Commit graph

1199 commits

Author SHA1 Message Date
e49e7d483a
Bug 32119: (bug 31422 follow-up) Fix add guarantee
To test:
1 - go to a patron detail view, click "add guarantee"
2 - Confirm form loads
3 - Confirm categories lsited are eligible to have a guarantor
4 - Fill out required fields and confirm patron saved correctly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-11-07 11:09:56 -03:00
3a9d38b3a5
Bug 31422: Add patron's current category to dropdown while editing
Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-11-03 09:45:25 -03:00
Björn Nylén
043017af13
Bug 31739: Password recovery from staff fails if previous expired reset-entry exists.
SendPasswordRecoveryEmail relies on the calling script to tell if there is an
existing valid recovery already. If there's an expired recovery-entry the
members/notices.pl script will try to create a new entry resulting in a duplicate
key error.

This patch fixes the bug by removing the need for the calling script to do the check as
since SendPasswordRecoveryEmail does the same thing anyway.
SendPasswordRecoveryEmail will now use DBIx ->update_or_create instead of looking at
the $update param to determine if it should update an existing entry or create a new.

The update param is removed from all calling scripts and test are updated.

To test:
1. Generate a password recovery mail for a patron
2. Let it expire.
3. Generate a new password recovery from staff to the same patron - Fail!
4: Apply patch
5. Generate a new password recovery from staff to the same patron - Success!
6. Opac password recovery flow should also work.
7. Tests pass.

Sponsored-by: Lund University Library

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-24 14:12:16 -03:00
d92b2b4c67
Bug 30588: (QA follow-up) Adjust flags for two_factor_auth.pl
Anyone with staff access (catalogue) should be able to go
to account and enable 2FA.

Test plan:
Have a staff user with minimum staff permission.
Access account, manage 2FA.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:37:01 -03:00
b93e15c235
Bug 30588: Add the option to require 2FA setup on first staff login
Bug 28786 added the ability to turn on a two-factor authentication,
using a One Time Password (OTP).
Once enabled on the system, librarian had the choice to enable or
disable it for themselves.
For security reason an administrator could decide to force the
librarians to use this second authentication step.

This patch adds a third option to the existing syspref, 'Enforced', for
that purpose.

QA notes: the code we had in the members/two_factor_auth.pl controller
has been moved to REST API controller methods (with their tests and
swagger specs), for reusability reason. Code from template has been
moved to an include file for the same reason.

Test plan:
A. Regression tests
As we modified the code we need first to confirm the existing features
are still working as expected.
1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to
enable and access the second authentication step
2. Turn it on (enabled) and confirm that you are able to enable it in your account
3. Logout and confirm then that you are able to login into Koha

B. The new option
1. Set the pref to "enforced"
2. You are not logged out, logged in users stay logged in
3. Pick a user that does not have 2FA setup, login
4. Notice the new screen (UI is a bit ugly, suggestions welcomed)
5. Try to access Koha without enabling 2FA, you shouldn't be able to
access any pages
6. Setup 2FA and confirm that you are redirected to the login screen
7. Login, send the correct pin code
=> You are fully logged in!

Note that at 6 we could redirect to the mainpage, without the need to
login again, but I think it's preferable to reduce the change to
C4::Auth. If it's considered mandatory by QA I could have a look on
another bug report.

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:36:57 -03:00
8511750de9
Bug 30588: Adjust existing occurrences of TwoFactorAuthentication
We need to replace 0 with 'disabled', and 1 with 'enabled'

Sponsored-by: Rijksmuseum, Netherlands

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 11:36:56 -03:00
a059392490
Bug 29987: (follow-up) Fix missing payment type
The payment type include has changed since the patch was first written,
we now require a 'type' is passed to properly set the field name.

