Commit graph

439 commits

Author SHA1 Message Date
5c581ccdd0 Bug 14034: Fix logout on refresh for shibboleth
This is similar to bug 12877

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

While this is missing a detailed test plan, what I did to test was

1/ Login to koha .. it works
2/ Apply patch
3/ Login to koha .. it still works, no regressions. I can't test the
shibboleth part but it doesnt break anything else so I'm happy to sign
off

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

We had to implement this fix for one of our customers using Shibboleth.
Can verify that it fixes the issue (which, incidentally, breaks
stage-marc-import since that depends on a constant sessionID).

Passing QA (verified with QA tools). Thanks, Martin!

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
2015-12-31 20:42:11 +00:00
ac541e0fa1 Bug 15344: Remove unucessary call to GetMemberDetails
This subroutine does a lot a processing and should only be called when
necessary.
In the get_template_and_user subroutine (so called from any pages of
Koha), it is call to pass the branchcode, title, firstname, surname and
borrowernumber values for the logged in user.
This subroutine calls GetMemberAccountRecords which retrieve the items
infos for all accountlines entries of the logged in user.
On members/members.pl, let's say you have 74 entries in the accountlines
tables, the page will execute 115 SELECT instead of 35 if you don't have any
accountlines entries.
With this patch, the number of SELECT is always 31.

To test this patch you should have technical skills to know what to do.

Note that USER_INFO was an array of... 1 element. Now it's a hashref.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-12-30 11:53:18 +00:00
Bernardo Gonzalez Kriegel
11e4c42e05 Bug 11038: Enable use of IntranetUserCSS on staff client login page
This patch enable use of IntranetUserCss on staff client
login page.

To test:
1) Add something to IntranetUserCSS to modify login page,
for example

 #login h1 a {
   height:30px;
 }

2) Logout from staff client, no changes on login page.
3) Apply the patch
4) Reload, now logo is cut in half :)
Bonus) Login again an try changing image, add

 #login h1 {
  background: url(http://example.com/img/other-logo.png) no-repeat top center;
 }

and fix height. Logout and check

This also affects 3.20 and perhaps earlier versions.
Re-upload to fix examples

Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-12-11 15:42:49 +00:00
6b62fb3970 Bug 14544: Get rid of GetSomeShelfNames
Signed-off-by: Alex Arnaud <alex.arnaud@biblibre.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-05 09:58:02 -03:00
02feeca14f Bug 10799: Limit the SCO user to the SCO module
The SCO user should only be allowed to access to the SCO module.

This patch make the session ends if the user tries to access another
page after the SCO module.

Test plan:
0/ Configure the SCO module correctly
1/ Go on the sco main page (sco/sco-main.pl)
2/ Try to go somewhere else: you should not be logged in

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-11-02 11:32:24 -03:00
Jesse Weaver
ed0ff59152 Bug 11559: Supporting changes for Rancor
* Extends login screen to pass along #hash
  * Adds JSONP support to C4::Service
  * Extends humanmsg to allow per-message classes
  * Adds proper charset to results of svc/bib

Test plan:

  1. C4/Auth.pm and .../intranet/.../auth.tt: verify that login/usage
     works as expected, despite the change to pass on the fragment (...#blah)
     from the URL.
  2. C4/Service.pm and humanmsg.js: verify that editing system
     preferences (the main user of these modules) works correctly despite
     updates.
  3. svc/bib: verify that records can be correctly downloaded with the
     change of character set. This can be done in a Firebug/Chrome Devtools
     console by running `$.get('/cgi-bin/koha/svc/bib/1')` and inspecting the
     results (possibly replacing 1 with a different valid biblionumber).

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-10-27 12:16:05 -03:00
a3b4b33e46 Bug 13632: Do not use userflags.flagdesc and permissions.description
These 2 fields are not used anymore, but we want to keep them anyway.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-10-19 09:38:04 -03:00
912f238c5e Bug 15005: Replace CGI->url with the corresponding url
CGI->url does not return the correct url on install using packages.

