Commit graph

41 commits

Author SHA1 Message Date
68407f4cf0 Bug 16960: Delete previous patron modifications
If a patron edit his/her details a second time, we need to delete the
first ones to avoid a "duplicate entry for key PRIMARY" error.

Test plan:
Log in at the OPAC
Edit your details
Edit them again
=> Without this patch, Koha will crash
=> With the patch applied, everything should work as expected

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
1016139132 Bug 16960 - Patron::Modifications should be fixed
The changes from opac-memberentry do not reach the table, since the
Patron::Modifications object does not work well.

Test Plan:
1) Apply this patch
2) Create some patron modification requests
3) Ensure you can approve and deny modifications
4) Ensure patron self registration works

Signed-off-by: Bob Birchall <bob@calyx.net.au>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-22 11:46:05 +00:00
8c5cb134ee Bug 16996: Do not explode if mandatory fields are missing
At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
  Template process failed: undef error - Can't call method "description"

It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.

Test plan:
0. Apply patch

1. Make sure that the categorycode is not hidden in the OPAC in:
     PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField

2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.

3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2

4. Press "Submit update request"

There should be no software error.

NOTE: The warns will be floody on the logs.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-18 15:43:01 +00:00
Chris Cormack
0ef3b19dbd Bug 16969 cgi->param used in list context in opac-memberentry.pl
To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works

Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 14:02:05 +00:00
0fe7a4aa8e Bug 16929: [QA Follow-up] Shortcut methods and use statements
Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:26:00 +00:00
523d0be9dc Bug 16929: Prevent opac-memberentry waiting for random chars
Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
    take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:25:59 +00:00
9bdea2e369 Bug 16878: Fix XSS in opac-memberentry
The vars are gotten from the url and sent to the template as it. They
must be escaped.

Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-04 19:22:00 +00:00
131002e623 Bug 16847: Remove C4::Members::GetTitles
This subroutine just reads the content of a pref, split it, add an
empty string and returns.
It is not really useful and the code in the script (memberentry.pl) uses
the only occurrence of CGI::popup_menu
Let's remove it and build the dropdown list in the template.

Test plan:
1/ Empty BorrowersTitles, edit a patron and confirm that the "Salutation"
does not appear
2/ Fill BorrowersTitles with "Mr|Mrs|Miss|Ms", edit a patron and confirm
that the "Salutation" dropdown list is correctly filled.
The default option should be selected if you are editing a patron with a
title defined.
This should also be tested at the OPAC.

Followed test pan, works as expected in Staff and OPAC
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-07-22 17:23:42 +00:00
779fa7c6da Bug 16591: Fix CSRF in opac-memberentry
If an attacker can get an authenticated Koha user to visit their page
with the code below, they can update the victim's details to arbitrary
values.

Test plan:

Trigger
/cgi-bin/koha/opac-memberentry.pl?action=update&borrower_B_city=HACKED&borrower_firstname=KOHA&borrower_surname=test

=> Without this patch, the update will be done (or modification
request)
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Do some regression tests with this patch applied (Update patron infos)

QA note: I am not sure it's useful to create a digest of the DB pass,
but just in case...

Reported by Alex Middleton at Dionach.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-06-24 11:55:15 +00:00
f0b60f712c Bug 16283 - Make OPAC registration captcha case insensitive
The OPAC registration captcha should not be case sensitive. This patch
was moved here from bug 9393.

Test Plan:
1) Enable patron self registration
2) Test the captcha by typing in the captcha in lower case. Registration
should still succeed.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-04-29 11:55:07 +00:00
545b64f869 Bug 15635: Koha::Patron::Images - Remove GetPatronImage
To retrieve a patron image, we can call Koha::Patron::Images->find or
Koha::Patrons->find->image
Both will return a Koha::Patron::Image object.

Test plan:
1/ From the patron/member module, open all tabs on the left (Checkouts,
detail, fines, etc.)
The image should be correctly displayed.
2/ At the OPAC, on the patron details page (opac-memberentry.pl) the
image should be displayed as well.
3/ Same on the sco module.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-03-04 12:54:15 +00:00
3691bd8419 Bug 15548: Move new patron related code to Patron*
The 'borrower' should not be used anymore, especially for new code.
This patch move files and rename variables newly pushed (i.e. in the Koha
namespace).

