Commit graph

29 commits

Author SHA1 Message Date
Magnus Enger
c98c1994ea
Bug 22706: Add plugin hooks for Norwegian national patron database
The main point of this patch is to make it possible to integrate Koha
with the Norwegian national patron database (NNPDB). Code for this was
earlier introduced in Bug 11401 and removed again in Bug 21068.

To test this is mainly a question of spotting regressions, it should
still be possible to set and change a password in all possible ways:
- Setting a password for a new user
- Changing a password in the staff client
- Changing a password in the OPAC
If these work as expected, everything should be OK.

A nice side effect of this work is that it will allow for plugins that
validate passwords. I have created a tiny plugin that enforces PIN
codes of 4 digits. (Yeah, I know, those are the worst passwords, but
some libraries do require them.) It is published here:
https://github.com/Libriotech/koha-plugin-pin
To test this way, install the plugin and try to change the password
of an exsisting user to something that is not a 4 digit PIN. You
should get an error that says "The password was rejected by a plugin".

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Updated 2019-10-23:
- Moved the plugin checks to before the call to $self->SUPER::store to
  make sure patrons are not saved if the password fails a plugin check
- Made the plugin checks in set_password respect skip_validation while
  retaining the functionality for NNPDB

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-10-29 12:19:49 +00:00
990c94721c Bug 22974: Patron password update validation broken
This patch adds back an include file to the change password template
which was inadvertently removed by Bug 21964. This broke Javascript
validation of the new password fields.

To test, apply the patch and enable the RequireStrongPassword system
preference.

 - Go to Patrons -> Patron details -> Change password.
 - Try entering a weak password in the "New password" field. You should
   get a validation error: "Password must contain at least 3 characters,
   including UPPERCASE, lowercase and numbers."
 - Try entering a password in the second password field which doesn't
   match the first. You should get a validation error: "Please enter the
   same password as above."

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Bin Wen <bin.wen@inlibro.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-05-30 10:01:42 +00:00
000de61e26 Bug 21964: Update two-column templates with Bootstrap grid: Patrons part 2
This patch modifies several patron templates to use the Bootstrap grid
instead of YUI.

This patch also removes obsolete "text/javascript" attributes from
<script> tags in the modified templates.

To test, apply the patch and view the following pages, confirming that
they look correct at various browser widths:

 - Patrons home page
   - New patron
 - Patron -> Fines -> Create manual invoice
 - Patron -> Set permissions
 - Patron -> Change password
 - Patron -> Edit

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-28 14:34:48 +00:00
abea0ea9d2 Bug 22048: Use set_password in member-password.pl
This patch makes member-password.pl use $patron->set_password instead of
update_password. The side effect is that setting password and userid
become separate steps in the code.

For the password all the initial checks are the same, but password
strength is checked on calling set_password and an exception is thrown.
So instead of checking the password quality, we just wait for exceptions
and behave the same as before.

Bonus: you will notice I reused the initially fetched $patron object.
Things get simpler :-D

To test:
- Verify that changing the password / userid for a patron works as usual

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-25 20:15:28 +00:00
Jonathan Druart
dcd1f5d48c Bug 13618: Add html filters to all the variables
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.

This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.

To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags

- Remove them from borrower_debarments.comments (there are allowed here)
update  borrower_debarments set comment="html tags possible here";

- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)

Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-17 15:55:05 +00:00
81431ee28a Bug 20226: Centralize update child code (CATCODE_MULTI)
Code and variables to deal with the update child feature are not
centralized but copied/pasted in several scripts. Which leads to issues
obsviously (bug 20805 for instance).