This should fix the 'bankable' issue raised.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 10:18:53 -03:00
529341c78b
Bug 29987: Add register support to manual credits
This patch adds the register and transaction type selection options to
the manual credit page.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 10:18:53 -03:00
dc86053bd8
Bug 31714: Add Generic way to print patron slips
This patch adds a very simple controller and template to allow patron
slip printing without all the boilerplate.

See bug 31713 for an example use.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-21 10:09:03 -03:00
fde33d7a4c
Bug 31562: Treat flags as other borrower fields
Rather than generate a custom hash for these fields, we should treat them as other borrower data fields

To test:
 1 - Edit a patron, note the 'Lost card' and 'Gone no address' fields
 2 - Edit syspref BorrowerunwantedField
 3 - Set gonenoaddress and lost as unwanted
 4 - Edit patron, the fields remain
 5 - Apply patch
 6 - Edit a patron, fields are hidden
 7 - Unhide one of the fields
 8 - Edit a patron and confirm it shows and saves correctly
 9 - Unhide the other field
10 - Confirm it can be edited and saved

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-22 09:24:41 -03:00
Julian Maurice
63f88a5742
Bug 31254: Add additional fields for accountlines
Test plan:
1. Go to Admin » Additional fields
   There are two new categories: "Account lines (credit)" and
   "Account lines (debit)"
2. Create fields for both categories, with and without an authorized
   value category
3. Go to a user's accounting page
4. Create a manual invoice. Verify that all "debit" fields are there,
   put a value in them and save
5. Create a manual credit. Verify that all "credit" fields are there,
   put a value in them and save
6. Make a payment. Verify that all "credit" fields are there, put a
   value in them and save
7. Go to the transactions tab, click on the "Details" button for the
   lines you just created and verify that the additional fields are
   there

Signed-off-by: Emmanuel Bétemps <e.betemps@gmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-21 18:58:28 -03:00
2954fbc9cc
Bug 30335: (follow-up) Bind new permissions to pages and tabs
This patch binds the new permissions added in the previous patch to the
tab display on the borrower account page.

Test plan
1) Apply the previous patch and run the database update
2) Configure a user without the new permissions
3) Confirm the 'Create manual invoice' and 'Create manual credit' tabs
   no longer appear under the 'Accounting' area when logged in as the
   above user.
4) Confirm that you cannot manually navigate to /members/mancredit.pl or
   /members/maninvoice.pl when logged in as the above user.
5) Confirm that users with the above permissions are still able to see
   the tabs and take actions on them.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-31 08:41:01 -03:00
6ce4d25bd3
Bug 23681: Move to ::Patron::Restriction::Type(s)
This patch moves the new classes under ::Patron::Restriction:: and
enhances the Unit tests for those classes.

NOTE: We should drop keyed_on_code as part of bug 31095
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-25 08:50:35 -03:00
Andrew Isherwood
a8448041ba
Bug 23681: Allow for selection of restriction type
This patch displays a restriction type select box (when appropriate)
when adding manual patron restrictions

Sponsored-by: Loughborough University
Signed-off-by: Benjamin Veasey <B.T.Veasey@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-25 08:41:01 -03:00
Andrew Isherwood
e0160b905b
Bug 23681: Allow for changes to debarments
The structure of debarments has changes slightly in that the displayed
text is now a product of a call to Koha::RestrictionTypes rather than
just the debarment's code. This patch allows for that

Sponsored-by: Loughborough University
Signed-off-by: Benjamin Veasey <B.T.Veasey@lboro.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-25 08:41:01 -03:00
48bf9b1d91
Bug 30718: Use flatpickr's altInput
The idea rely on the KohaDates TT plugin for the date formatting. We
should not have any output_pref calls in pl or pm (there are some
exceptions, for ILSDI for instance).

Also flatpickr will deal with the places where dates are inputed. We
will pass the raw SQL value (what we call 'iso' in Koha::DateUtils), and
the controller will receive the same value, no need to additional
conversion.
Note that DBIC has the capability to auto-deflate DateTime objects,
which makes things way easier. We can either pass the value we receive
from the controller, or pass a DT object to our methods.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-19 08:26:31 -03:00
bc0d561cf0
Bug 30874: Remove category_type
In which case do we pass category_type to this script? Am I missing
something?