Test plan:
1/
  git grep Koha::Borrower
should not return code in use.

2/
Prove the different modified test files

3/ Do some clicks in the member^Wpatron module to be sure there is not
an obvious error.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. Tested with Circulation, Members/Patrons, Discharge,
Restrictions modules and the must common functionalities

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
2016-03-03 14:38:26 -07:00
Jesse Weaver
cdbb63f856 Bug 14659: Allow patrons to enter card number and patron category on OPAC registration page
Test plan:
  1. Open OPAC self-registration page while logged out.
  2. Note that cardnumber and categorycode are not shown.
  3. Remove cardnumber and categorycode from
     PatronSelfRegistrationBorrowerUnwantedField.
  4. Enable autoMemberNum.
  5. Reload self-registration page, note that categorycode now shows.
  6. Disable autoMemberNum.
  7. Reload self-registration page, note that cardnumber now shows.
  8. Try saving a patron with an existing cardnumber; this should fail
     and explain why.
  9. Set CardnumberLength, and verify that those length restrictions are
     enforced.
 10. Verify that patron can be created with custom categorycode and
     cardnumber.

Signed-off-by: Michael Sauers <msauers@dospace.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-03-02 04:29:38 +00:00
4e9b187c14 Bug 14658: Remove warning if prefs are not defined
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-02-26 13:47:21 +00:00
Jesse Weaver
a44859d082 Bug 14658 - (QA followup) make it easier to grep for these syspref names
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-02-26 13:47:21 +00:00
Jesse Weaver
d2f5f4c90a Bug 14658 - Split PatronSelfRegistrationBorrowerUnwantedField into two preferences for creating and editing
Test plan:
  1) Make sure there is at least one field in PatronSelfRegistrationBorrowerUnwantedField.
  2) Apply patch, and update database.
  3) Check to make sure that the new system preference
     PatronSelfModificationBorrowerUnwantedField has the same value as
     PatronSelfRegistrationBorrowerUnwantedField.
  4) Verify that the same fields are hidden for self-registering a new
     borrower and edting a new one (both on the OPAC).
  5) Change PatronSelfModificationBorrowerUnwantedField, and verify that
     the two preferences correctly apply to editing vs. creating.

Signed-off-by: Michael Sauers <msauers@dospace.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-02-26 13:47:20 +00:00
0e5890475e Bug 15343 [QA Followup]
* Check for leading/trailing spaces in password
* Check hashed password in tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-24 04:04:05 +00:00
21745ec3f7 Bug 15343 [QA Follow up] Fix captcha display
Make captcha visible even if password field is hidden
Remove password confirmation field before submitting modification

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-24 04:04:05 +00:00
7d8b1ce269 Bug 15343 [QA Followup] - Fix issues
1) "Contact information" should be "Password"
2) Don't pass sysprefs from the script to the template, use Koha.Preference()
3) minPasswordLength is optional, we cannot always assume it is set
4) Password field when does not follow convention completely when mandatory

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-24 04:04:04 +00:00
714899c7f8 Bug 15343 - Allow user to set password on opac-memberentry.pl
This patch allows patrons to create thier own password during OPAC self
registration.  It sets the password field to be hidden by default, and
allows for a system generated password if no password is supplied and
field is not mandatory

1 - Apply patch
2 - run updatedatabase.pl
3 - Check syspref "PatronSelfRegistrationBorrowerUnwantedField" - it
should contain 'password'
4 - Check self registration on opac - there should be no change
5 - Remove 'password' from PatronSelfRegistrationBorrowerUnwantedField
6 - Password field should now be visible in OPAC self registration
7 - Register a patron: If no passwor is supplied you should get a system
generated password
8 - Register a patron with a password, your password should be used
9 - Add 'password' to PatronSelfRegistrationBorrowerMnadatoryField
10 - Attempt to register a patron with no password - it should fail
11 - Try all combinations if mismatched/short/missing passwords and view
correct error messages
12 - prove t/db_dependent/Members.t