Moreover the strings used by the templates are also in several template
files (or .inc)

To deal with that this patch introduces the idea to create 1 .inc file
per .js file
Here we have members-menu.inc for members-menu.js

Test plan:
- Remove all your adult categories (categories.category_type='A')
- Create a patron with a child category
- Try to update to adult category
=> The entry does no longer appears! (This is a change in the behaviour)
- Create one adult category
- Update to adult category
=> There is a JS confirmation message, if you accept the patron will
be updated to the adult category
- Create (at least) another adult category
- Create another child
- Update to adult category
=> No more confirmation message but a popup to select the adult category
- Pick one
=> The patron has been updated to the adult category

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-14 11:58:26 +00:00
Julian Maurice
ed7543287b Bug 20538: Remove the need of writing [% KOHA_VERSION %] everywhere
Having to write [% KOHA_VERSION %] for each url is bad because:
- It's easily forgettable when adding new <script> or <link>
- It prevents grep'ing for the full filename
- It violates the DRY principle
- If at some point we want to change the "force js and css reload"
  mechanism, it will be tedious

This patch:
- adds a Template::Toolkit plugin that generates <script> and
  <link> tags for JS and CSS files, and inserts automatically the Koha
  version in the filename
- use the new plugin to remove all occurences of [% KOHA_VERSION %]
- remove the code that was adding KOHA_VERSION as a template variable

Test plan:
1. Apply patch
2. Go to several different pages in Koha (opac and intranet) while
   checking your browser's dev tools (there should be no 404 for JS and
   CSS files, and the Koha version should appear in filenames) and the
   server logs (there should be no "File not found")
3. `git grep KOHA_VERSION` should return nothing
4. prove t/db_dependent/Koha/Template/Plugin/Asset.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-13 11:49:44 -03:00
be4d4a8e28 Bug 19908: Password fields in edit/add patron form should respect BorrowerMandatoryField preference
Test plan:
0) Do not apply the patch, note the password field is always required
1) Apply the patch
2) Try to add and edit patron with and without "password" in BorrowerMandatoryField, it should always respect this setting
3) Use "Change password" button in patron toolbar, the password field
should be never required here - when leaved blank, the password is
unchanged
4) Play with  minPasswordLength and  RequireStrongPassword preferences,
    to ensure they work as expected

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-03-19 12:23:12 -03:00
7d9ba0d1b4 Bug 18789: (QA follow-up) Fix tab char
Test plan:

run koha qa tools, should be green

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
0ab22e1c7c Bug 18789: Send Koha::Patron object to the templates
In order to simplify and make uniform the code, the controller scripts send
a Koha::Patron object to the templates instead of all attributes of a patron.

That will make the code much more easier to maintain and will be less
error-prone.

The variable "patron" sent to the templates is supposed to represent the
patron the librarian is editing the detail.

In the members module and some scripts of the circulation module, the
patron's detail are sent one by one to the template. That leads to
frustration from developpers (making sure everything is passed from all
scripts) and to regression (we got tone of bugs in the last year because
of this way to do).
With this patch set it will be easy access patron's detail, passing only
1 variable from the controllers.

Test plan:
Play with the patron and circulation module and make sur the detail of
the patron you are editing/seeing info are correctly displayed.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-16 13:03:58 -03:00
4c45a5011b Bug 19641: (follow-up) Move patron templates to the footer
Fix bad merge conflict with bug 12904

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-15 15:09:37 -03:00
047ca33a93 Bug 19641: Move patron templates to the footer
This patch modifies the staff client patron module templates so that
JavaScript is included in the footer instead of the header.

This patch touches a lot of files because the changes are all
interdependent, affecting a couple of module-wide include files.

To test, apply the patch and test the JavaScript-driven features of the
modified templates: All button controls, DataTables functionality, tabs,
etc.

Patrons -> Patrons home, patron search results
  -> Manage pending modification requests
  -> Patron detail page
    -> Edit patron
      -> Set guarantor
    -> Fines
       -> Account, Pay fines, Create manual invoice, Create manual
          credit
       -> Print receipts for different kinds of charges
    -> Routing lists
    -> Circulation history
    -> Holds history
    -> Notices
    -> Statistics
    -> Files
    -> Purchase suggestions
    -> Discharges
    -> Housebound
    -> Set permissions
    -> Change password
    -> Print summary, slips, and overdues
    -> Update child to adult patron type

Patron toolbar and patron search bar operations should work correctly on
all pages.

