Commit graph

67 commits

Author SHA1 Message Date
bfbbe52ff7 Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart
Resolve things like:
CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

The cache key in both script looks like:
    opac:report:id:602018
but should for consistency be:
    opac:report:id:60:2018
Note: The 2018 here is part of the sql_params and should not be
concatenated to the report id.

Test plan:
Do not yet apply this patch.
Make a report public, set cache to 300 secs.
Check its output with opac/svc/report.
Check for the warn in your log.
Apply the patch, restart Plack and flush cache.
Check opac/svc/report.
Modify your report; e.g. add a simple string to the SELECT.
Check opac/svc/report. You should still see cached output.
Flush the cache.
Check opac/svc/report. You should now see the added text.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested also by clearing individual keys with $cache->clear_from_cache.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-15 13:45:42 +00:00
d83d5ec5a4 Bug 21082: (RM follow-up) address QA issues
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:24 +00:00
e762bdb9b2 Bug 21082: Update OverDrive authentication method
Testing will require an OverDrive account, you should be able to obtain a
developer account here:
https://developer.overdrive.com/

You will need to register a SIP connection for patron authentication

To test authentication:
 1 - Set authname default in OD prefs
 2 - Sign in as a patron whose branch matches authname
 3 - Verify the patron can sign into OverDrive
 4 - Set the patrons branch authname to be incorrect
 5 - Verify branch specific authname is used and patron cannot sign in
 6 - Set the default authname to be incorrect and patron's branch
 authname to be correct
 7 - Verofy patron can sign in

To test circulation:
 1 - Fill out all OD prefs and enable circulation
 2 - Sign in to opac
 3 - Verify you have an OverDrive tab
 4 - Click 'Login to Overdrive'
 5 - If password required you shoudl be prompted, otherwise you should be
signed in and see account info
 6 - Test logging out and in
 7 - Log-in, perform a search on the opac - you should see hold/checkout
buttons
 8 - Test the buttons
 9 - After holding/checking out items, check your account page
10 - Verify info is correct
11 - Log out of overdrive
12 - Search catalog click overdrive results
13 - Test "Login to Overdrive" link on OD results
14 - Verify page is reloaded, buttons show and work

Signed-off-by: Sandy Allgood <sandy.allgood@citruslibraries.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-09 11:04:23 +00:00
Srdjan
eb4be268d8 Bug 17602: OPAC integration of RecordedBooks
Add RecordedBooks to the users page in the public interface

To Test:
1/ Apply all 3 patches
2/ Set the sysprefs to valid values (you will need a test account with RecordedBooks)
3/ Try a search
4/ Login to the OPAC, try to place a hold, or check an item out
5/ Check the opac-user page, see if your items are showing on the oneclickdigital tab

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-10-01 13:56:39 +00:00
Charlotte Cordwell
59d436ee60 Bug 19991: use Modern::Perl in OPAC perl scripts
Test Case:
Check the following files have been updated from
use strict;
use warnings;
to
use Modern::Perl;

errors/400.pl
errors/401.pl
errors/402.pl
errors/403.pl
errors/404.pl
errors/500.pl
opac-account-pay-paypal-return.pl
opac-alert-subscribe.pl
opac-authorities-home.pl
opac-authoritiesdetail.pl
opac-browser.pl
opac-ics.pl
opac-image.pl
opac-imageviewer.pl
opac-messaging.pl
opac-modrequest-suspend.pl
opac-modrequest.pl
opac-mymessages.pl
opac-overdrive-search.pl
opac-passwd.pl
opac-patron-image.pl
opac-privacy.pl
opac-ratings-ajax.pl
opac-ratings.pl
opac-readingrecord.pl
opac-renew.pl
opac-sendshelf.pl
opac-serial-issues.pl
opac-showreviews.pl
opac-suggestions.pl
opac-tags_subject.pl
opac-topissues.pl
opac-user.pl
sco/help.pl
sco/printslip.pl
sco/sco-patron-image.pl
svc/overdrive_proxy
svc/suggestion
unapi

Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-08-30 13:40:32 +00:00
Aleisha Amohia
4a3eaf02e2 Bug 17698: Make patron notes show up on staff dashboard
This patch adds a user permission for managing issue notes, and a 'noteseen'
column to the issues table.