Sponsored by : Do Space (www.dospace.org)

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-24 04:04:04 +00:00
Jesse Weaver
f4241d1a49 Bug 15813: Fix list-context call to ...->guarantor in opac-memberentry.pl
(was: Bug 14658: (followup) fix issue with list context on DBIC call)

While working on bug 14659, it was discovered that the call to
...->guarantor in list context will cause the hash to be misaligned if
there is no guarantor.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2016-02-24 03:26:28 +00:00
49a0b63f62 Bug 9303 [QA Followup] - Restore ability for patron to control setting
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-12-31 13:09:45 +00:00
Marc Véron
3e3ec3a14e Bug 14956: (followup) Fix birthday date validation in Opac
To reproduce / test:

- In Opac: Go to 'your personal details'
- Enter a valid birtday date
- In Staff client: Go to Home > Patrons > Update patron records
  (Link on start page: Patrons requesting modification)
- Verify that the birtday date is correct
- Back in Opac, clear the birthday date, try to submit
  => Validation message appears
- Enter an invalid date (32/32/2999 or 00/00/0000), try to submit
  => Birthday date field is cleared, validation message appears.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised. Wrong today corrected

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-06 15:01:37 -03:00
Marc Véron
7a46b1599e Bug 14956: C4::Dates from files opac/*.pl
Remove C4::Dates from files:
-  opac/opac-memberentry.pl
-  opac/opac-reserve.pl
-  opac/opac-search-history.pl
-  opac/opac-showreviews.pl
-  opac/opac-suggestions.pl
-  opac/opac-serial-issues.pl
-  opac/opac-alert-subscribe.pl
-  opac/opac-ics.pl

To test:
- Apply patch
- Verify, that self registration and holds work as before
- Verify that tabs in catalog item detail work and display
  as before
- For serials: Verify that subscriptions work as before. It is a
  little bit hidden, in tab Subscriptions, then 'More details', then
  tab 'Brief history', button 'Subscribe to email notificatin on
  new issues'
- For ics: Can not be tested at the moment, not yet used (Bug 5456),
  pls. have a look at the code changes

(Amended following comment #2)

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-06 15:01:28 -03:00
542ab0bce9 Bug 5371: Force no caching for private pages at the OPAC
In order no to slow too much the browsing, it is certainly not a good
idea to add this cache-control value for all pages at the OPAC.

This patch just adds where the author found it could be useful.

Test plan:
1/ Login at the OPAC
2/ Go on the account page (opac/opac-account.pl)
3/ Click log out
4/ Use the back button of your browser
Without this patch you will see the previous page.
With this patch, the previous page will be reloaded and you will be
redirected to the login form.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-10-02 11:06:17 -03:00
Martin Stenberg
d5a5e9576e Bug 14675: Don't update details if no changes made
if no changes has been made for personal details, bring user back to details
page and inform them that no changes has been made.

Signed-off-by: Aleisha <aleishaamohia@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-08-20 13:42:04 -03:00
Juhani Seppälä
ab1fd8a556 Bug 5685: Validation of email address field
This patch adds server-side & client-side validation for email
form fields in the members/memberentry -view and in the
opac/memberentry-view (bootstrap).

I recently added simple validation for phone number and email address fields
for our in-house koha and saw this old bug: I'm open to any ideas on how
to do this better. Validation for phone numbers would be easy to add on
top of this but I left it out since this bug is only about the email
fields.

To test:
1) Select a member and go to any of the edit forms with email fields
(Primary info, "Library use", "Alternate address", "Alternative
contact").
2) Disable javascript in the browser in order to test server-side
validation and try to input invalid emails in each of the email form
fields.
3) Confirm that an invalid address is catched from any of the email
fields, an alert shown for each invalid address and that the member's
information was not updated with invalid data.
4) Enable javascript in the browser.
5) Confirm that the jquery validation plugin caches invalid addresses
from any of the email fields and that you cannot send the form before
correcting the problem.
6) Perform the same tests for the opac-memberentry-view.