This patch also updates the template for searching the Norwegian
national patron database, but it has NOT been tested.

Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>

Signed-off-by: Zoe Bennett <zoebennett1308@gmail.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-02-15 13:30:23 -03:00
9136c3dbf8 Bug 18298: (QA followup) Use Koha.Preference on the template
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:33 -03:00
3f9da34683 Bug 18298: Add server-side checks and refactor stuffs
Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
f2a1b215dd Bug 18298: minPasswordLength should not be used as the default password length
The length of the passwords generated for a patron should not be as long
as the value of minPasswordLength.
It is the minimum required size of a password, not the maximum!
So let's fix it to 8 if the minPasswordLength if < 8, that sounds
reasonable and less risky for patrons.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
ac50959dcf Bug 18298: Move password generation to template side
This patch removes a really ugly way to generate a password: the whole
template was sent and parsed to retrieve the "#defaultnewpassfield" node.
To avoid the password to be sent plain text it is certainly better to
generate it client-side.
The same kind of passwords will be generated: 0-9a-zA-Z
The while loop prevents to get an invalid generated password.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
7cc65af6ff Bug 18298: Use the validate jQuery plugin
To validate password fields we need to use the validate jQuery plugin.
To make things reusable this patch adds a new include file
'password_check.inc' at the intranet and opac sides, it creates 3 new
validation methods:
- password_strong => make sure the passwords are strong enough according
to the values of the RequireStrongPassword and minPasswordLength prefs
- password_no_spaces => prevent passwords to be entered with leading or
trailing spaces
- password_match => make sure both password fields match

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-16 09:44:32 -03:00
19a977dc7b Bug 15758: Koha::Libraries - Remove GetBranchName
This is the fourth and last patch set to remove C4::Branch.
The real purpose of this patch is to standardise and refactor some code
which is related to the libraries selection/display.
Its unconfessed purpose is to remove the C4::Branch package.

Before this patch set, only 6 subroutines still existed in the C4::Branch
package:
- GetBranchName
- GetBranchesLoop
- mybranch
- onlymine
- GetBranches
- GetBranch

GetBranchName basically returns the branchname for a given branchcode.
The branchname is only used for a display purpose and we don't need to
retrieve it in package or pl scripts (unless for a few exceptions).
We have a `Branches` template plugin with a `GetName` method which does
exactly this job.
To achieve this removal, we will use this template plugin and delete the
GetBranchName from pl and pm files.
The `Branches.all()` will now select the library of the logged in user
if no `selected` parameter has been passed.
This new behavior could cause regressions, for instance there are some
places where we do not want an option preselected (batch item
modification for instance), keep that in mind when testing.

GetBranchesLoop took 3 parameters: $branch and $onlymine.
The first one was used to set a "selected" flag, for a display purpose:
select an option in the libraries dropdown lists.
The second one was useless: If not passed or set to 0, the
`C4::Branch::onlymine` subroutine was called.
This onlymine flag was use to know if the logged in user was able to see
other libraries infos.
A patron can see the infos from other libraries if IndependentBranches
is not set OR if he has the superlibrarian permission.
Prior to this patch set, the "onlymine test" was done on different
places (neworderempty.pl, additem.pl, holidays.pl, etc.), including the
Branches TT plugin. In this patch set, this test is only done on one
place (C4::Context::only_my_library, code moved from
C4::Branch::onlymine).
To accomplish the same job as this subroutine, we just need to call the
`Branches.all()` method from the `Branches` TT plugin. It already
accepts a `selected` parameter to set a flag on the option to select.
To avoid the repetitive
  [% IF selected %]<option selected="selected">[% ELSE %]<option>[% END %]
pattern, a new `html_helpers` TT include file has been created, it
defines an `options_for_libraries` block, which takes a `selected`
parameter. We could imagine to use this include file for other
selects.