To test:
1) Apply Bug 14224 first
2) Apply this patch, update database, rebuild schema.
3) Restart koha-common and memcached
4) Turn on AllowCheckoutNotes syspref if haven't already
5) Issue two items to two different users (one item each)
6) Log into the OPAC as one of the users and add an issue note to their
issue
7) Log out and log back into the OPAC as the other user
8) Disable Javascript
9) Refresh opac-user.pl
10) Leave a checkout note on their issue
11) Enable javascript and log into the Staff Client as a superlibrarian
user
12) Go to your user's account and edit their permissions to have
everything ticked EXCEPT circulate->manage checkout notes.
13) Go to main intranet page. There should be no message saying
'checkout notes pending'.
14) Go to circulation home page. There should be no link to Checkout notes.
15) Go back to user's permissions and tick circulate->manage checkout notes.
16) Go back to main intranet page. There should now be a message at the
bottom saying 'Checkout notes pending: 2'
17) Go to circulation home page. There should be a link to Checkout notes
with a 2 next to it. Click this link
18) Attempt to mark an checkout note as seen. This should update the status
of the checkout note to 'seen' and disable to 'mark as seen' button while
enabling the 'mark as not seen' button.
19) Test both buttons with both issues.
20) Test select all and clear all buttons
21) Confirm that buttons at the bottom are only enabled if a checkbox is
checked
22) Try selecting both issues and using the buttons at the bottom to
mark multiple issue notes at once.
23) Confirm the barcode link to the item works as expected.
24) Confirm the cardnumber link to the user works as expected.
25) Confirm all table details show correctly.

Sponsored-by: Catalyst IT

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Followed test plan, works as expected
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amended patch: Remove self-checkout permissions

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-23 15:23:40 +00:00
ef410fd62f Bug 20287: Replace occurrences of AddMember with Koha::Patron->new->store->borrowernumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:47 +00:00
1b13c453e2 Bug 20287: Move fixup_cardnumber
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-18 15:49:44 +00:00
cdb6b68488 Bug 20495: (follow-up) Correct search for report by name
Ultimately we should probably remove name access as it is not a unique
id, but this should preserve existing behaviour

To test:
Create a report
Use the service link to confirm the report runs
Replace id=# parameter with name=XXXXXX
Confirm URL works

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Note: We should not remove the param "name", it's a feature, see bug 8256.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 12:06:54 +00:00
4ec5a67c6f Bug 20495: Remove get_saved_report
To test:
1 - prove t/db_dependent/Reports/Guided.t
2 - grep "get_saved_report" - ensure there are no occurences of the
singular form
3 - create, save, edit, and convert a report
4 - access a public report and report json from opac and staff client
5 - Ensure all function as expected

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2018-07-02 12:06:54 +00:00
Aleisha Amohia
dd77236371 Bug 18915: Renaming svc/patron_notes to svc/checkout_notes
For consistency.

Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@collecto.ca>

https://bugs.koha-community.org/show_bug.cgi?id=19801

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
Aleisha Amohia
d8963726d0 Bug 18915: Giving CHECKOUT_NOTE access to issues table
This patch allows the notice to reference the issues table so that the
checkout note itself can be added to the note if wanted, such as in
Comment 9.

Sponsored-by: Catalyst IT

Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@collecto.ca>

https://bugs.koha-community.org/show_bug.cgi?id=19801

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
Aleisha Amohia
5239269216 Bug 18915: Fix checkout note email message
This patch replaces the <<biblio.item>> in the email with
<<biblio.title>> and uses CHECKOUT_NOTE instead of PATRON_NOTE.
This patch also adds the notice to
installer/data/mysql/en/mandatory/sample_notices.sql, and updates the
PATRON_NOTE entry in installer/data/mysql/updatedatabase.pl

To test:
1) Apply patch and update database
2) View the message_queue table in mysql
3) Check out an item if haven't already
4) Go to OPAC and set a checkout note for an item
5) View message_queue table and confirm it the title is included in the
email and all instances of 'patron note' have been replaced with
'checkout note'
6) Disable javascript in browser
7) repeat steps 4 and 5 and confirm all works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Marjorie Vila <marjorie.barry-vila@collecto.ca>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-01-15 12:14:00 -03:00
2d10327e98 Bug 19496: ReplytoDefault is a pref, not a C4::Context method
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:52:28 -03:00
Aleisha Amohia
d5292616ac Bug 19496: Fixing to_address for patron notes
This patch ensures the patron note to_address is the branch email or the
Koha Admin email, and the from_address is the patron's email.

