/db_dependent/Koha/BackgroundJobs.t
=> SUCCESS: Tests pass!
3. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The authentication.t selenium tests (and a couple of others) were
failing with:
Error while executing command: element not interactable: Element <input class="btn btn-primary" type="submit"> could not be scrolled into view at /usr/local/share/perl/5.32.1/Selenium/Remote/Driver.pm line 411. at /usr/local/share/perl/5.32.1/Selenium/Remote/Driver.pm line 356.
We changed the other of the form, and t::lib::Selenium::submit_form was
not getting the correct (first) form. The one from the auth modal was
retrieved and submit button was clicked. Selenium raised an error as it
is not displayed.
The ->is_displayed selenium method does not work, as per the doc
"""
Note: This does *not* tell you an element's 'visibility' property; as it still takes up space in the DOM and is therefore considered 'displayed'.
"""
https://metacpan.org/pod/Selenium::Remote::WebElement#is_displayed
"The internet" is saying we should be able to use the following in our
xpath expression: not(ancestor::div[contains(@style,'display:none')]
but it actually only works if the display:none rule is defined on the
node (not from .css). Which does not work for us.
The only solution I found is to check for the size of the element, which
is (0,0) if not effectively displayed.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Value not allowed for auto_incr issue_id in Issue at /kohadevbox/koha/t/lib/TestBuilder.pm line 387.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
It's failing randomly on some Jenkins' nodes
# Failed test 'Encoding in session variables'
# at t/db_dependent/selenium/regressions.t line 300.
Can't call method "get_text" on an undefined value at t/db_dependent/selenium/regressions.t line 285.
It can be recreated locally with the following changes:
@ t/lib/Selenium.pm:50 @ sub new {
);
bless $self, $class;
$self->add_error_handler;
- $self->driver->set_implicit_wait_timeout(5000);
+ $self->driver->set_implicit_wait_timeout(1000);
return $self;
}
@ t/lib/Selenium.pm:50 @ sub new {
);
bless $self, $class;
$self->add_error_handler;
- $self->driver->set_implicit_wait_timeout(5000);
+ $self->driver->set_implicit_wait_timeout(1000);
return $self;
}
This patch suggests to simply double the timeout.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch is suggesting to move the broken test plugins into a separate
directory.
t/lib/plugins and t/lib/bad_plugins
Signed-off-by: David Nind <david@davidnind.com>
JK: Add executable bit to Broken.t
Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Test plan:
Run t/db_dependent/Koha/Plugins/authority_hooks.t
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This is just reusing what is done in Search.t (and that is correct).
But search_utf8.t and remove_from_cart.t are wrong as we want to use the
UI (and we cannot mock the zebra index, ie. koha-conf, from tests for
plack).
This still needs some work but improve a bit the existing code and make
tests pass (hopefully!)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The following test is failing:
| # Failed test 'OPAC - Remove from cart'
| # at t/db_dependent/selenium/regressions.t line 132.
| Can't call method "get_value" on an undefined value at t/db_dependent/selenium/regressions.t line 110.
| # Looks like your test exited with 2 just after 3.
| [12:14:08] t/db_dependent/selenium/regressions.t
We are dependind on the search engine and the records in the DB but the
installer is not inserting any records.
This patch is suggesting to reuse the code from search_utf8
(and so make it reusable first) for remove_from_cart test.
This code is mocking the Zebra index with some MARC data and so the
search will return results. We will finally be able to click on the
add to/remove from cart links.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
During the installation process we do not have fieldset.action, in order
to not complicate changes we are just going to use the submit button if
only one exists.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
To prevent developpers to drop their database.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
