This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress
If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.
The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.
This is an example of what might go in the Apache configuration for the
virtual host:
#SSLVerifyClient require # only allow PKI authentication
SSLVerifyClient optional
SSLVerifyDepth 2
SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
SSLOptions +StdEnvVars
The last line ensures that the required details are
passed to Koha.
To test the PKI authentication, use the following curl command:
curl -k --cert client.crt --key client.key https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)
To create the certificates needed for the above command, the following series
of commands will work:
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# This is the ca.crt file that the Apache config needs to know about,
# so put the file at /etc/apache2/ssl/test/ca.crt
# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
# We're self signing our own server cert here. This is a no-no in
# production.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
-set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert. Unlike signing our own
# server cert, this is what we want to do.
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
-set_serial 02 -out client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
# In theory we can install this client.p12 file in Firefox or Chrome, but
# the exact steps for doing so are unclear, and outside the scope of this
# patch
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
to export a file containing a list of checkin barcode for the current day.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
- Fix sql syntax error
- Fix Encoding
- SendAlerts must return an error if no email is defined
- Get error if no email in memberentry
http://bugs.koha-community.org/show_bug.cgi?id=7001
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Branches can have their own version of notices - added branchcode to
letter table.
Support html notices - added is_html to letter table.
Support for borrower attributes in templates.
GetPreparedletter() is the interface for compiling letters (notices).
Sysprefs for notice and slips stylesheets
Added TRANSFERSLIP to the letters
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This commit adds a new pulldown field to the patron quick search.
This pulldown "Search Fields" can have any number of field combinations
to search on. The combinations added in this commit are:
Standard: Default, searches on original fields
Email: Searches on email, emailpro, and B_email
Borrower Number: Searches on borrowernumber
Phone Number: Searches on phone, phonepro, B_phone, altcontactphone, and mobile
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Tested by running searches on all the new fields, and the old fields
with limits on branch and category. The seach on phone number could be
a bit more inclusive, but it works with and without symbols so I
give my sign off on this patch.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Documentation should note that phone numbers should be searched only on the
numbers of a phone number, and separate the area code and exchange with spaces,
regardless of how the number is entered in the database.
So no dashes or parentheses in the phone search, and the last 7 search works with spaces, i.e. xxx xxxx.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Tested per test plan.
Passes prove xt t t/db_dependent
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch changes the password field to a password type input on
member-password.pl and adds a confirmation field to both member-password.pl
and memberentry.pl requiring that the password be re-entered to
confirm.
Client-side and server-side validation for the two password fields has been added
to both pages. Multiple error messages can now be displayed together on
member-password.pl.
If the user wishes for Koha to suggest a random password on member-password.pl
they can click a link which will remove the password-type input fields, replace
them with text-type fields, and automatically fill them with the random
password suggestion.
Follow-up fix lets the members.js correctly handling errors when there are
no mandatory fields
LR followup: fixing slight error that corrects previously reported template error.
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Tested password setting/changing utilities - all work as expected and described.
Passes prove t xt t/db_dependent tests congruent with current master failures (adds no new fails).
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The 'Add Child' button is not shown if 'borrowerRelationship' is empty.
System preference description changed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Tested with example from bug and by deleting parts of it:
cardnumber|surname|firstname|title|othernames|initials|streetnumber|streettype|address|address2|city|state|zipcode|country|email|phone|mobile|fax|emailpro|phonepro|B_streetnumber|B_streettype|B_address|B_address2|B_city|B_state|B_zipcode|B_country|B_email|B_phone|dateofbirth|branchcode|categorycode|dateenrolled|dateexpiry|gonenoaddress|lost|debarred|contactname|contactfirstname|contacttitle|borrowernotes|relationship|sex|password|userid|opacnote|contactnote|sort1|sort2|altcontactfirstname|altcontactsurname|altcontactaddress1|altcontactaddress2|altcontactaddress3|altcontactstate|altcontactzipcode|altcontactcountry|altcontactphone
Note: This only affects the edit screen, not the patron detail tab.