To test:
1) Ensure syspref 'allowcheckoutnotes' is turned on
2) Go to OPAC, leave a note on a checkout
3) Confirm that the note is received (in mysql message_queue) but the
to_address is the patron's email - this is wrong
4) Apply patch and refresh OPAC
5) Leave a note on a checkout
6) Confirm that the note is received in message queue
7) Confirm that the to_address is one of:
- branch email
- branch reply to
- syspref ReplytoDefault
- syspref KohaAdminEmailAddress
8) Confirm that the from_address is one of:
- patron email
- patron emailpro
- patron B_email

Sponsored-by: Catalyst IT

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-12-07 10:26:53 -03:00
27b99bb80b Bug 18118: Unexpected behaviour with 'GoogleOpenIDConnect' and 'OpacPublic' syspref combination.
TEST PLAN
----------
1/ configure a working 'GoogleOpenIDConnect' account

See comment #5 which also links back to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16892#c3

2/ set 'OpacPublic' (under OPAC) to 'Disabled' and
   'GoogleOpenIDConnect' (under Administration) to 'Yes'.

3/ log in user successfully via google-auth, observe redirect to
   opac-user.pl (bad)

4/ apply patch
   -- on kohadevbox remember to restart all! Plack is unforgiving. :)

5/ log in user successfully via google-auth, observe expected
   redirect to opac-main.pl (good)

While I would normally suggest running koha qa test tools, because
this file doesn't end in .pl, it doesn't get picked up by them.

6/ perlcritic -4 opac/svc/auth/googleopenidconnect
   -- notice this is a level better than required. :)

This also eyeballs easily well.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-10-27 14:09:02 -03:00
Mark Tompsett
8ed19fedca Bug 16892: Address error checking in comment #47
Tweaked logic to include error check for category
and branch being valid. If not, the user is told
about a configuration error to share with the
library. Otherwise, it should proceed as normal.

TEST PLAN is comment #35 still.
Though include a run with an invalid category
and/or branch code in the two system preferences:
GoogleOpenIDConnectDefaultBranch and/or
GoogleOpenIDConnectDefaultCategory

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
88f616277a Bug 16892: Follow up use AddMember as per QA comment
Same Test plan as before.

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
Mark Tompsett
ae45243fae Bug 16892: Add automatic patron registration via OAuth2 login
10988 added the ability to log into the OPAC authenticating with
Google Open ID Connect. This extends it, by allowing an
unregistered patron to have an account automatically created
with default category code and branch.

This is accomplished by adding 3 system preferences.
- GoogleOpenIDConnectAutoRegister
      whether it will attempt to auto-register the patron.
- GoogleOpenIDConnectDefaultCategory
      This category code will be used to create Google OpenID Connect patrons.
- GoogleOpenIDConnectDefaultBranch'
      This branch code will be used to create Google OpenID Connect patrons.

Sponsored-by: Tulong Aklatan

Signed-off-by: Eugene Jose Espinoza <eugenegf@yahoo.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-08-25 10:51:25 -03:00
2f1a1fc4b9 Bug 18938: (bug 17829 follow-up) Replace 2 occurrences of GetMember left behind
Between patch submission and push, 2 new occurrences appeared in the
codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-14 12:19:13 -03:00
f4ded893c5 Bug 18276: [QA Follow-up] Fix two new calls
Found two calls in opac-issue-note.pl and svc/patron_notes.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2017-07-10 13:02:54 -03:00
f5b1154e70 Bug 14224: Use encode_json instead of to_json
To handle unicode characters properly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
e54152a90b Bug 14224: Improve escaped characters
To recreate the problem, submit a note like
  doh"doh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
ba658d5919 Bug 14224: Update Copyright
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:23 -04:00
c4dd097d20 Bug 14224: Replace AllowIssueNotes with AllowCheckoutNotes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
88852ffbb0 Bug 14224: Make strings translatable
The strings should be translatable.
This patch also removes the error as it appears that we only have 1
error.
To improve we could surround the store with an eval.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 09:03:22 -04:00
0159908ca1 Bug 14224: Allow patron notes about item shown at check in
This patch adds a "Note" input field to checked out items in the "your summary"
section. The field allows patrons to write notes about the item checked out,
such as "this DVD is scratched", "the binding was torn", etc. The note will be
emailed to the library and displayed on item check in.

