Bug 14507 introduced the use of checkpw in C4::SIP::ILS::Patron so that
non-Koha internal authentication processes would be able to function via
SIP ( LDAP et al ).
The problem is that checkpw changes the userenv to that of the patron!
This is not usually an issue in Koha because most of the time that
patron running through checkpw is the one to be logged in.
Aside from SIP2 the only other area where this may be an issue is in SCO
when using SelfCheckoutByLogin.
Test Plan:
1) On master, check out an item to a patron via SIP2
2) Note the checkout lists the item as having been checked out
from the patron's home library not matter which library is was
supposed to be checked out from.
3) Apply this patch
4) Re-checkout the item
5) The item should now be checked out as if it was checked out from
the library as defined in the SIP configuration file.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Previous to bug 14507, SIP2 only did internal authentication. A change
to the way we check empty passwords has caused any empty password to
send back a CQ of Y. Previous to that patch set, a CQ of Y would only be
sent back of the patron password column was NULL. Now, an empty AD field
*always* returns a CQ of Y.
Test Plan:
1) Send a patron information request with an empty AD field
Note: You must send the AD field or you won't get back a CQ field
2) Note you get back a CQ of Y
3) Apply this patch
4) Repeat step 1
5) Note you now get back a CQ of N
Signed-off-by: Trent Roby <troby@bclib.info>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Koha's SIP2 server should have support for the AV field ( field items ).
The biggest problem with this field is that its' contents are not really
defined in SIP2 protocol specification. All it says is "this field
should be sent for each fine item". Due to this, I think the contents of
the field need to be configurable at the login level, so that the
contents can be defined based on the SIP2 devices requirements for the
AV field.
Test Plan:
1) Apply this patch
2) Find a patron with outstanding fines
3) Run a patron information request using misc/sip_cli_emulator.pl using the new -s option with the value " Y "
4) Note there is an AV field for each fee containing the description and amount
5) Edit your sip config, add an av_field_template parameter to the login you are using such as
av_field_template="TEST [% accountline.description %] [% accountline.amountoutstanding | format('%.2f') %]"
6) Restart your SIP server
7) Repeat the patron information request
8) Note your custom AV field is being used!
Signed-off-by: Chris Davis <cgdavis@uintah.utah.gov>
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Mainly a
perl -p -i -e 's/^.*3.07.00.049.*\n//' **/*.pm
Then some adjustements
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
Some devices are using patron information responses to validate
patron passwords to govern access to facilities as we
were using C4::Auth::checkpw_hash this only worked in a db password
context not other authentication routines.
The C4::Auth routines are not very consistent and there isnt a dropin
replacement for checkpw_hash this calls checkpw instead.
In a password only environment this behaves as the old version did
returning field CQ as Y if a valid password or no password is passed in
the patron info request and N if an incorrect password is supplied
It should also test against the appropriate authentication sources if
othere autrhentication schemes are in use
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Tested this with a client who reports that this enables SIP authentication to work correctly with their LDAP server.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
For historical reasons the SIPServer and SIP modules
have used an extra module path in addition to the
standard Koha one. This has caused numerous irritants
in attempting to set up scripts and basic tests. It
does not help in attempting to modify or debug
this code
This patch changes the package value in the modules
under the C4/SIP directory and makes calls to
them use the full package name.
Where the export mechanism was being short circuited
routines have been explicitly exported and imported
declarations of 'use ILS' when that module was
not being used and which only generated warnings
have been removed.
As a lot of the changes affect lines where
an object is instantiated with new. The opportunity
has been taken to replace the ambiguous indirect
syntax with the preferred direct call
In intializing ILS the full path is added as this
will not require any changes to existing configs.
I suspect this feature is unused, and adds
obfuscation rather than flexibility but have kept
the feature as we need this change in order to
rationalize and extend the testing of the server.
The visible difference is that with the normal Koha
PERL5LIB setting. Compilation of Modules under C4/SIP
should be successful and not fail with unlocated modules,
allowing developers to see any perl warnings
All the SIP modules can now be run through the tests
in t/00-load.t now except for SIPServer itself
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If the patron has amassed charges that block borrowing, but we
allow staff override the information that the patron cannot
issue should be included the patron information response
This patch sets the appropriate status fields in the patron object
It restores the fee_limit member to the patron object
and calls a local subroutine to set it.