Note: as the jQuery validation plugin doesn't exist in the bootstrap
folder, I just copied it over from the staff-client folder -how to deal
with this?

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I have undone the changes to opac.css so that they can be submitted as a
separate patch. I have some other follow-ups to make as well.

Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-07-24 13:47:32 -03:00
f7ed250d61 Bug 11693: Default emailing preferences not loaded for self registering patron
The call to AddMember_Opac does not take care of the messaging prefs
when enhanced messaging is enabled.
This patch adds the call to handle_form_action to do that.

Test plan:
Enable self registering patrons and enhanced messaging.
Check the (default) message prefs for the relevant patron category. At least
enable email for one notice.
Self-register a user with and without verification email enabled.
Check in both cases that the message prefs of the user conform to
those in the patron category. (So at least one enabled.)

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-07-24 13:44:39 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
fd6176d0a5 Bug 13526 - Mandatory fields should not be able to be hidden in borrower self-registration
Currently, mandatory fields in the borrower self-registration can be hidden.
This causes problems since the validator rejects the registration,
even though all required fields on the screen have been filled out.

This is especially a problem when using the system preference
"PatronSelfRegistrationVerifyByEmail", since it automatically makes
"email" a mandatory field.

This patch makes it so that a mandatory field cannot be hidden on
the self-registration page.

_TEST PLAN_

Before applying
1) Hide the "email" and the "emailpro" fields using the
"PatronSelfRegistrationBorrowerUnwantedField" system preference.

2) Make the "email" and the "emailpro" fields mandatory using the
"PatronSelfRegistrationBorrowerMandatoryField" system preference.

3) Note that you cannot see "Primary email" or "Secondary email"
on the self registration page.
(The registration page which can be found by turning
on "PatronSelfRegistration" and filling in
"PatronSelfRegistrationDefaultCategory". The link will be on
opac-main.pl on the right side of the screen under the login box.)

4) Note that you cannot submit a self-registration request as
the system tells you that you have not filled in all the mandatory
fields.

5) Apply the patch && refresh the self registration page

6) Note that you can now see "Primary email" and "Secondary email"
on the self-registration screen".

Signed-off-by: Abby <abbyrobnz@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-18 10:45:10 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
1993b3090c Bug 13050: Follow-up for bug 12371
This patch simplifies the SQL query in Letters.pm for table
borrower_modifications.
It also addresses the only case this query is used in opac-memberentry.
An unused variable in Letters.pm is removed.

Test plan:
Enable selfregistration on opac.
Set verification by email to required in prefs too.
Self-register two new users.
Check the email notices generated.
Verify the new users with the tokens in their notice.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Much cleaner SQL

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Cleaner and works as described, no regressions found.
Passes tests and QA script.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-21 15:29:43 -03:00
c435ceb916 Bug 12718 - Show extended patron attributes in the OPAC
At some point the patron details page in the OPAC lost the display of
patron attributes. This patch returns the attributes to the update page.

To test, log in to the OPAC as a patron who has data in one or more
extended patron attributes. View the "your personal details" page
(opac-memberentry.pl):

- Confirm that the information displays correctly.
- Test with OPACPatronDetails both on and off.
- Test with patron who has no data in extended patron attributes.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Attributes only display when 'display in OPAC' is configured.
Attribute shows correct description, when authorised value is used.
Works as expected, updating is currently not yet possible.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-08-26 11:36:02 -03:00
afd2418d73 Bug 11349: Change .tmpl -> .tt in scripts using templates
Since we switched to Template Toolkit we don't need to stick with the
sufix we used for HTML::Template::Pro.

This patch changes the occurences of '.tmpl' in favour of '.tt'.

To test:
- Apply the patch
- Install koha, and verify that every page can be accesed

Regards
To+

P.S. a followup will remove the glue code.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-17 11:05:49 -03:00
Galen Charlton
5c3f36279b Bug 11535: sanitize input from patron self-registration form
This patch adds the use of C4::Scrubber to the processing of input
from the patron self-registration form, thereby closing off one
avenue for Javascript injection.

