Tree:
4d011bd998
16.05.x
16.11.x
17.05.x
17.11.x
18.05.x
18.11.x
19.05.x
19.11.x
20.05.x
20.11.x
21.05.x
21.11.x
21.11/bug30761
22.05.x
22.11.x
23.05.x
3.0.x
3.10.x
3.12.x
3.14.x
3.16.x
3.18.x
3.2.x
3.20.x
3.22.x
3.4.x
3.6.x
3.6.x-maint/testing
3.6.x-rmaint/testing
3.8.x
MM-OPAC/theme_dep
master
new/bootstrap-opac
new_12478_elasticsearch
rmain2205
3.0.5_rc1
3.02.02
R_1-1-1RC1
R_1-2-1
R_1-2-1RC6
R_1-2-2
R_1-2-2RC4
R_1-2-3
R_1-2-3RC11
R_1-2-3RC12
R_1-2-3RC13
R_1-2-3RC14
R_1-2-3RC15
R_1-2-3RC16
R_1-2-3RC17
R_1-2-3RC18
R_1-2-3RC20
R_1-2-3RC21
R_1-2-3RC22
R_1-2-3RC23
R_1-2-3RC25
R_1-2-3RC26
R_1-2-3RC5
R_1-3-0
R_1-3-1
R_1-3-2
R_1-3-3
R_1-9-0
R_1-9-1
R_1-9-2
R_1-9-3
R_2-0-0
R_2-0-0RC1
R_2-0-0RC2
R_2-0-0RC3
R_2-0-0RC4
R_2-0-0pre1
R_2-0-0pre2
R_2-0-0pre3
R_2-0-0pre4
R_2-0-0pre5
R_2-1
R_2-2-6
R_2-2-6RC2
R_2-2-6RC3
R_2-2-6RC4
R_2-2-7
R_2-2-9
R_2-3-0
R_2-4
R_2_2_4
R_2_2_5
R_2_2_6_RC
dev_week
html_template_pro
rel_3_0_5
v16.05.00
v16.05.00-beta
v16.05.01
v16.05.02
v16.05.02-01
v16.05.03
v16.05.04
v16.05.05
v16.05.05-01
v16.05.06
v16.05.06-01
v16.05.07
v16.05.08
v16.05.09
v16.05.10
v16.05.11
v16.05.12
v16.05.13
v16.05.14
v16.05.15
v16.05.16
v16.05.17
v16.05.18
v16.05.19
v16.11.00
v16.11.01
v16.11.02
v16.11.03
v16.11.04
v16.11.05
v16.11.06
v16.11.07
v16.11.08
v16.11.09
v16.11.10
v16.11.11
v16.11.11-1
v16.11.12
v16.11.13
v16.11.14
v16.11.15
v16.11.16
v17.05.00
v17.05.01
v17.05.02
v17.05.03
v17.05.04
v17.05.05
v17.05.06
v17.05.07
v17.05.08
v17.05.09
v17.05.10
v17.05.11
v17.05.12
v17.05.13
v17.05.14
v17.11.00
v17.11.01
v17.11.02
v17.11.03
v17.11.04
v17.11.05
v17.11.06
v17.11.07
v17.11.08
v17.11.09
v17.11.10
v17.11.11
v17.11.12
v17.11.13
v17.11.14
v17.11.15
v17.11.16
v17.11.17
v17.11.18
v18.05.00
v18.05.00-rc1
v18.05.00-rc2
v18.05.01
v18.05.02
v18.05.03
v18.05.04
v18.05.05
v18.05.06
v18.05.07
v18.05.08
v18.05.09
v18.05.10
v18.05.11
v18.05.12
v18.05.13
v18.05.14
v18.11.00
v18.11.01
v18.11.02
v18.11.03
v18.11.04
v18.11.05
v18.11.06
v18.11.07
v18.11.08
v18.11.09
v18.11.10
v18.11.11
v18.11.12
v18.11.13
v18.11.14
v18.11.15
v18.11.16
v19.05.00
v19.05.01
v19.05.02
v19.05.03
v19.05.04
v19.05.05
v19.05.05-1
v19.05.06
v19.05.07
v19.05.08
v19.05.09
v19.05.10
v19.05.11
v19.05.12
v19.05.13
v19.05.14
v19.05.15
v19.05.16
v19.05.17
v19.11.00
v19.11.01
v19.11.02
v19.11.03
v19.11.04
v19.11.05
v19.11.06
v19.11.07
v19.11.08
v19.11.09
v19.11.10
v19.11.11
v19.11.12
v19.11.13
v19.11.14
v19.11.15
v19.11.16
v19.11.17
v19.11.18
v19.11.18-2
v19.11.19
v19.11.20
v19.11.21
v19.11.22
v19.11.23
v19.11.24
v19.11.25
v19.11.26
v19.11.27
v19.11.28
v19.11.29
v20.05.00
v20.05.01
v20.05.02
v20.05.03
v20.05.04
v20.05.05
v20.05.06
v20.05.07
v20.05.08
v20.05.09
v20.05.10
v20.05.11
v20.05.12
v20.05.13
v20.05.14
v20.05.15
v20.05.16
v20.05.17
v20.05.18
v20.11.00
v20.11.01
v20.11.02
v20.11.03
v20.11.04
v20.11.05
v20.11.06
v20.11.07
v20.11.08
v20.11.09
v20.11.10
v20.11.11
v20.11.12