Test plan:
1/ Try to reproduce the bug from the description of bug 15005.
You should be able to login to the intranet and the OPAC
2/ Send a basket and a list from the intranet and the OPAC.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-10-19 09:36:43 -03:00
Jonathan Druart
f8abcf3e8e Bug 12137: Use Koha.Preference to access pref value
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
2015-07-20 10:44:06 -03:00
Mark Tompsett
db5fe99b33 Bug 12137: Extend CalendarFirstDayOfWeek to be any day
Mubassir Ahsan asked on the Koha mailing list:
Is there any option to set Saturday as the first day of
the week? Please help me.

CalendarFirstDayOfWeek is currently either Sunday|Monday.

By converting it to 0|1|2|3|4|5|6
(Sunday, Monday, ..., Saturday), we can allow any day of the
week to be the first day of the week in the date picker.

TEST PLAN
---------
1) Backup DB
2) In mysql:
   > DELETE FROM systempreferences;
   > SOURCE .../installer/data/mysql/sysprefs.sql
   > SELECT variable,value FROM systempreferences;
   -- It should say 'CalendarFirstDayOfWeek' and '0'
      May say '1' if you are using Norwegian.
3) Restore your DB
4) .../installer/data/mysql/updatedatabase.pl
   -- If your previous value for 'CalendarFirstDayOfWeek' was
      'Sunday', it should be '0'. For 'Monday', it should be '1'.
5) Test an installation with 'de-DE' as the language.
   -- The default value should be '1'.
6) Test an installation with 'nb-NO' as the language.
   -- The default value should be '1'.
7) In the staff client, confirm that any day of the week is
   available in the I18N/L10N system preferences for the
   CalendarFirstDayOfWeek dropdown.
   -- I'm aware they aren't in order, but I'm after
      functionality, not finesse.
8) In another tab, go to a staff place that has a datepicker.
   For example, Home -> Tools -> Inventory/stocktaking
9) For each possible value in the CalendarFirstDayOfWeek,
   go to the other tab, refresh the page after updating the
   system preference, and click the datepicker icon.
   -- The date picker should then start on the selected
      day of the week.
10) Log into OPAC
    -- This may require setting: opacuserlogin to 'Allow'.
11) Click the personal details tab on the left.
12) There is a date picker for the date of birth.
    -- The date picker should then start on the selected
       day of the week.
13) Run koha QA test tools.

NOTE: not an atomic update, since this is an old patch.

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-20 10:43:35 -03:00
cb44a8de3a Bug 14439: Typo in Bug 14408 regexp
In Bug 14408 first patch, the regexp used needs an escape on dot and does not need an ending "?"

Test plan :
  - prove t/db_dependent/Auth.t

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-24 10:53:25 -03:00
Jonathan Druart
64e47c63dc Bug 14408: Allow integers in template paths
Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-22 17:44:58 -03:00
5a7f459290 Bug 14408: Path Traversal error
Counter counter patch
Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt
and not allowing ../etc

Note the previous patch tries to protect against /etc/passwd
but //etc/passwd is now vulnerable.  I do think a whitelist is safer than trying to do a blacklist

/cgi-bin/koha/svc/virtualshelves/search
/cgi-bin/koha/svc/members/search

Are vulnerable

To test:
1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt
  Notice you get a valid JSON response
2/ Hit
/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  (You may have add more ..%2f or remove them to get the correct path)
  Notice you can see the contents of the /etc/passwd file
3/ Hit
/cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
4/ Apply patch
5/ Hit the first url again, notice it still works
6/ Hit the second url notice it now errors with a file not found
7/ Hit the third url notice it now errors with a file not found

Repeat for the other script also

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-22 17:44:47 -03:00
Stefan Weil
64925f7522 Bug 14383: C4: Fix some typos (mostly in comments and documentation)
Most of them were found and fixed using codespell.
Fix also some related grammar issues.

In C4/Serials.pm a variable was renamed to make future codespelling
checks easier.

Signed-off-by: Stefan Weil <sw@weilnetz.de>

http://bugs.koha-community.org/show_bug.cgi?id=14383
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2015-06-22 17:34:45 -03:00
Jonathan Druart
be35039b55 Bug 4137: Fix the OPACViewOthersSuggestions behavior
This pref does not work at all, the interface let the user choose to
list all suggestions, but whatever he chooses the suggestion list is the
same.

