We are going out of scope here, but these tests need a branch/item.
Test plan:
Run the adjusted tests.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
No need to create Staff users here.
Test plan:
prove t/db_dependent/Passwordrecovery.t
should return green, even if no categories.categorycode 'S' exists
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Seems to work fine
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
When a user gets an email, but doesn't act or visit it within two days,
attempting to create a new one causes a collision. We should just
delete the old one, assuming they still want to reset their
password.
To test:
create yourself a borrower with a userid and password.
Attempt a password recovery on the OPAC
update the entry in the database for that user to have an expired token
e.g. update borrower_password_recovery set valid_until = '2017-01-25
03:25:26' where borrowernumber = 12;
Attempt another password recovery operation - should error
apply the patch
Try it again - no error, new token is generated and additional email
with new link is sent.
Issue reproduced - is resolved by patch
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
As promised, here is the long-awaited sequel to #8753.
What has changed :
- The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery
- That ugly shift-grep contraption is no more (goodbye old friend)
- The generated unique key won't end in a dot anymore
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
This is a collection of changes taken from different comments (but mostly comment 21 and comment 122).
Passes qa and prove, on my machine at least.
There's also a new test file, Passwordrecovery.t, which covers every method of C4::Passwordrecovery.
To test:
All normal checks plus :
1/ Receive the email
2/ Click on the link
3/ Change the pwd
4/ Click again on the link
5/ You should immediately get an error message
Problems with Math/Random/Secure.pm, is solved in following patch, signing off
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
