If the cookie contain an expired sessionID we need to create another
one to correctly generate the CSRF token.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Hum this didn't make sense. We are not checking credentials after
checkauth.
This patch is suggesting to rename "userid" and "password" parameters
from login forms to "login_userid" and "login_password" to not interfere
with other parameters with the same name.
This looks quite correct, however I am seeing
"The form submission failed (Wrong CSRF token)."
in the log after a successful login. Which feels wrong, what's
happening?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Something very weird is happening here.
There is a FIXME already, but the trick does not seem to work anymore
(?)
This patch contains some debug statements and take some screenshots.
We are reaching the cud-selectframeworks step then we are expecting the
form to submit the form with op=cud-addframeworks
BUT it seems that "op" is empty, and there is an unexpected warning from
Starman:
==> /var/log/koha/kohadev/plack-error.log <==
""
Use of uninitialized value in string ne at /usr/share/perl5/Starman/Server.pm line 304.
==> /var/log/koha/kohadev/plack-intranet-error.log <==
[2024/02/15 13:09:34] [WARN] Warning: something's wrong at /kohadevbox/koha/installer/install.pl line 89.
What's going on here??
UPDATE: This is fixed by "Bug 34478: Manual fix - Make Koha::Token use
session id not userenv id"
Bug 36102: [TO SQUASH] Fix 01-installation.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This improves display. This only comes up when you try to reset your
password after you did already.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
multi_renew now has a validation step
This patch also removes 2 variables that were not used ($mode and $done)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This should be on its own bug. Feel free to do it if you have the
energy, I do not.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
We can certainly do better here (too many duplicated code in on click
functions), but it's good enouh for now...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nothing to POST, we could move to GET, but we do not have parameters. A
link is good here.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the serials toolbar and related JS so that delete,
close, and reopen are all POST operations.
The patch also fixes an incorrect op check in the subscription search
popup.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The 'delete_confirm' op leads to a confirmation page, so it's GET.
The patch also consolidates JS for handling deletions, using the same
class for both the delete button in the toolbar and in the table of
lists.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The template uses checks on the op value to show messages, so those
checks have to be updated with the new values.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts several delete links to POSTed forms and corrects
the op variable names in the script. The patch also simplifies the
deletion click handlers.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
- Get the CSRF token from the pop-up instead of from the parent window,
since that seems to work
- Remove some click handlers which were made obsolete
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes a number of changes to finish incomplete work in
668cd06e1960a3878ec1c976ce7f2e1f93688468
Initial submissions to batch biblio operations have to accommodate
POSTed file data, so this patch makes changes to instances where we were
submitting biblionumbers in a URL.
We could also choose to make a change in tools/batch_delete_records.pl
and tools/batch_record_modification.pl to handle different "list"
operations differently based on the method of submission. This patch
presents only the client-side option.
The cart presented a unique problem in that it requires that data be
passed from the pop-up window to the parent window, something which
can't as easily be done with a form as with a URL. The workaround I came
up with is to dynamically generate the form in the parent page and
trigger the submission from there.
Also changed:
- More updated CSS to handle buttons inside dropdowns inside toolbars.
- Correct op names for the "list" operation in batch modify and delete
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Looks like create-csv never made it.
Some op's look like GET to me. Creating a pdf is just downloading.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