This could be done more elegantly but that would require more
major refactoring of the rather messy initializer code
in ILS::Patron
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
If a patron has a record-level hold that is unavailable, any patron
information request will send back an empty CD field when this field
should have an item barcode in it [RM note: this actually isn't
universally true -- the SIP2 standard is silent as to what is supposed
to go in the CD field. Some SIP2 devices do indeed want an item
barcode, but others are known to just want a display of the title
and author of the request in question. Providing an option is the
topic of a new enhancement request, however.]
This is due to a minor error in ILS::Patron::_get_outstanding_holds
where GetItemnumbersForBiblio is assumed to return an array but in
reality returns an arrayref.
Test Plan:
1) Create a record level hold for a patron and record
2) Using SIP2, make a patron information request
3) Note the empty CD fields
4) Apply this patch, restart SIP server
5) Repeat step 2
6) Note the CD field now has a barcode
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
I did not test this patch but the following code shows me it is correct:
use C4::Items;
use Data::Dumper;
my $biblionumber = 5035;
my $itemnumber = (GetItemnumbersForBiblio($biblionumber))[0];
say Dumper $itemnumber;
$itemnumber = (GetItemnumbersForBiblio($biblionumber))->[0];
say Dumper $itemnumber;
displays:
$VAR1 = [
'23168',
'23169',
'23170',
'23171',
'23172'
];
$VAR1 = '23168';
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The system preference 'maxoutstanding' is defined as the maximum amount
of fees owed by the patron before Koha should block placing holds (
terrible naming on this one ).
However, although the Koha OPAC respects this preference, placing holds
via a SIP2 device will not.
Test Plan:
1) Set maxoutstanding to $10
2) Pick a patron owning more than $10 in fees
3) Attempt to place a hold for this patron from a SIP2 device
This attempt should succeed
4) Apply this patch
5) Restart your SIP2 server
6) Attempt to place a hold for this patron from a SIP2 device again
This attempt should now fail
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Test:
* SIP: Have an old user and create a new user
- use either tenet sip test or
C4/SIP/interactive_patron_check_password.pl to check old
userid/password
- do the same for the new user
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Work as described
Test
1) using perl C4/SIP/interactive_patron_check_password.pl
can check current (short) and new (long) passwords
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
When requested by the summary flags the sipserver
should return in the patron info response barcodes of
the relevant titles.
For available holds this is the barcode of the captured items.
For unavailable holds ( i.e. current unsatisfied holds ),
we need to send a barcode so that the unit can use this to
request the title info. The barcode could be any one
belonging to the title.
This patch also corrects the erroneous return of empty items
in the patron information response. If the unit supplies a
range 1 - 100 unless the title has a hundred or more copies the
unit expects all copies. The server was erroneously stuffing
the returned arrays with null copies so that all summary requests
returned 100 copies (mainly without barcodes)
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Testing notes:
Using the test script provided on the bug report, but changed it
to match sip user and patron existing in my database.
Before applying the patch the SIP responses show the behaviour
pointed out above regarding the 100 items. After applying the
patch and restarting the SIP server responses are much more clean
not returning empty IDs.
64 Patron information response
AS = hold items
hold items count is correct.
AS contains barcodes of waiting holds.
Before patch, all AS were empty.
AT = overdue items
overdue items count is correct.
AT contains barcodes of overdue items.
AU = charged items
charged items count is correct.
AU contains barcodes of charged items.
AV = fine items
Judging from behaviour seen and comment in
Patrons.pm currently not implemented.
BU = recall items
Recalls are not implemented in Koha yet.
CD = unavailable hold items
unavailable items count is correct.
CD contains barcode for item level holds and is empty
for title level holds where no item can be determined.
Before patch, all CD were empty.
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
The debarred status in DB switched from a boolean to a date.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Elliott Davis <elliott@bywatersolions.com>
Correctly pulls debared flag instead of debarment date.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Expansion of Liz Rea's original patch
Bug report specifically mentioned lack of the
Zip/Postal code but all used address fields should
be included. Moved the address
generation to its own sub.