This patch cleans a bit the suggestedby management.

There are a lot of cases to test, because linked to 2 prefs:
 AnonSuggestions and OPACViewOthersSuggestions.
1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0
  - A non logged in user is not able to make a suggestion.
  - A logged in user is not able to see suggestions made by someone else.
2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1
  - A non logged in user is not able to make a suggestion.
  - A logged in user is able to see suggestions made by someone else.
3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0
  - A non logged in user is able to make a suggestion.
  The suggestedby field will be filled with the AnonymousPatron pref value.
  He is not able to see suggestions, even the ones made by AnonymousPatron.
  - A logged in user is not able to see suggestions made by someone else.
4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1
  - A non logged in user is able to make a suggestion.
  He is able to see all suggestions.
  - A logged in user is able to see suggestions made by someone else.

In all cases a logged in user should be able to search for suggestions
(except if he is not able to see them).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
All use cases tested, work as expected
No errors

Only comment is perhaps (in the future) a gracefull failure
when AnonymousPatron is not set, or has '0' value

Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ...

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-19 11:34:27 -03:00
Jonathan Druart
baea0a79d5 Bug 7976: Remove the borrow permission
The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).

Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.

Concretely it is quite difficult to test this patch, you should have a
look at the code.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 13:43:34 -03:00
Marc Véron
22c5c4b468 Bug 14313: OPAC - Adding a comment makes result browser disappear
To reproduce:

- Allow commenting in OPAC (Syspref reviewson)
- Log in to OPAC
- Do a search with many results
- Click on a biblio in result list
- Verify that you can browse the results in detail view ("Browse results")
- Repeat teh search above
- Click on the same biblio as above
- Add a comment (Tab "Comments")
- Close commenting window
- Click on "Next" in result browser

Result: The next biblio is displayed, but result browser has disappeared.

To test:

- Apply patch
- Try to reproduce issue above, verify that result browser does no longer disappear

AMended to remove whitespace chars. / MV

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Bug & solution checked, works well. No koha-qa errors

Signed-off-by: Jonathan Druart <jonathan.druart@koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:41:45 -03:00
Mark Tompsett
1651cf70d1 Bug 5010: Fix OPACBaseURL to include protocol
First, it is strongly recommended to set the OPACBaseURL. But
this patch allows the inclusion of the protocol and not just
a site.

Next, C4/Auth now puts OPACBaseURL into the template parameters
regardless of OPAC or Staff clients.  t/db_dependent/Auth.t was
tweaked to add a check for confirming that get_template_and_user
adds OPACBaseURL to both OPAC and Staff templates.

In the staff client, once the OPACBaseURL is set, you get a nice
OPAC View link when viewing a biblio's detail. It should reflect
the protocol used now.

Hard coded 'http://' strings were removed from the
sample_notices.sql files. This is what required also updating
the letters table in the updatedatabase.pl script.

The explanation text in the sysprefs.sql needed updating too to
reflect the inclusion of the protocol. And this was the other
update done in the updatedatabase.pl script. The opac.pref file
was similarly changed as well.

catalogue/detail.pl had no need to pass a custom OpacUrl value,
since C4/Auth passes the required OPACBaseURL, so it and the
corresponding template were modified.

Both the MARC21 and NORMARC intranet details files had 'http://'
hard coded in them. This was removed.

Both the bootstrap and prog theme opac-detail template had a
protocol parameter that was used. The logic for the parameter
was not removed, because it is used extensively in one template.
Perhaps it should be used to simplify the other. However, the
calculated current_url parameter had references to the protocol
removed, because of the changes to OPACBaseURL.

opac/opac-shareshelf.pl had a hard coded 'http://' which was
removed.

t/db_dependent/Auth_with_cas.t had 'http://' added to the value
set for OPACBaseURL.

In virtualshelves/sendshelf.pl explicit code which sent the
OPACBaseURL preference was removed, since C4/Auth sends it all
the time now.

C4::Context::set_preference was tweaked to ensure that
OPACBaseURL would always start with http.
t/db_dependent/Context.t was tweaked to specifically test this.