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:36 -03:00
a2330a84e0
Bug 30874: Simplify categories loop construction
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:36 -03:00
71611bb146
Bug 30874: 2 more - need more investigation
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:35 -03:00
18d7c7fdf9
Bug 30874: Reduce number of category fetches
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:35 -03:00
36cb2bff47
Bug 30874: Replace categoryname
== Test plan ==
1. Apply all patches
2. Create a new patron in a given category
   => Form show the dropdown with the selected category
3. Edit again
   => Value is kept
4. Edit a category to give it specific values for: messaging prefs,
   password strength/length, can be guarantee
5. Edit the patron, change the category, and confirm that the different
   limitation are correctly applied.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-05 14:51:35 -03:00
87aa05f9de
Bug 26689: Prepend letter codes.
This patch prepends the credit_type_code and debit_type_code with
CREDIT_ and DEBIT_ respectively when doing a lookup on the notice letter
code.

Test plan
1) As previous patches, however instead of just naming your notice to
   match the credit_type_code or debit_type_code use
   CREDIT_credit_type_code and DEBIT_debit_type_code respectively.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:01:36 -03:00
8e46612d7c
Bug 26689: Check for specific template then fallback - printinvoice
This patch adds a check for a more specific ACCOUNT_DEBIT template
(named to match the debit_type_code of the credit line) prior to
falling back to the ACCOUNT_DEBIT template.

Test plan
1/ On a patrons account page use the print option on a series of debit
lines with differing credit types (Overdue, Payout)
2/ Note that the same template 'ACCOUNT_DEBIT' is used for all types
3/ Apply the patch
4/ Run step 1 again and note all still print using ACCOUNT_DEBIT
5/ Add a new notice template under the 'circulation' module with a code
that matches one of your account debit types (OVERDUE, PAYOUT)
6/ Run step 1 again and note that where you have added a specific notice
for that debit type it has been used.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:01:36 -03:00
422ab47283
Bug 26689: Check for specific template then fallback - printfeercpt
This patch adds a check for a more specific ACCOUNT_CREDIT template
(named to match the credit_type_code of the credit line) prior to
falling back to the ACCOUNT_CREDIT template.

Test plan
1/ On a patrons account page use the print option on a series of credit
lines with differing credit types (Payment, Lost Item Return, Writeoff)
2/ Note that the same template 'ACCOUNT_CREDIT' is used for all types
3/ Apply the patch
4/ Run step 1 again and note all still print using ACCOUNT_CREDIT
5/ Add a new notice template under the 'circulation' module with a code
that matches one of your account credit types (PAYMENT, WRITEOFF,
LOST_FOUND)
6/ Run step 1 again and note that where you have added a specific notice
for that credit type it has been used.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 15:01:36 -03:00
Andrew Isherwood
968c5865e7
Bug 23838: Add renewals modal
This patch adds the display of the renewals modal when appropriate. A
"View" link is displayed next to renewals count where appropriate.
Clicking the link opens the modal that displays the logged renewals.

Sponsored-by: Loughborough University
Signed-off-by: Myka Kennedy Stephens <mkstephens@lancasterseminary.edu>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Ben Veasey <B.T.Veasey@lboro.ac.uk>

Rescued-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

I rescued this patchset by squashing previous work and updating it to
utilise the new renewals API routes introduced in bug 30275.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-22 11:39:09 -03:00
146423f1bc
Bug 7660: Use first available categorycode when none passed in
The code that populates the patron messaging preferences on initial form load
expects to have a category selected. Currently we only have one if one was
passed to the form. When creating an account from a parent, we don't have a
category explicitly selected - so we can just select the first of the possible
categories