Patch adds two fields to the "issues" table - "note" and "notedate".
Patch adds syspref "AllowIssueNotes" - default off.

Test Plan:
1) Apply this patch
2) Update database
3) Rebuild schema
4) Turn on 'AllowIssueNote' syspref
5) Check out three different items to a borrower (may be easiest to check
    out to yourself)
6) Log in as that borrower (or yourself) on the OPAC side and go to your
summary
7) Confirm text field shows under Note column for all checkouts. Set a
note for each issue, confirm all save.
8) Check the message_queue in mysql for the entries for ALL THREE issue
notes.
9) Disable javascript in your browser
10) Refresh your summary page. Confirm that you can no longer edit the
notes in the text field. Click the 'Create/edit note' button and confirm
you are redirected to a new page.
11) Confirm that the correct title and author show for the note button
you clicked.
12) Set the note and click Submit -> confirm you are redirected
back to summary page and note is saved
13) Confirm there is a new entry in message_queue
14) Enable javascript and go back to the your checkouts page in the
staff client for the borrower you issued the items to
15) Check in TWO items
16) Confirm that the issue notes show under the "Date due" column for
the two items you checked in, and are accurate to the item (i.e. the
right issue note under the right item)
17) Go to circ/returns.pl and check in the final item using the barcode.
Confirm the issue note shows and the date is formatted correctly.

Sponsored-by: Region Halland

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marc Véron <veron@veron.ch>
2017-04-28 09:03:22 -04:00
95429af685 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-04-28 08:37:44 -04:00
c2c3c11005 Bug 14365 - Populate never used saved_sql column last_run when execute_query is called
Signed-off-by: Cab Vinton <director@plaistowlibrary.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-03-31 13:54:22 +00:00
Kyle M Hall
8255344215 Revert "Bug 12461 - Add patron clubs feature"
This reverts commit 4f1eefdbb8.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-26 20:41:27 -05:00
4f1eefdbb8 Bug 12461 - Add patron clubs feature
This features would add the ability to create clubs which patrons may be
enrolled in. It would be particularly useful for tracking summer reading
programs, book clubs and other such clubs.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Ensure your staff user has the new 'Patron clubs' permissions
4) Under the tools menu, click the "Patron clubs" link
5) Create a new club template
   * Here you can add fields that can be filled out at the time
     a new club is created based on the template, or a new enrollment
     is created for a given club based on the template.
6) Create a new club based on that template
7) Attempt to enroll a patron in that club
8) Create a club with email required set
9) Attempt to enroll a patron without an email address in that club
10) Create a club that is enrollable from the OPAC
11) Attempt to enroll a patron in that club
12) Attempt to cancel a club enrollment from the OPAC
13) Attempt to cancel a club enrollment from the staff interface

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
2017-02-23 19:42:36 +00:00
Srdjan
c7a2ef261e bug_16034 Add overdrive info to the users page in the public interface
Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-02-21 19:58:21 +00:00
e55b38928a Bug 17486: Remove Mozilla Persona
Persona never really took off, and although many browsers currently
support it, very few services actually implement it.

This has lead to it's founders, Mozilla, to end the project. In their
own words:

=============================================================================
Persona is no longer actively developed by Mozilla. Mozilla has
committed to operational and security support of the persona.org
services until November 30th, 2016.

On November 30th, 2016, Mozilla will shut down the persona.org services.
Persona.org and related domains will be taken offline.

If you run a website that relies on Persona, you need to implement an
alternative login solution for your users before this date.

For more information, see this guide to migrating your site away from
Persona:

https://wiki.mozilla.org/Identity/Persona_Shutdown_Guidelines_for_Reliers

=============================================================================

Given the above, and that the Persona authentication methods as a whole
are no longer being actively maintained by anyone anywhere to ensure
ongoing security, we should deprecate the option from koha.