v20.11.13
v20.11.15
v20.11.16
v20.11.17
v20.11.18
v20.11.19
v21.05.00
v21.05.01
v21.05.02
v21.05.03
v21.05.04
v21.05.05
v21.05.06
v21.05.07
v21.05.08
v21.05.09
v21.05.10
v21.05.11
v21.05.12
v21.05.13
v21.05.14
v21.05.15
v21.05.16
v21.05.17
v21.05.18
v21.05.19
v21.05.20
v21.05.21
v21.05.22
v21.05.22-1
v21.05.22-2
v21.11.00
v21.11.01
v21.11.02
v21.11.03
v21.11.04
v21.11.04-1
v21.11.05
v21.11.06
v21.11.07
v21.11.08
v21.11.09
v21.11.10
v21.11.11
v21.11.12
v21.11.13
v21.11.14
v21.11.15
v21.11.16
v21.11.17
v21.11.18
v21.11.19
v21.11.20
v21.11.21
v21.11.21-1
v21.11.22
v21.11.23
v21.11.24
v21.11.25
v21.11.26
v22.05.00
v22.05.01
v22.05.02
v22.05.03
v22.05.03-1
v22.05.04
v22.05.05
v22.05.05-01
v22.05.06
v22.05.07
v22.05.08
v22.05.09
v22.05.10
v22.05.11
v22.05.12
v22.05.13
v22.05.14
v22.05.15
v22.05.16
v22.05.17
v22.11.00
v22.11.01
v22.11.02
v22.11.03
v22.11.04
v22.11.05
v22.11.05-1
v22.11.06
v22.11.07
v22.11.08
v22.11.09
v22.11.10
v22.11.11
v22.11.12
v23.05.00
v23.05.01
v23.05.02
v23.05.03
v23.05.04
v23.05.05
v23.05.06
v23.11.00
v3.0.6
v3.00.00
v3.00.00-alpha
v3.00.00-beta
v3.00.00-beta2
v3.00.00-stableRC1
v3.00.01-stable
v3.00.01-stable_update
v3.00.01.005
v3.00.02-final
v3.00.02-stable
v3.00.03
v3.00.04
v3.00.04_final
v3.00.04_fixed
v3.00.05
v3.00.06
v3.02.00
v3.02.00-alpha
v3.02.00-alpha2
v3.02.00-beta
v3.02.00-rc
v3.02.01
v3.02.03
v3.02.04
v3.02.05
v3.02.06
v3.02.07
v3.02.08
v3.02.09
v3.02.10
v3.02.11
v3.04.00
v3.04.01
v3.04.02
v3.04.03
v3.04.04
v3.04.05
v3.04.06
v3.04.07
v3.04.08
v3.06.00
v3.06.01
v3.06.02
v3.06.03
v3.06.04
v3.06.05
v3.06.06
v3.06.07
v3.06.08
v3.06.09
v3.06.10
v3.06.10.000
v3.06.11
v3.06.12.000
v3.08.00
v3.08.01
v3.08.02
v3.08.03
v3.08.04
v3.08.05
v3.08.06
v3.08.07
v3.08.08
v3.08.09
v3.08.10
v3.08.11
v3.08.12
v3.08.13
v3.08.14
v3.08.15
v3.08.16
v3.08.17
v3.08.18
v3.08.19
v3.08.20
v3.08.21
v3.08.22
v3.08.23
v3.08.24
v3.10.00
v3.10.01
v3.10.02
v3.10.03
v3.10.04
v3.10.05
v3.10.06
v3.10.07
v3.10.08
v3.10.09
v3.10.10
v3.10.11
v3.10.12
v3.10.13
v3.12.00
v3.12.00-alpha
v3.12.00-alpha2
v3.12.00-beta1
v3.12.00-beta3
v3.12.00-rc1
v3.12.00-rc2
v3.12.00-rc3
v3.12.01
v3.12.02
v3.12.03
v3.12.04
v3.12.05
v3.12.06
v3.12.07
v3.12.08
v3.12.09
v3.12.10
v3.12.11
v3.12.12
v3.12.13
v3.12.14
v3.12.15
v3.14.00
v3.14.00-alpha1
v3.14.00-alpha2
v3.14.00-beta
v3.14.01
v3.14.02
v3.14.03
v3.14.04
v3.14.05
v3.14.06
v3.14.07
v3.14.08
v3.14.09
v3.14.10
v3.14.11
v3.14.12
v3.14.13
v3.14.14
v3.14.15
v3.14.16
v3.14.17
v3.16.00
v3.16.00-beta
v3.16.00-pkg
v3.16.00-rc
v3.16.01
v3.16.02
v3.16.03
v3.16.04
v3.16.05
v3.16.05.1
v3.16.06
v3.16.07
v3.16.08
v3.16.09
v3.16.10
v3.16.11
v3.16.12
v3.16.13
v3.16.14
v3.16.15
v3.18.00
v3.18.00-beta
v3.18.01
v3.18.02
v3.18.03
v3.18.04
v3.18.05
v3.18.05.1
v3.18.06
v3.18.06-3
v3.18.07
v3.18.08
v3.18.09
v3.18.10
v3.18.11
v3.18.12
v3.18.13
v3.20.00
v3.20.00-beta
v3.20.01
v3.20.02
v3.20.03
v3.20.04
v3.20.05
v3.20.06
v3.20.07