The 'mybranch` and `onlymine` subroutines of the C4::Branch package have
been moved to C4::Context. onlymine has been renamed with
only_my_library. There are only 4 occurrences of it, against 11 before
this patch set.
There 2 subroutines are Context-centric and it makes sense to put them
in `C4::Context` (at least it's the least worst place!)

GetBranches is the tricky part of this patch set: It retrieves all the
libraries, independently of the value of IndependentBranches.
To keep the same way as the existing calls of `Branches.all()`, I have
added a `unfiltered` parameter. If set, the `Branches.all()` will call
a usual Koha::Libraries->search method, otherwise
Koha::Libraries->search_filtered will be called. This new method will
check if the logged in user is allowed to see other libraries or only
its library.
Note that this `GetBranches` subroutine also created a `category` key:
it allowed to get the list of groups (of libraries) where this library
existed. Thanks to a previous patch set (bug 15295), this value was
not used anymore (I may have missed something!).

Note that the only use of `GetBranch` was buggy (see bug 15746).

Test plan (for the whole patch set):
The best way to test this whole patch set is to test with 2 instances: 1
with the patch set applied, 1 using master, to be sure there is no
regression.
It would be good to test the same with `IndependentBranches` and the
without `IndependentBranches`.
No difference should be found.
The tester must focus on the library dropdowns on as many forms as
possible.
You will notice changes in the order of the options: the libraries will
now be ordered by branchname (instead of branchcode in some places).
A special attention will be given to the following page:
- acqui/neworderempty.pl
- catalogue/search.pl
- members/members-home.pl (header?)
- opac/opac-topissues.pl
- tools/holidays.pl
- admin/branch_transfer_limits.pl
- admin/item_circulation_alerts.pl
- rotating_collections/transferCollection.pl
- suggestion/suggestion.pl
- tools/export.pl

Notes for QA:
- There are 2 FIXMEs in the patch set, I have kept the existing behavior,
but I am not sure it's the good one. Feel free to open a bug report and
I will fill a patch if you think it's not correct. Otherwise, remove the
FIXME lines in a follow-up patch.
- The whole patch set is huge and makes a lot of changes.
But it finally will tremendously reduce the number of lines:
716 insertions for 1910 deletions

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 14:36:01 +00:00
06d1259e56 Bug 16992: FIX CSRF in member-password.pl
If an attacker can get an authenticated Koha user to visit their page with the
url below, they can change patrons' passwords
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

Test plan:

Trigger
/members/member-password.pl?member=42&newpassword=hacked&newpassword2=hacked

=> Without this patch, the password will be updated
=> With this patch applied you will get a crash "Wrong CSRF token" (no
need to stylish)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-08-10 13:34:02 +00:00
53dd856c66 Bug 14509: (follow-up) Reject invalid passwords
The members.js was not included in member-password.tt
And it cannot, there are specific code which cannot be used outside of
memberentry.tt

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-09-28 11:51:09 -03:00
1b8f3194e9 Bug 14509: Reject invalid passwords
Bug 10177 rejects password with leading or trailing whitespaces, but
only on the member-password page.
It's not consistent to only do this check on 1 place.
This patch adds the check for the 2 other places: memberentry and at the
OPAC.

Test plan:
1/ Edit a patron and set a password with leading and/or trailing
whitespaces. You should not be allowed to do it (no server side check).
2/ Same at the OPAC ("Change you password" tab). Here there is a server
side check.

Followed test plan. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-09-28 11:51:08 -03:00
Brandon
78994d2dda Bug 10177 - Whitespace is accepted within the password but leading and trailing spaces are not.
Test plan:
1: Go to your patron
2: Go to change username and/or password.
3: Change password to something with spaces in the middle. Notice it is invalid.
4: Apply this patch.
5: Change password again using spaces in the middle. Notice it is accepted.
6: Change password with leading and/or trailing spaces, notice they are not accepted.