To test:

[1] Use the OPAC self-registration form to enter a new patron,
    and set its address to something like:

    <span style="color: red;">BAD</span>

[2] In the staff interface, bring up the new patron record.  The
    address will show up in red, indicating a successful HTML
    injection.
[3] Apply the patch and use self-registration to enter a new
    patron with a similar case of unwanted HTML coding.
[4] Bring up the second patron in the staff interface.  This time,
    the undesirable HTML tag should not be present.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tags are not present on testing.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Confirmed bug and that the patch fixes it.
Passes all tests and QA script.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-14 16:28:14 +00:00
9a5f737dcb Bug 11342: fix error in OPAC self registration form if BorrowersTitles is empty
If BorrowersTitles is empty, it causes the library pulldown on the self
registration page to be empty, and to have the "Saluation" field have
the option "branches".

This patch also fixes a minor string capitalization issue.

Test Plan:
1) Enable OPAC self registration
2) Set the system preference BorrowersTitles to be empty
3) View the self registration page
4) Note the lack of branches in the home library pulldown
5) Apply this patch
6) Note the branches now display in the pulldown

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested in bootstrap and prog OPAC, with BorrowersTitle configured
and emptied.
Passes all tests and QA script.

Note: The titles pull down has 2 empty entries in master with
and without the patch.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-01-06 15:26:02 +00:00
09b8ce2a5f Bug 10636 - patronimage should have borrowernumber as PK, not cardnumber
Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Enable patronimages
4) Verify patron images are still displaying correctly
5) Test deleting a patron image
6) Test adding a patron image from moremember.pl
7) Test adding a patron image from tools/picture-upload.pl

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2013-10-14 21:08:02 +00:00
afccbfcce7 Bug 10204 - Patron image no longer appears in the OPAC
With the addition of opac-memberentry.pl to the OPAC we lost a way to
display the image associated with a patron's account. This patch adds
display of the patron image to opac-memberentry.pl now that
opac-userdetails.pl and opac-userupdate.pl are deprecated.

To test:

1. Log into the OPAC as a patron who has an image associated with their
   account. View the "my personal details" tab and confirm that the
   patron image appears with and without OPACPatronDetails enabled.

2. Log into the OPAC as a patron who has no image associated with their
   account. View the "my personal details" tab and confirm that the
   layout looks correct.

3. Turn off OPACpatronimages and confirm that the "my personal details"
   page looks correct.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with OpacPatronDetails and OpacPatronImags turned on/off
and it's working well.
Template only changes.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2013-05-08 09:47:38 -04:00
29aa50d93d Bug 7067 QA Followup
Adjusts calling conventions to use hashrefs and eliminate redundant
procedural/OO mixed code.

Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:09:00 -05:00
5a0dffcaac Bug 7067 [Follow-up: templates] allow patron self registration via the opac
- Adding simple style to register link on home page
- Adding unique ids to new pages and to blocks containing
  registration links
- Adding better page titles and breadcrumb links to some pages
- Correcting bug which meant incorrect message showed on registration
  page when OPACPatronDetails preferences is turned off
- Passing patron details to opac-memberentry.tt so that patron's
  name can be displayed in breadcrumbs
- Improving display in staff client of patron record updates
  waiting to be approved.
- Adding a sort by name to output of pending patron record updates
- Adding updated JqueryUI library files to include expanded widget
  options.

The changes in this patch require the addition of the jQueryUI
Accordion widget. Other pending patches are seeking to add
enough of the other remaining missing widgets that it seems time
to go ahead and add the rest.

Future submissions which add usage of these widgets will have
to be careful to make changes to Koha's CSS where necessary.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00
92782d3832 Bug 7067 - OPAC Borrower Self Registration
This development will add the ability for a new patron to register
himself or herself. The self-registration will attempt to match this
newly inputted data to any existing patrons and if any possible matches
are found, ask if the patron is sure he or she doesn't already have an
account at the library. A system preference may be set to prevent patron
self-registration if the system detects the possibility that the person
may already have an account.