v3.20.07.1
v3.20.08
v3.20.09
v3.20.10
v3.20.11
v3.20.12
v3.20.13
v3.20.14
v3.20.15
v3.22.00
v3.22.00-beta
v3.22.01
v3.22.02
v3.22.03
v3.22.04
v3.22.05
v3.22.06
v3.22.07
v3.22.08
v3.22.09
v3.22.10
v3.22.11
v3.22.12
v3.22.13
v3.22.14
v3.22.15
v3.22.16
v3.22.17
v3.22.18
v3.22.19
v3.22.20
v3.22.21
v3.8.16
version-1-2-0
version-1-2-1
${ noResults }
11 Commits (4d011bd9983926488f783730ca43e98e6e07dabe)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Julian Maurice
|
96cc447045 |
Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
3 years ago |
 Jonathan Druart
|
638786e719 |
Bug 24663: Remove authnotrequired if set to 0
It defaults to 0 in get_template_and_user Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
4 years ago |
|
Jonathan Druart
|
b990b953b3 |
Bug 21993: Display a user-friendly message when the CSRF token is wrong
Instead of dying! Test plan: Assuming you have a patron with borrowernumber=51 and another one that can be deleted with borrowernumber=42 - authorities-home.pl * Delete an authority record * hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete - basket/sendbasket.pl * Send a basket to someone * hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1 - members/apikeys.pl * Generate and delete an API key for a patron * hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete - members/deletemem.pl * Delete a patron * hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed - members/mancredit.pl * Add a manual credit * hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1 - members/maninvoice.pl * Add a manual invoice * hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1 - members/member-flags.pl * Change permissions for a patron * hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1 - members/member-password.pl * Change the password for a patron (from the staff interface) * hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1 - members/memberentry.pl * Edit some patron's info * hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save - members/paycollect.pl * Pay an individual fine * hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1 You may need to edit some values - tools/import_borrowers.pl * Import some patrons * hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1 - tools/picture-upload.pl * Upload an image for a patron * You will need to edit the html content hit Home › Tools › Upload patron images then locate the csrf_token input and modify its value Note for QA: - Opac is not done as blocking_errors.inc does not exist for this interface - ill/ill-requests.pl I did not manage to replace this occurrence Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> |
5 years ago |
 Tomás Cohen Arazi
|
5cf8bbfb7a |
Bug 20624: Make staff client respect RESTOAuth2ClientCredentials