To test:
 1 - In KTD set 'Juvenile' category to have some messaging preferences
 2 - Find a patron, say Edna Acosta, and 'Add guarantee'
 3 - In new form preferences are blank, cancel
 4 - Apply patch, restart all
 5 - Go to Edna, click 'Add guarantee'
 6 - Preferences are populated!
 7 - Cancel
 8 - Go to 'Patrons' module
 9 - Click "+ New patron"
10 - Confirm messaging preferences load correctly when not adding child

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-20 10:07:08 -03:00
Aleisha Amohia
952f00f20b
Bug 30905: Show waiting recalls in patron account
This enhancement shows recalls ready for pick-up on the patron's account
so they can't be missed.

To test:
1) Enable the UseRecalls system preference and set up your
recalls-related circulation rules.
2) Check out an item to Patron B.
3) Log into the OPAC as Patron A and search for the item.
4) Place a recall on that item. Note the pickup library.
5) Go back to the staff client. At the top right of the page, confirm
your logged in library matches the recall pickup library. Set the
library to the recall pickup library if needed.
6) Check in the recalled item and confirm the recall as waiting for
Patron A.
7) Go to Patron A's account (members/moremember.pl). Confirm the recall
shows under 'Recalls waiting here' and all the information is correct.
8) Go to Patron A's checkouts (circ/circulation.pl). Confirm the recall
shows under 'Recalls waiting here' and all the information is correct.
9) Click on the menu at the top right of the page and choose 'Set
library'. Change the library to some other library.
10) Repeat steps 7 and 8, however this time the recall should show under
'Recalls waiting at other libraries'.

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-19 09:41:08 -03:00
fd49601079
Bug 20439: Sort SMS providers in alphabetical order by DB field
To test:
1/ Add 'Email' to the 'SMSSendDriver' system preference.
2/ Make sure 'EnhancedMessagingPreferencesOPAC' and 'EnhancedMessagingPreferences' are turned on.
3/ Add some SMS providers (/cgi-bin/koha/admin/sms_providers.pl) with different names.
4/ Notice on memberentry.pl and opac-messaging.pl the SMS providers sort by when they were added, not alphabetically.
5/ Apply patch and restart services.
6/ Look at memberentry.pl and opac-messaging.pl and notice that they SMS providers now sort alphabetically.

Signed-off-by: George Williams <george@nekls.org
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-07-18 14:51:57 -03:00
d533a92aa8
Bug 23991: Move SearchSuggestion to Koha::Suggestions
The C4::Suggestions::SearchSuggestion subroutine is badly written and
can be replaced by calls to Koha::Suggestions->search.
The hard part in this patch is suggestion.pl, the other occurrences have
been replaced easily.

Test plan:
The idea is to test the whole suggestion workflow.
1. Create a suggestion on OPAC
2. Create a suggestion on the staff interface
3. Edit suggestions
4. Filter suggestions (use the different filters and "organize by"
values)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Remove SearchSuggestion tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (QA follow-up) Save some DB queries

This patch makes the suggestion-related pages rely on array size instead
of querying the DB each time they need to. In the case of
suggestion/suggestion.pl it goes from 4 COUNT(*) to 1.

To test, with KTD:
1. Run on the host machine:
    $ docker exec -ti koha_db_1 bash
    $ mysql -ppassword
    > SET GLOBAL general_log_file='/var/log/mysql/mycustom.log';
    > SET GLOBAL log_output = 'FILE';
    > SET GLOBAL general_log = 'ON';
    > \q
    $ tail -f /var/log/mysql/mycustom.log | grep suggestions
2. Visit the different pages changed on this bug
=> SUCCESS: Some queries
3. Apply this patch
4. Repeat 2
=> SUCCESS: Less queries!
5. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix branchcode and budgetid filtering

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix conflict with bug 28941

Well, this patchset fixed the security bug...
Redoing on top of bug 28941

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (follow-up) Missing semicolon