The Shibboleth authentication needs OPACBaseURL set, and that
it be https protocol. The _get_uri routine was tweaked to always
pass back https:// as the protocol on the OPACBaseURL.
t/Auth_with_shibboleth.t was tweaked to specifically test the
changes.

TEST PLAN
---------
This is not an easy patch to test. Difficulties include:
- configuring Koha to run under https
    (tweaking apache2 isn't so hard, just tricky)
- configuring Koha to run OPAC and Staff with Plak
    (since code with comments about plak were sliced out)
- configuring Koha to use CAS
    (may be requires for the CAS test)

 1) Apply patch
 2) Make sure OPACBaseURL is set without the protocol included.

UPDATEDATABASE
 3) back up your DB
 4) ./installer/data/mysql/updatedatabase.pl
    -- It should run without errors.
 5) Look up the OPACBaseURL system preference in the staff
    client
    -- It should have http:// prepended.
 6) Run the mysqlclient from your koha git directory
      USE koha_library;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- There should be no prepended http:// on the
       <<OPACBaseURL>>.
 7) restore your DB
 8) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

AUTH
 9) Call up staff client.
10) Call up OPAC.
    -- C4/Auth.pm doesn't barf.
11) Call up Plack staff client
12) Call up Plack OPAC.
    -- C4/Auth.pm doesn't barf.
13) prove -v t/db_dependent/Auth.t

CONTEXT
14) Home -> Koha administration -> Global System Preferences
         -> OPAC
15) Modify and save OPACBaseURL to not have http:// or https://
    on it.
    -- It should be modified to include http://
16) Modify and save another system preference.
    -- It should save normally
17) prove -v t/db_dependent/Context.t

CATALOGUE/DETAIL (tt & pl)
18) Confirm the OPACBaseURL is set
19) Navigate to any biblio details in the staff client
    -- There should be a "OPAC view" link which has the
       correct http:// or https:// in it.

SQL (sample notices and sysprefs)
20) Run the mysqlclient from your koha git directory
      USE koha_library;
      DELETE FROM letter;
      source installer/data/mysql/de-DE/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/en/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/es-ES/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/it-IT/necessari/notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/pl-PL/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/ru-RU/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
      DELETE FROM letter;
      source installer/data/mysql/uk-UA/mandatory/sample_notices.sql;
      SELECT content FROM letter WHERE content LIKE "%<<OPACBaseURL>>%";
    -- Each of the selects should should lines that have
       <<OPACBaseURL>> starting them, but no hard-coded http://
      DELETE FROM systempreferences;
      source installer/data/mysql/sysprefs.sql;
      SELECT * FROM systempreferences WHERE variable='OPACBaseURL';
    -- The explanation should reflect the new explanation.
      QUIT
21) restore your DB
22) Make sure OPACBaseURL is set with the protocol included,
    preferably https.
    -- Using https requires a bunch of apache2 tweaks.

SLIM2INTRANETDETAIL
23) Set 'XSLTDetailsDisplay' system preference to default.
24) Set 'marcflavour' system preference to MARC21.
25) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://
26) Set 'marcflavour' system preference to NORMARC.
27) View any biblio's details.
    -- the URL beside 'OPAC View' should have the appropriate
       http:// or https://

OPAC-DETAIL
28) Set 'opacthemes' to bootstrap.
29) Set 'SocialNetworks' to enabled.
30) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.
31) Set 'opacthemes' to prog.
32) In OPAC, view any biblio's details.
    -- the Share links should have the appropriate protocol on
       the OPACBaseURL.

AUTH_WITH_CAS
33) prove -v t/db_dependent/Auth_with_cas.t

OPAC-SHARESHELF
34) Set 'OpacAllowSharingPrivateLists' to allow.
35) In OPAC, 'Save to Lists' a search result.
36) Save it to a new private list.
37) Click the Lists button, and select the new list.
38) Click the Share button.

AUTH_WITH_SHIBBOLETH
39) prove -v t/Auth_with_shibboleth.t
    -- needs to be tests on Debian, because I can't get
       the Test::DBIx::Class installed in Ubuntu. :(

Rebased again on kohadevbox...