This patch makes the staff client UI respect the RESTOAuth2ClientCredentials syspref. To test: - Make sure RESTOAuth2ClientCredentials is "Don't enable" - Go to a patron's detail page => SUCCESS: The 'More' dropdown doesn't show the API keys management link. - Enable RESTOAuth2ClientCredentials - Reload => SUCCESS: The 'More' dropdown shows the API keys management link - Click on the API keys management link => SUCCESS: You can edit the api keys - Disable the syspref - Reload => SUCCESS: You are presented an error 400 page. - Sign off :-D Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Jonathan Druart
|
2a8c3fad0a |
Bug 20568: fix shebang
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Jonathan Druart
|
d2454d6868 |
Bug 20568: Fix bad resolution conflict with bug 18403
borrowers module permission has now several subpermissions Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Tomás Cohen Arazi
|
45841d9ec7 |
Bug 20568: CSRF protection
Edit: fix warning introduced by this patch Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Tomás Cohen Arazi
|
28a750fb76 |
Bug 20568: (QA follow-up) Get rid of the id column
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Tomás Cohen Arazi
|
b67e88f429 |
Bug 20568: Move value => client_id + secret
This patch addresses the request from Julian that api keys are expected to be client id/secret pairs. It does so by - Adding 'client_id' and 'secret' columns - Removing 'value' Tests got adjusted and so controller scripts and templates. Both libs and tests changes have been squashed. This ones remain in order to keep Owen's attribution on the template changes and avoid rebase conflicts. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Tomás Cohen Arazi
|
05101f0afa |
Bug 20568: Add mandatory description field for api keys
This patch changes the table structure adding fields usually found on this kind of api management pages. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
6 years ago |
|
Julian Maurice
|
3aa102d0c3 |
Bug 20568: API keys management in interface
This introduces the concept of API keys for use in the new REST API. A key is a string of 32 alphanumerical characters (32 is purely arbitrary, it can be changed easily). A user can have multiple keys (unlimited at the moment) Keys can be generated automatically, and then we have the possibility to delete or revoke each one individually. Test plan: 1/ Go to staff interface 2/ Go to a borrower page 3/ In toolbar, click on More -> Manage API keys 4/ Click on "Generate new key" multiple times, check that they are correctly displayed under the button, and they are active by default 5/ Revoke some keys, check that they are not active anymore 6/ Delete some keys, check that they disappear from table 7/ Go to opac interface, log in 8/ In your user account pages, you now have a new tab to the left "your API keys". Click on it. 9/ Repeat steps 4-6 Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
9 years ago |