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: Fix 'all' libraries

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Bug 23991: (follow-up) Add value to filter_archived

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-27 12:30:28 -03:00
251a3bb584 Bug 12446: (QA follow-up) Rename canbeguarantee => can_be_guarantee
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:34:05 -03:00
The Minh Luong
eae7eb4dc0
Bug 12446: Fix typos
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

JD Amended patch: squashed and edited commit message

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:33:20 -03:00
Maryse Simard
b69a7977d8
Bug 12446: Limit available categories when using "Add guarantee" button
Test plan:
1) Have some patron categories that can and cannot be guarantee
2) Visit a patron's account and click the "Add guarantee" button
3) In the "category" dropdown, note that all categories are available
4) Apply this patch
5) Repeat step 2 and 3; the dropdown now only contains the categories
for which "can be guarantee" is set to "Yes".

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:33:12 -03:00
Maryse Simard
b8f1b0e73d
Bug 12446: Ability to allow guarantor relationship for all patron category types
This adds a new field "Can be guarantee" to patron categories so it
becomes possible for any category type to have a guarantor.

To test:
1) Have a patron category of type 'Adult' and one of type 'Child'
2) Confirm, by searching for the "Patron guarantor" fieldset in the
edit/create form, that:
    => a patron of the first category can't have a guarantor
    => a patron from the second category can
3) Apply patch and run updatedatabase.pl
4) Edit the categories and note the new "Can be guarantee" field
5) It should have been set to "yes" for the "Child" and to "no" for
the "Adult"
5) Repeat step 2. It should behave in the same way.
6) Edit the "Can be guarantee" for any of the category and check
that the fieldset only appears when "Can be guarantee" is set to "yes"
7) prove t/db_dependent/Patrons.t
    => tests should still pass

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-23 13:33:01 -03:00
5e5b642067
Bug 30420: Rename Koha::Patron->get_overdues with ->overdues
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-14 08:46:05 -03:00
c3fd42b550
Bug 30807: Migrate to patron-title in pay and paycollect
This patch updates the member-flags template to use the patron-title.inc
include wherever patron names are referenced.

Test plan
1) Navigate to a patron and click through to their accounts tab
2) Note how the patron name displays in the title, breadcrumb and
   headings
3) Click through to make a payment
4) Note how the patron name displays in the title, breadcrumb and
   headings
5) Apply the patch and reload the page
6) Confirm the patron name still appears in each location and is
   consistently formatted and linked as you would expect

Note: This patch also removes a superflous hidden title form element
that was simply passed to and from the controller but not actually used
in any way.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-06-08 11:44:03 -03:00
b5a93edea5 Bug 30611: Add ability for staff to send password reset emails
This patch adds the ability for staff with the edit_borrowers permission
to send password reset emails to users.

The staff initiated password reset has it's own notice,
STAFF_PASSWORD_RESET, and the reset link produced has an extended
timeout of 5 days, as apposed to the usual 2 day limit.

Test plan
1) Apply patch and run the database update
2) Login to the staff client with a user who has the 'edit_borrowers'
   permission.
3) Note that a new, 'Send password reset' option appears under the
   'More' menu on the patron details page.
4) Clicking the button will queue the STAFF_PASSWORD_RESET notice and
   redirect the user to the Notices tab.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
6ae0b3c76c Bug 29926: Add ability for superlibrarian to view/edit password expiration
To  test:
 1 - Sign in as a superlibrarian
 2 - Find a patron account with no password expiration set
 3 - View member detials
 4 - note expiration says 'Never'
 5 - Edit patron
 6 - Set patron expiration
 7- Save
 8 - View details, confirm password expiration shows correctly
 9 - Sign in as non-superlibrarian
10 - Confirm you don't see expirationdate on details page
11 - Edit patron and confirm password expiration does not show
12 - Edit HTML and confirm you epxiration date not saved
     <input type="text" name="password_expiration_date" value="2052-05-02">

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
Aleisha Amohia
674e385bf1 Bug 30291: Changes to staff client files
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-05 11:17:36 -10:00
e225ee3b15 Bug 28998: (QA follow-up) Improve output on error
This patch updates the output_and_exit call to instead pass an error
parameter in the template and use it to display the warning instead of
the rest of the page content in the 'Manage two-factor authentication'
page.