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-04 10:00:04 -03:00
Mark Tompsett
4b9f4e1749 Bug 14120: Fixing t/db_dependent/Auth.t noise
TEST PLAN
---------
1) $ prove t/db_dependent/Auth.t
   -- warnings
2) Apply this patch
3) $ prove t/db_dependent/Auth.t
   -- only one specific type of warning
4) Apply bug 5010 patch
5) $ prove t/db_dependent/Auth.t
   -- noisy is eliminated
6) koha qa test tools.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
With patch only one warn
With 5010 no more warns
No errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-01 14:09:22 -03:00
Jonathan Druart
7b0792584e Bug 12160: Rename opacuserjs with OPACUserJS
Test plan:
Same as previous patch for opacuserjs

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

NOTE: Worked before and after updatedatabase.pl, though after
      is less confusing to the programmer unaware of case-insensitivity.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:07 -03:00
Jonathan Druart
767edc6bb9 Bug 12160: Rename intranetuserjs with IntranetUserJS
To match IntranetUserCSS, intranetuserjs should be renamed
IntranetUserJS.

Test plan:
1/ Be sure there is no occurrence of intranetuserjs
2/ Confirm the pref still works as before

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

NOTE: Worked before and after updatedatabase.pl, though after
      is less confusing to the person unaware of case insensitivity.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-26 10:42:07 -03:00
Chris Nighswonger
ac93659265 Bug 14152: Re-check required dependencies during upgrade process
This code causes the installer to re-check dependencies during the
upgrade process.

Test Plan
---------
1) Log in to staff client
2) Koha Administration -> Global system preferences -> Local
3) Change Version to previous version -- DO NOT HIT SAVE YET!
4) In command line: sudo apt-get purge libpdf-fromhtml-perl
   NOTE: This could be ANY required library. I chose
         PDF::FromHTML, because it has been a thorn in my side.
5) NOW! Hit the 'Save' button.
6) Log in, etc. etc...
   -- Blows up on redirect to log in.
7) In command line, add it back (I had to compile my own so,
   I used sudo dpkg -i /path/to/libpdf-fromhtml-perl...)
8) Apply patch
9) Edit the C4/Installer/PerlDependencies.pm to make
   PDF::FromHTML required. See also bug 14103.
10) Log in to staff client
11) Koha Administration -> Global system preferences -> Local
12) Change Version to previous version -- DO NOT HIT SAVE YET!
13) In command line: sudo apt-get purge libpdf-fromhtml-perl
14) NOW! Hit the 'Save' button.
15) Log in, etc. etc...
16) Once warned you are missing it, add it back at the command line.
17) Click 'Recheck'
    -- Proceeds as expected now.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-05-18 12:12:33 -03:00
Jonathan Druart
11049f9d02 Bug 13758: Move the Koha version from kohaversion.pl
It will permit not to run another perl interpreter.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-05-07 11:39:04 -03:00
Yohann Dufour
45975f4087 Bug 8007: Discharge - Glue
This patch adds:
- links to the new pages.
- syspref description
- links on the main page (intranet)
- the DISCHARGE type for debarment

Signed-off-by: Lucie <lucie.rousseaux@dracenie.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-30 12:33:53 -03:00
88eb0323d7 Bug 13419: (QA followup) remove useless warnings
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-22 14:59:12 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Matthias Meusburger
bb63ef6a2e Bug 13507: Add intranet support for CAS authentication
This patch allows to use CAS authentication for intranet login.

 It works exactly the same as the OPAC login, except that the
 staffClientBaseURL syspref must be set for intranet login
 (like OPACBaseURL must be set for OPAC login).

Signed-off-by: Koha Team AMU <koha.aixmarseille@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-08 12:04:26 -03:00
f149636059 Bug 13852 - Manage C4::VirtualShelves in C4::Auth for performance
In C4::Auth there is a use C4::VirtualShelves.
Virtualshelves are displayed in all OPAC pages, but not in intranet.
For performance, we should move this into a require only for opac pages.

This patch adds a condition to fetch virtualshelves only if opac and moves the dependancy on C4::VirtualShelves into require calls.