Applied bothe patches. Followed test plan. Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-09 17:00:12 -03:00
Brandon
fe28561897 Bug 10177 - whitespace is a valid password causing pernicious perturbations.
Test plan:
Go to your patron, go to change username and/or password. change
password to whitespace, notice it is accepted, apply this patch,
change password again, to whitespace, notice password is not valid.

Followed test plan. Patch behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-09 17:00:10 -03:00
Juhani Seppälä
c62e53bb97 Bug 11888: Random password suggestion does not work twice
This patch adds a simple ajax-call to pull a new suggested password
from the same perl script.

To test:
1) Search for a patron and select "Change password" from the moremember-view.
2) In the member-password-view, click on "Click to fill with a randomly generated suggestion".
3) Confirm that you get a new suggested password and click the same link again.
4) Note that you do not get another suggested password - nothing is happening.
5) Apply patch.
6) Repeat steps 1-3 and confirm that you can keep clicking for a new suggested password.

Patch works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script. Works as desribed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-07-30 11:56:03 -03:00
330e903e79 Bug 11877 - Eliminate use of deprecated jQuery .live() method
As of jQuery 1.9 the .live() method has been removed. A few templates
contain JavaScript which uses it. It can be easily replaced with .on().
This patch makes the correction.

To test, apply the patch and test the following pages:

- In the staff client, Administration -> OAI sets configuration:
  Define mappings for an existing set. You should be able to add rows by
  clicking the "OR" button. You should be able to delete or clear any
  line by clicking the "Delete" link.

- In the staff client, view the details for any patron and click the
  "Change password" button: In the change password form click the link
  to fill the password fields with a random password. This link should
  work correctly.

- If necessary enable OpacRenewalAllowed in system preferences. Log in
  to the OPAC as a patron who has checkouts. On the patron summary page
  (opac-user.pl) look for the "renew selected" and "renew all" links at
  the top of the table of checkouts. Both these links should work
  correctly. Test in prog and bootstrap themes.

Followed test plan. Same behaviour as without patch, i.e. patch OK
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script, works as described.
No Javasript errors found.

Note: The buttons on the form show up, even if no item shows the
checkbox. In my case the problem was that I had 0 renewals allowed
in the circulation rules. Maybe we could hide them, if no item
can be renewed.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-03-26 19:15:01 +00:00
Katrin Fischer
bae9aacb3f Bug 2780 - Capitalize strings consistently (members)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
2012-04-10 10:04:09 +02:00
Katrin Fischer
1fd4a1e8af Bug 7760 - Add ids and classes to every staff page to help with customization (patrons)
Class is 'pat' and ids start with 'pat_'.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
2012-03-22 18:12:30 +01:00
4a6ec50c62 Fix for Bug 5280 - Fix password field so that the password is masked as it is entered
This patch changes the password field to a password type input on
member-password.pl and adds a confirmation field to both member-password.pl
and memberentry.pl requiring that the password be re-entered to
confirm.

Client-side and server-side validation for the two password fields has been added
to both pages. Multiple error messages can now be displayed together on
member-password.pl.

If the user wishes for Koha to suggest a random password on member-password.pl
they can click a link which will remove the password-type input fields, replace
them with text-type fields, and automatically fill them with the random
password suggestion.

Follow-up fix lets the members.js correctly handling errors when there are
no mandatory fields

LR followup: fixing slight error that corrects previously reported template error.

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Tested password setting/changing utilities - all work as expected and described.
Passes prove t xt t/db_dependent tests congruent with current master failures (adds no new fails).

Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
2012-02-13 16:39:59 +01:00
Chris Cormack
5884fb1000 Bug 5917 : Swapping templates over 2011-04-10 20:38:30 +12:00
Renamed from koha-tt/intranet-tmpl/prog/en/modules/members/member-password.tt (Browse further)