A nice enhancement would be to make this page follow the system preference too.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
QA comments on Bugzilla. Passing QA.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
* DBrev defined
* small improvement suggested by Marcel added = there is now a link to the schema page on the systempreference
* correctly indenting with tab the debarrcomment field
* setdebar.pl is called without status parameter, thus it is not working anymore. It's fixed & some dead code has been removed. To test : debar someone, then go to patron detail page and click "lift debarment"
* the test function had not been updated. The fix define a debarment date of 2099-12-31 (no limit)
Some code coming from BibLibre has been lost in the process of inclusion in
3.4. The result is that fine in days does not work at all (you can setup rules,
but it does nothing)
Step to reproduce:
- Koha > Admin > circ rules > set 1 day fine every day of overdue for default
rule
- Issue a book return date last week
- check-in the book => no debarment is set
The following patch will fix all of those problems by :
* updating borrowers.debarred to a date field (instead of tinyint). It contains
the limit of the debarment
* changing API of DebarMember and UpdateBorrowerDebarred to pass a date
* display debarrdate where applicable. Note that a debarrdate of 31/12/9999 is
considered as unlimited and not displayed
* added a debarrcomment, usefull to explain why a patron is debarred (this is
independant from debarrdate changes and can be used when placing an unlimited
debarment too)
[2011-05-12] F. Demians. It works as described. And I can confirm this
functionality is impatiently awaited by French libraries since one year. Thanks
BibLibre for the good work and for contributing this code.
Bug 6328 Followup--update DB structure
Thanks Katrin.
Bug 6328: make comment a textbox / fix debar by notice trigger
Debarring by notice triggers was broken, because the new function
expects a date as second parameter.
The comment field in patron account details was a very long text field.
Patch changes it to be a textbox instead.
Bug 6328: Lift debarment leaves patron account
'Lift debarment' redirects to an empty circulation page.
BZ6328 follow-up 3
Fixes comment 23 from Fernando L. Canizo : when the patron was debarred and debar removed
he still could not check-out.
The changes in the IsMemberBlocked (that were on biblibre/master) were lost somewhere
The sub was still checking for old_issues instead of calling CheckBorrowerDebarred
to get a debardate if applicable
Note : this bug was appearing only is you had issuing rules defined for itemtype/categorycode/branch.
Seemed to work if you had only default rules. That's probably why it hadn't been spotted before
BZ6328 follow-up 4
Comments fron Zeno Tajoli: The patch is OK and I sign-off it. Two little changes done on
installer/data/mysql/kohastructure.sql and installer/data/mysql/updatedatabase.pl
Signed-off-by: koha <koha@kohabase.localdomain>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Works as advertised, doesn't affect display for non-organisational patrons.
Note: Display change in OPAC only affects the summary tab.
It would be a little bit more consistent to make the name show the
same on all tabs in OPAC patron account.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
I repeated Katrin's signoff here (with permission). The patch only changed for some minor rebasing and cosmetic QA requests. Passed QA now.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Adds 'email' to valid search parameters in members/member.pl
To test:
1. give a patron a unique email address in your test database
2. search on the full email; should work
3. search on the part of the email before the domain; should work
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
This patch adds a check for the value of the ExtendedPatronAttributes
preference to the scripts and corresponding logic to the templates
controlling the sidebar menu.
The patch also corrects a duplication of attributes code in moremember.pl
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
1) Added extended patron attributes in configuration, turned ExtendedPatronAttributes on
2) Altered patron details, added values for patron attributes
> Verified patron attributes show show correctly
3) Turned off ExtendedPatronAttributes
> Verified patron attributes were hidden everywhere
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Removed SearchMembers() and replaced with more generic Search()
Amended Search() to try cardnumber first
Replaced SearchMembers() calls with Search()
Replaced SELECT with Search() where appropriate
C4::SQLHelper:
- added support for '' key for search filter.