On my desktop, I have those compilation times for C4/Auth.pm :
- Without patch : 0,41 seconds
- With patch : 0,22 seconds

This performance improvement is very usefull for pages that only use a few as dependancy, like errors/404.pl

Test plan :
- Be sure there are some public lists
- Apply patch
- Go to opac (not logged-in)
- Click on "Lists"
- Check you see the public lists
- Login with a user
- Be sure this user has some private lists
- Click on "Lists"
- Check you see the public and private lists
- Logout
- Go to /cgi-bin/koha/opac-reserve.pl
- You see the loggin page
- Click on "Lists"
- Check you see the public lists
- Go to intranet
- Check you can loggin

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 14:16:03 -03:00
Jonathan Druart
2bf394e6d2 Bug 10328 - Rename opaccolorstylesheet to OpacAdditionalStylesheet
Test plan (from comment #1)
1) Apply this patch
2) Run updatedatabase.pl
3) Verify the system pref OpacColorStyleSheet still works
   i.e. no change should be noted

Additionally, I changed the path to an other stylesheet and verified that it worked.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described and no more occurences of opaccolorstylesheet were found.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-31 11:30:54 -03:00
Matthias Meusburger
0c6ba2d0c4 Bug 12887: User logged out on refresh after CAS authentication
If the user is already logged-in, do not trigger CAS authentication
even if there is a ticket in the parameters.

1) Authenticate to the OPAC through CAS.
2) Once redirected to your account, hit F5 or the refresh button of your browser.
3) You're logged out.

Signed-off-by: Koha Team Lyon 3 <koha@univ-lyon3.fr>
Signed-off-by: Luce Barbey <luce.barbey@cirad.fr>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Added sign of lines according to bug.
Works as described, small change.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-30 13:35:50 -03:00
Srdjan
1802aa9153 Bug 5786 - Move AllowOnShelfHolds and OPACItemHolds system prefs to the Circulation Matrix
C4::Reserves:
* Added OnShelfHoldsAllowed() to check issuingrules
* Added OPACItemHoldsAllowed() to check issuingrules
* IsAvailableForItemLevelRequest() changed interface, now takes
  $item_record,$borrower_record; calls OnShelfHoldsAllowed()

opac/opac-reserve.pl and opac/opac-search.pl:
* rewrote hold allowed rule to use OPACItemHoldsAllowed()
* also use OnShelfHoldsAllowed() through
* IsAvailableForItemLevelRequest()

templates:
* Removed AllowOnShelfHolds and OPACItemHolds global flags, they now
  only have meaning per item type

Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>

I have tested this patch left, right and upside down for the last
several months. All tests have passed.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-03-25 10:33:14 -03:00
Mark Tompsett
78d6d794fe Bug 10900 - Incorrect calling conventions accessing C4::Context
There were multiple calling conventions for C4::Context's
set_userenv routine. So the following commands were used to
find discrepancies:
    grep "::set_userenv" `find .`
    grep "\->set_userenv" `find .`

The first grep demonstrated that the smaller change is from
:: to -> as only C4/Auth.pm, installer/InstallAuth.pm, and
t/db_dependent/Circulation.t would need to be modified. This
patch corrects C4::Context's set_userenv routine to be object
call based (use ->) by using a shift to ignore the first
parameter, and modify the three files found with :: calls.

As the result of trying to roll a distribution,
t/Circulation_barcodedecode.t was discovered to be faulty. The
cause being incorrect parameters! This was hidden when there
was no shift in the set_userenv routine. However, with its
correction, the test broke.

This led me to read the POD documentation for the function
set_userenv in C4::Context and realize it was outdated as
well. It has been revised to match the current version of
the function.

Then intentionally bad parameters passed to the set_userenv
routine in C4::Context were hunted down. The biggest problems
were missing surnames or branch names.

Rebase required because of shibboleth change in C4/Context.pm

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-09 17:00:13 -03:00
d556f6a9f2 Bug - 5511 [Followup]: Missed Instance
There was an instance of the pragma missed which meant the the original
patch set didn't actually solve the problem in a large number of cases

This patch adds in the relevant statement.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-09 17:00:07 -03:00
Amit Gupta
e3bb139080 Bug - 5511: Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
To Test:
1) Enable the system preference SessionRestrictionByIP
2) Change your system IP. It will not checkout your system IP or signout.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-02-09 17:00:01 -03:00
229a3b329c Bug 12954: Failed login should retain anonymous session
A failed login should not leave the user in a half logged authenticated
state, but rather return them to an anonymouse session as per the
pre-login attempt state.