Hopefully using an if else will read more clearly than
the original ternary operator proved to be
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
All the modules in the SIP/ILS tree are objects
The addition of calls to Exporter or hand manipulation of
@ISA added unnecessary bloat
Removed the "self = shift or return" idiom as it is nonsensical
if the method can only be called via an object.
standardized inheritance via use parent
added a $self = shift in a couple of places where it
was not strictly necessary as its absence seemed to have
misled readers in the past
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Passed-QA-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Add C4/SIP to perlcritic tests. Fix those issues that were
generating perlcritic errors
Signed-off-by: Stacey Walker <stacey@catalyst-eu.net>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Corrects typo in list of flags; was DEBARRED, but the actual name of the flag is
DBARRED (for some reason)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
working through the master branch to eliminate all
podchecker warnings/errors
Actual improvement to the quality of the POD will
come later (hopefully with assistance of others)
Signed-off-by: Andrew Elwell <Andrew.Elwell@gmail.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Using Flag EXPIRED to notice whether Patron CAN or CANNOT checkout a book
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
This update the way Member is added and editing so that import and Edition
could be best automatized
GetMember evolves and allow ppl to serach on a hash of data
Adding SQLHelper A new package to deal with INSERT UPDATE and SELECT
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
- added altcontactcountry and B_address2 to tables borrowers and deletedborrowers so that all addresses offer the same fields
- changed B_country and country to work with syspref BorrowerMandatoryField
- changed display of Alternate Address on borrower detail page, added labels, lines and edit button to match the other sections
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Implement the optional fields: CR CS CT CV CY and DA.
Also silenced some outstanding debugging print statements.
Consolidated similar accesseor subs in Patron.pm to use x_items.
Adjust SIP tests to specify correct AP (location). Add a 3rd item
to SIPtext.pm for later use.
Note CT (destination) is currently populated with destination branch code.
We can adjust that to be destination branch name, or some combination in
a subsequent patch if necessary.
This work was sponsored by the Northeast Kansas Library system.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
This includes some initial work for the 3M SIP2 extensions.
It also better populates the Patron object with methods for
a fuller Patron Information Reponse. This is positively affect
EnvisionWare software, as used by NEKLS.
This work was sponsored by the Northeast Kansas Library System.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
GetPendingIssues did several bad things:
~ select * on a 4 table join,
~ including multiple namespace collisions,
~ including large fields marc and marcxml from biblioitems,
~ return ($count, \@array_being_counted).
Not everything is fixed here (see FIXMEs), but the situation is
improved considerably, with bug 2900 resolved. The "timestamp"
namespace collision in query should be resolved by separate patch.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
This affects transactions on items that may be covered by
a title or item-level hold, but have not yet been retrieved
from the stacks (i.e. "confirmed") by the librarian. This does
not affect waiting holds (found="W"), so they will still block
transaction unless they belong to the operating patron.
Also I cleanup any hold the patron has on a biblio/item when
they are allowed to checkout the item.
Here we are filling the hold because the checkout is allowed, regardless
of of the queue position. This is different from AddIssue's CancelReserve, that
only fills the hold if it is next in line, but in the future AddIssue should
adopt a similar logic.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
Allow valid comparison of hold_queue to current user barcode and
permit checkout if the current user is at the front of the queue.
Effectively, this allows a user to checkout a book he has held.
Here are the example checkout (11) and checkout response (12)
statements in a SIP telnet session, showing failure (120) previously
and success (121) after patch application.
Before:
11YN20060329 203000 AOCPL|AA1|AB502326000820|ACterm1
120NUN20081009 140222AOCPL|AA1|AB502326000820|AJKidnapped :|AH|AF2008-10-09 : Koha Admin (1)|BLY|
After:
11YN20060329 203000 AOCPL|AA1|AB502326000820|ACterm1
121NNY20081009 150204AOCPL|AA1|AB502326000820|AJKidnapped :|AH2008-10-10|AFItem was reserved for you.|
This patch also resolves security/privacy issues related to the display
of "needsconfirmation" values that identify, for example, the user
currently issued an item, or with a hold on the item. These messages
should not be passed to an end-user interface.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
SIP actually relied on the AddIssue return that was not reliable.
AddRenew also updated to return C4::Dates object for datedue.
Please note, any running SIPServer will have to be restarted
*immediately* after applying this patch, because although Koha
C4 behaves as normal, the SIP server runs as a Net::Server with
components cached. Changes will not be applied until SIPServer
restarts, and so checkout actions may fail until then.
Signed-off-by: Galen Charlton <galen.charlton@liblime.com>
ILS::Patron is where most of the intelligence for SIP's representation
is lodged. Currently there is difficulty with C4::Members functions.
GetMemberDetails is required for the needed flags, but it returns
empty structure on bad barcodes, where it should be undef.
Signed-off-by: Joshua Ferraro <jmf@liblime.com>