- when passing an array to filter, join with OR (rather than AND)
- added support for key => [val1, val2] in filter
- did not document - there was no input documentation to start with,
and SQLHelper should be replaced with something better anyway
Signed-off-by: Liz Rea <lrea@nekls.org>
(again - testing merge issue)
The functionality of the patch seems to be maintained with Biblibre's changes.
I tested the following:
Extended attribute searching: works
3 part name searching: works
2 part name searching: works
1 part name searching: works
From:
mainpage.pl
members-home.pl
Patron search limited by branch: Works
Patron search limited by patron category: works
Ordering by cardnumber instead of surname: works
The "Check Out" field in the masthead.
Circ Autocomplete is not reliably functional at this time, but the problem appears to predate this patch.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Explicitly specifies which fields to return in C4::Overdues::checkoverdues
SQL: all of biblio, items, and issues, and everything in biblioitems
EXCEPT marc, marcxml and timestamp.
Bug 6801: member details page taking long time to load when many checkouts present
This patch removes the call to GetMemberDetails in build_issue_data; this heavy-weight
subroutine was being run for every single item a patron (or their relatives) have checked out.
Instead, the borrowers first name, surname and cardnumber are added to the GetPendingIssues query.
I believe this is reasonable since GetPendingIssues can now return issues for multiple borrowers.
Also corrects the $borrowernumber used for GetIssuesCharges and CanItemBeRenewed; was using the borrower whose
page we were on, NOT the borrower of that specific item (which would be different in the Relatives Checkouts tab).
Template calls to [% scope.borrowername %] are now broken up into [% scope.firstname %] [% scope.surname %].
Signed-off-by: Liz Rea <lrea@nekls.org>
On my test data, a patron with 180 checkouts (without this patch) would take more than a minute to bring back the circulation.pl and moremember.pl pages.
With this patch, the time is reduced to 5 or so seconds.
Big ups to Ian for tenaciously hunting this one down.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Show patron attributes in the sidebar on circ and patron pages
[Edit from Owen Leonard: This patch takes changes originally in
Bug 5436 and isolates just the parts relating to display of
patron attributes. Because function for pulling patron attributes
was merged with the function for displaying address information
in SetMemberInfosInTemplate() (also found in Bug 5749), I moved
the call to GetBorrowerAttributes into the individual scripts.
That keeps the functionality relating specifically to patron
attributes separate from the proposed changes to displaying
addresses.
Because I think it's important to keep the display consistent,
I added display of patron attributes to all pages which include
the patron information sidebar.]
Rebased for compatability with bug 3489 and database documentation by
Ian Walls, 9-21-11
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Changes to notices tab to make it a full replacement for messages tab.
Removes messages tab from patron account.
- repairs view of patron address in left column (category description, branch)
- shows some explanation, when there are no messages for a borrower
- makes the notice an expandable field, a click on the subject will
expand the field to show the message content
- makes message status and message transport type translatable,
by moving the possible values into the template
- removes the messaging tab from various menus
- removes the files that were associated with the messaging tab
- preserves the line breaks in message content to improve readability
Also fixes Bug 6593 - Some information missing from the "Notices" tab.
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Adds "checked out from" column to the right of "checked out on" on both
circ/circulation.pl and members/moremembers.pl. Columns are sortable with tablesort
(though only on circ/circulation.pl if syspref enabled).
The branch name is sourced from issues.branchcode.
EDIT BY Owen Leonard: Adjusting table columns which are sorted by default
to accommodate the new column.
Things look good! Thanks!