To replicate error:
1. Try to log in with some nonexisting user id or wrong password in the
   OPAC
2. Go directly to /opac-user.pl (e.g., enter it in the browser address
   bar, or just click on the "Log in" link)
3. Observe a DBI error displayed on the screen
4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to
   display the login screen, no matter how many times you try to reload
   it); to break the deadloop, one needs to:
   - remove session cookie from the browser (or cause the session to
     expire in some other way - closing browser window would be probably
     enough for that)
   - remove offending session on the server (from mysql sessions table,
    ..)
   - log in with proper credentials using some other page (like
     opac/opac-main.pl right-side panel), which does not involve
     opac/opac-user.pl being called without "userid" CGI parameter.

To test:
1. Test as above, the DBI error should no longer be present
2. Check that search history works across failed and sucessful login
   attempts

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:37:03 -03:00
f73dc51a88 Bug 13521: Add missing semicolon
Add a missing semicolon to the end of a template variable assignment
line. This patch should not affect operation.

Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:36:16 -03:00
a36c7435f2 Bug 13521: Removed superflous semicolon
Removed an uneeded semicolon from the end of an 'if' block. This should
not affect operation of the script.

Note: With Bug 13499 we did a non-destructive perltidy, as such we only
affected indenting and whitespace to maintain blame history. However, a
number of minor code issues were also highlighted, in this series of
patches I hope to correct other minor style issues.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:36:05 -03:00
1926bf9d01 Bug 13499: Tidy of Auth.pm
This tidy should only change whitespace and not line breaks, thus
retaining history.

There are no code changes, and thus there should be no regressions to
test for koha wise.

To test the non-destrcutive nature of the patch, run a 'git blame -w' on
the file before and after the patch. The resulting blame should include
a comparabile history of the file, with only some additional blank
lines being attributed to this commit.

A 'git blame -wM' may also be useful for comparison purposes.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-22 18:35:10 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Jonathan Druart
fe1e6d86ca Bug 11944: Authentication
The password should be encoded before hashing.

Test plan:
- Before applying the patch, create a user with utf-8 in password
- apply patches
- try to log in
- change the password
- log out
- try to log in

Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:14 -03:00
Marc Véron
c0aa0f5529 Bug 13176 - Add links "My account" and "My checkouts" for logged in user to drop down in staff client header
This patch adds links to "My account" and "My checkouts" to drop down in staff client header.

To test:
Apply patch
Got to drop down of logged in user (top right)
See new links to "My account" and "My checkout" (above "Log out")
Test the links.

Signed-off-by: Magnus Enger <digitalutvikling@gmail.com>
Works as advertised. The options are not displayed when you are logged
in as the db/admin user.

Added classes "toplinks-myaccount" and "toplink-mycheckouts" to li tags to make it possible to hide them (per Kyle M $
Switching back to "Signd-off" (Hope this is OK becuause it is a tiny string addition)

Marc

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-11 09:48:06 -03:00
Mark Tompsett
ba3c3df6f9 Bug 13200 - Followup of Bug 12246 - noisy C4/Auth.pm
While testing a bug, warnings in the opac error log were
building up due to a particular line in C4::Auth. After
reviewing the code, it was discovered that removal of the
OpacMainUserBlockMobile system preference created this.

Since the system preference no longer exists, and is not
used, the line was deleted from C4/Auth.pm to prevent this
warning from occuring.

TEST PLAN
----------
1) Go to any OPAC page.
2) Check your opac error log.
   -- there should be something about uninitialized values
      used in C4/Auth.pm around line 443.
3) Apply the patch
4) Refresh the page.
   -- that same error should not be triggered.
5) prove -v t/db_dependent/Auth.t
   -- this runs the get_template_and_user function
      which had the parameter removed.
6) run the koha qa test tools

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-07 15:06:47 -03:00
075e9a64f9 Bug 12245 - PROG/CCSR deprecation: Remove OPACMobileUserCSS system preference
With CCSR now deprecated there is no longer a need for the
OPACMobileUserCSS system preference. This patch removes it.