Once the patron has registered, passing a captcha (or similar
bot-stopper), the patron will then be optionally verified a second time
via email. At this point, the patron will be able to print a temporary
library card (optional by system preference), and will be provided any
details necessary to access electronic resources (this body of text
would be a template in the slips and notices system). At the library's
choice, this new patron would either be set to a temporary patron status
(patron type set via system preference), or a fully-fledged patron
(allow patron type to be determined by age and/or other attributes).
Assuming the library uses temporary patron types for OPAC registrations,
this patron will next enter a queue and would need to physically enter
the library to verify himself and become a fully-fledged patron (most
likely by bringing in physical proof of address, etc.). The librarian
would look up the patron record and modify the patron type. If a
temporary patron has not been verified within a certain time frame
(defined by a system preference), the patron record will be deleted
from the system via a cron job.

For registered patrons, the system will allow each person to also
update his or her personal data via the OPAC. When a patron updates his
or her information, the changes will be entered into a queue to be
verified by a librarian (preventing a patron from inputting obviously
bogus data). The staff client home page will display the number of
patron records with changes awaiting approval. A librarian would then be
able to click through a list of modification requests, and approve or
deny each (with approval and denial alerts being sent to the patron via
the standard messaging system).

NEW SYSTEM PREFERENCES
* PatronSelfRegistration
* PatronSelfRegistrationDetectDuplicates
* PatronSelfRegistrationVerifyByEmail
* PatronSelfRegistrationPrintTemporaryCard
* PatronSelfRegistrationUseTemporaryStatus
* PatronSelfRegistrationExpireTemporaryAccountsDelay

NEW NOTICE
* Verify by email notice

NEW SLIP
* Temporary card slip

NEW CRON JOB
* delete_expired_opac_registrations.pl
  - Deletes patrons that have not been upgraded from the temporary
    status within the specified delay
* delete_unverified_opac_registrations.pl
  - Deletes the unverified patrons based on the length of time specified
    in the PatronSelfRegistrationExpireTemporaryAccountsDelay

The patron will register from self_registration.pl, linked off opac-main.pl if enabled. The registration page will be translatable to other languages in the same way that existing templates are.

Test Plan:
1) Enable PatronSelfRegistration
2) Set PatronSelfRegistrationExpireTemporaryAccountsDelay to a number
   of days
3) Create a self-registered borrower category
4) Set PatronSelfRegistrationUseTemporaryStatus
5) Set PatronSelfRegistrationVerifyByEmail to "Don't require"
6) Go to OPAC, log out if logged in.
7) You should see the "Register here" link below the login box
8) Attempt to register yourself
9) Verify you can log in with your temporary password.
10) Set PatronSelfRegistrationVerifyByEmail to "Require"
11) Attempt another self-registration
12) Check the messages table, you should see a new message with a
    verification link.
13) Copy and paste the link into a web browser to verify the registration
14) Log in with the given credentials to verify the account was created.

Test Plan - Part 2 - Borrower Modifications

1) Log in to OPAC, go to "my personal details" tab.
2) Make some modifications to your details.
3) Repeat steps 1 and 2 for two more borrowers.
4) Log in to Koha intranet with a user that can modify borrowers.
5) At the bottom of mainpage.pl, you should see:
  Patrons requesting modifications: 3
6) Click the link
7) Approve one change, deny a different one, and ignore the third, then
   submit.
8) Check the records, you should see the changes take affect on the
   approved one, and no changes to the other two. You should also see
   "Patrons requesting modifications: 1" at the bottom of mainpage.pl
   now.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Bug 7067 - OPAC Borrower Self Registration - Followup

* Rename PatronSelfRegistrationUseTemporaryStatus to PatronSelfRegistrationDefaultCategory
* Hide register link unless PatronSelfRegistrationDefaultCategory is set.
* Add invalid token page
* Add documentation and switches to cron scripts
* Add required fields check for editing exiting patrons
* Don't force require email address for existing patrons when
  PatronSelfRegistrationVerifyByEmail is enabled.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Passed-QA-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
2012-12-14 08:08:59 -05:00