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Liz Rea <lrea@nekls.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Allow partial payment of outstanding fines
against either individual fine entries or as a lump payment
Sponsered by East Brunswick Public Library, East Brunswick, NJ, USA
NB: Adds a version of the include circ-menu.inc as circ-menu.tt
this has the same functionality as the old include but does not
require all the borrowers attributes to be passed as global
scoped variables
Signed-off-by: Liz Rea <lrea@nekls.org>
Bug 3498 - Documentation update to explain what every button does.
Help file updated to the following:
Pay and Writeoff Fines
Each line item can be paid in full, partially paid, or written off.
Pay a fine in full
Click "Pay" next to the fine you want to pay in full
The full amount of the fine will be populated for you in the "Collect From Patron" box
Click "Confirm"
The fine will be removed from outstanding fines, and displayed as fully paid.
Pay a partial fine
Click "Pay" next to the fine you want to partially pay
Enter the amount you are collecting from the patron in the "Collect From Patron" box
Click "Confirm"
The fine will be updated to show the original Amount, and the current Amount Outstanding
Writeoff a single fine
Click "Writeoff" next to the fine you wish to writeoff.
The fine will be removed from outstanding fines, and displayed as fully paid.
Pay an amount towards all fines
Click the "Pay Amount" button
Enter the amount you are collecting from the patron in "Collect from Patron." The sum of all fines is shown in "Total Amount Outstanding"
Click "Confirm"
The fine totals will be updated with the payment applied to oldest fines first.
Writeoff All fines
Click the "Writeoff All" button
All fines will be removed from outstanding fines, and displayed as written off.
Pay Selected fines
Check the selection boxes next to the fines you wish to pay, click "Pay Selected"
Enter an amount to pay towards the fines.
Click "Confirm"
The fine totals will be updated with the payment applied to the oldest selected fines first.
Bug 3498 - adding parens to TT IF Statements for style
pay.tt
Bug 3498 - Add parens to TT IF statements for style
paycollect.tt
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
When adding a patron who is a child, the default library is not set when defining a guarantor, this patch corrects the problem.
More, for children with no guarantors, the default branch is the editing branch.
BibLibre MT5795
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Change to parameter list in GetPendingIssues made it
callable by an empty list resulting in invalid sql being
sent to server. As this was occuring on most issues error log
was filling up. Put safeguard in the routine
Also don't bother calling when you have no need
Some of the processing was needlessly obscure
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Now a blank cardnumber will get stored as a null in the database, which
is a value that allows duplicates. As such, if cardnumbers aren't
mandatory, then you can actually save a user with it being blank.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
If a guarantor search is not being performed, the creation of any Child category_type patron will
not default to the currently logged in branch, but rather the first branch alphabetically.
Adding a test for the existence of any guarantor branch data before assigning it clears up this problem
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- Moving columns around to match display of patron's own checkouts
- Correcting terminology (issues, borrowers)
- Hiding columns added in previous patch which do not display in
the standard checkout list: materials, stock number, collection.
If these are to be added they should be added to all displays.
[edit] Adding display of relative's cardnumber alongside their name
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
messaging and notices patron tabs were not passing borrower
info in a manner consistent with other tabs
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Adding state variable to various circ and member pages so that
sidebar display of patron details includes state.
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Duplicate of '[PATCH] MT3747: Shows member relatives in issueslists' : Subject was wrong
MT3747, Follow-up: Adds siblings issues
MT3747, Follow-up: Shows member relatives in issues lists
- Now displays patron's and relatives' issues apart
MT3747, Follow-up: Shows member relatives in issues lists
- Removes renewal in circulation.pl
- Adds links to moremember.pl
MT3747, Follow-up: Shows member relatives in issues lists
- Remove unuseful warn
MT3747, Follow-up: Shows member relatives in issues lists
- Removes renewal in moremember.pl
MT3747, Follow-up: Shows member relatives in issues lists
- Adds sorting for circulation.pl
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Previously GetAllIssues was called before authenticating. Given how expensive
GetAllIssues is, this is problematic and could be used for used for DOSing the
server. There should be no functional change from this patch.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>