To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2014-10-30 09:35:12 +13:00
236e815b6c Bug 12513 - PROG/CCSR deprecation: Remove OpacShowLibrariesPulldownMobile system preference
With CCSR having been deprecated there is no longer a use for the
OpacShowLibrariesPulldownMobile system preference. This patch removes
it.

To test, apply the patch and run updatedatabase. Check that the
preference can no longer be found in system preferences.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Preference removed, no koha-qa errors.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
2014-10-30 09:35:12 +13:00
5dfc026fad Bug 13114: Prevent Shibboleth Patches from spamming logs
- The shibboleth patch introduced an undefined message into the error
  logs, when shiboleth is disabled.

Testplan

1. Ensure shibboleth is disabled.
2. Refresh any opac page
3. See 'Use of uninitialized value $ENV{"REMOTE_USER"} in string ne at
/home/koha/kohaclone/C4/Auth.pm line 711.' popup in the opac-error.log
4. Apply patch
5. Refresh opac page
6. Error should no longer appear

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as described.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-21 21:10:48 -03:00
fb90f71f71 BUG8446, QA Followup: Use DBIx::Class
- Convert Auth_with_shibboleth to use dbic stanzas.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:28:01 -03:00
31878e1973 BUG8446, QA Followup: Minor Code Tidies
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:59 -03:00
89ee1aeab7 BUG8446, QA Followup: Cleanup tabs and license
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:57 -03:00
ca86375872 BUG8446, Follow up: Refactor to clean up bad practice
- A number of issues were highlighted whilst writing sensible unit tests
  for this module.
  - Removed unnessesary call to context->new();
  - Global variables are BAD!
  - Croaking is a wimps way out, we should handle errors early and
    properly.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:53 -03:00
3c9004357d BUG8446, Follow up: Improve local login fallback
- Local fallback was not very well implemented, this patch adds
  better handling for such cases allowing clearer failure messages
- This patch also adds the ability to use single sign on via the
  top bar menu in the bootstrap theme.

BUG8446, Follow up: Adds perldoc documentation

- Add some documentation to the Auth_with_Shibboleth module
  including some guidance as to configuration.

BUG8446, Follow up: Correct filenames to match guidlines

- Moved Auth_with_Shibboleth.pm to Auth_with_shibboleth.pm to match
  other files present on the system.

BUG8446, Follow up: Correct paths after file rename

BUG8446, Follow up: Implemented single sign out

- This follow up rebases the code against 3.16+ which managed to break
  some of the original logic.
- As a side effect of the rebasing, we've also implemented the single
  sign out element. Upon logout, koha will request that the shibboleth
  session is destroyed, and then clear the local koha session upon
  return to koha.  Due to the nature of shibboleth however, you will
  only truly be signed out of the IdP if they properly support Single
  Sign Out (which many do not). As a consequence, although you may
  appear to be logged out in koha, you might find that upon clicking
  'login' the IdP does NOT request your login details again, but instead
  logs you silently back into your koha session. This is NOT a koha bug,
  but a shibboleth implementation issue that is well known.

BUG8446, Follow up: Fixed bootstrap login via modal

- The bootstrap theme enable login from any opac page via modal. To
  enable this with shibboleth we had to make some template parameters
  globally accessible when shibboleth is enabled.

BUG8446, Follow up: Add template rules for Shibboleth and CAS

- Add template rules so that CAS and Shibboleth can coexist.

BUG8446, Follow up: Added default config to config file

BUG8446, Follow up: Embellished perldoc documentation

- Updated perldoc to correct detail about configuring shibboleth
  authentication.
- Updated perldoc to include subroutines and their respective functions.

BUG8446, Follow up: Enable configuration of match field

- Added clearer, more flexible, configuration of shibboleth attribute to
  koha borrower field matching for authentication
- Correcting of documentation to make it more clear to the current
  implementation
- Minor refactoring of code to reduce some code duplication

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-10-16 12:27:51 -03:00