This allows for translation and makes the page adhere to normal
practices.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 05:18:31 -10:00
f300a7d363 Bug 28998: (follow-up) Check missing encryption key in script and module
Script prints a warning.
Module raises an exception.
Unit test added.

Test plan:
Run t/db_dependent/Koha/Encryption.t
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t
Remove entry and check script.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 05:18:31 -10:00
b515208fa2 Bug 28998: (follow-up) Apply changes to TwoFactorAuth module and script
Test plan:
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t
Walk thru cycle register - logout/login - deregister - logout/login.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-04 05:18:31 -10:00
0988807436 Bug 29894: (QA follow-up) Get rid of send_confirm_notice
Chose here to fall back to $patron->queue_notice. Which is tested
already, so removing the additional test code.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
279d9d62a3 Bug 29894: Send a confirmation notice
When registering or deregistering, send a confirmation.

Test plan:
Register or deregister with patron having email address.
Verify that you got a confirmation mail.
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
2e4345cc77 Bug 29894: Clear secret when disabling 2FA
Test plan:
Deregister 2FA for patron.
Check if secret is empty in borrowers.secret.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
d42cd2b629 Bug 29894: Add some exceptions to TwoFactorAuth module
Test updated accordingly.
Adding utf8 flag to CGI in staff script.

Test plan:
Run t/db_dependent/Koha/Auth/TwoFactorAuth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
8bd314fe0b Bug 29873: Create QR code
Instead of using deprecated Google Charts API, and exposing our
secret in a GET parameter, we generate QR data ourselves.

Test plan:
[1] Enable two factor authentication in the prefs.
[2] Login in staff. Go to account. Select Manage 2FA.
[3] Verify that QR code is displayed.
[4] Register the QR in your authenticator app and test 2FA
    by logging in again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested with Google Authenticator and FreeOTP.

Bug 29873: (follow-up) Rename qr_dataurl

As requested by a QA team member.
We're moving to qr_code as method name. This is the same name as
the method in the underlying base class.
Apart from one sed statement, changing to self->SUPER on one line.

Test plan:
Can you still register, logout and login?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Bug 29873: (follow-up) Switch to GD

We do not need a new module, we could use GD instead.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-02 11:22:58 -10:00
75e11d85d0 Bug 28786: (QA follow-up) Check the returned CSRF token
We're doing this in the registering stage and at disabling.

Test plan:
Ënable two-factor auth but logout/login on another tab. You should
get the Wrong CSRF token when submitting.
Do similar thing while disabling.
Verify that you can register / disable when in the same session.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
9ea5a8268d Bug 28786: (QA follow-up) Do not call generate_secret32
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
a47833c24b Bug 28786: (QA follow-up) Fix qa warnings
FAIL   members/two_factor_auth.pl
   FAIL   file permissions
                File must have the exec flag
 FAIL   koha-tmpl/intranet-tmpl/prog/en/modules/members/two_factor_auth.tt
   FAIL   filters
                missing_filter at line 42 (                        <p>Account: [% issuer %]</p>)
                missing_filter at line 43 (                        <p>Key: [% key_id %]</p>)
                missing_filter at line 54 (                            <input type="hidden" name="secret32" value="[% secret32 %]" />)
                missing_filter at line 58 (                                    <img id="qr_code" src="[% qr_code_url %]" />)
 FAIL   Koha/Auth/TwoFactorAuth.pm
   FAIL   pod coverage
                POD is missing for 'new'

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00
d827ee310a Bug 28786: Correctly inherit from Auth::GoogleAuth
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 20:43:15 -10:00