Test plan:
Apply this patch and make sure you do not find any references of Persona
Have a look at patches from bug 9587 and confirm that everything has
been reverted

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Code looks good to me.
Also ran several tests including: Auth.t, Auth_with_shibboleth.t.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2017-01-13 12:32:19 +00:00
f28460bdb7 Bug 17392 - opac/svc/overdrive_proxy is not plack safe
This patch simply replaces the ';'  in the param passed to OverDrive
with '&'

To test:
1 - Enable overdrive (requires an account)
2 - Perform an opac search
3 - Note the number of overdrive results reported
4 - Click the link to view the actual overdrive results
5 - Note the result numbers don't match
6 - Apply patch
7 - Repeat 1-4 and note results numbers match and results are relevant
8 - Test a search with a ';' to ensure this patch isn't breaking
searches

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer  <katrin.fischer@bsz-bw.de>
Verified by reading code - couldn't verify using Overdrive.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-11 16:16:02 +00:00
658f603511 Bug 17189: Replace occurrences of 'use Koha::Cache'
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

https://bugs.koha-community.org/show_bug.cgi?id=11921

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 10:24:47 +00:00
f753220701 Bug 17189: Add the ability to define several memcached namespaces - replace existing occurrences
s/Koha::Cache->get_instance/Koha::Caches->get_instance

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

https://bugs.koha-community.org/show_bug.cgi?id=11921

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2016-09-08 10:24:46 +00:00
c4eabeda0b Bug 16447: Remove occurrence of the borrow permission which does no longer exist
Bug 7976 has removed this permission, but other patches re-added it...
Note that the occurrences in sendbasket.pl, edithelp.pl, opac/svc/login should
have been removed by bug 7976.

Test plan:
  git grep 'borrow.*=> 1'
should not return any results.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
2016-05-05 21:28:14 +00:00
Nicholas van Oudtshoorn
9472711921 Bug 10988 - Fix some wording Fix some outdated wording in googleopenidconnect
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:36 +00:00
Nicholas van Oudtshoorn
722a098eac Bug 10988 - Fixes for comments 57 and 58
Test Plan (remains the same):
     0) Back up your database
     1) Apply all these patches
     2) In your mysql client use your Koha database and execute:
        > DELETE FROM systempreferences;
        > SOURCE ~/kohaclone/installer/data/mysql/sysprefs.sql;
        -- Should be no errors.
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see 4 entries.
        > QUIT;
     3) Restore your database
     4) Run ./installer/data/mysql/updatedatabase.pl;
     5) In your mysql client use your Koha database and execute:
        > SELECT * FROM systempreferences LIKE 'GoogleO%';
        -- Should see the same 4 entries.
     6) Log into the staff client
     7) Home -> Koha administration -> Global system preferences
     8) -> OPAC
        -- make sure your OPACBaseURL is set (e.g. https://opac.koha.ca)
     9) -> Administration
        -- There should be a 'Google OAuth2' section with the ability
           to set those 4 system preferences.
    10) In a new tab, go to https://console.developers.google.com/project
    11) Click 'Create Project'
    12) Type in a project name that won't freak users out, like your
        library name (e.g. South Pole Library).
    13) Click the 'Create' button.
    14) Click the 'APIs & auth' in the left frame.
    15) Click 'Credentials'
    16) Click 'Create new Client ID'
    17) Select 'Web application' and click 'Configure consent screen'.
    18) Select the Email Address.
    19) Put it a meaningful string into the Product Name
        (e.g. South Pole Library Authentication)
    20) Fill in the other fields as desired (or not)
    21) Click 'Save'
    22) Change the 'AUTHORIZED JAVASCRIPT ORIGINS' to your OPACBaseURL.
        (http://library.yourDNS.org)
    23) Change the 'AUTHORIZED REDIRECT URIS' to point to the new
        googleoauth2 script
        (http://library.yourDNS.org/cgi-bin/koha/svc/auth/googleopenidconnect)
    24) Click 'Create Client ID'
    25) Copy and paste the 'CLIENT ID' into the GoogleOAuth2ClientID
        system preference.
    26) Copy and paste the 'CLIENT SECRET' into the GoogleOAuth2ClientSecret
        system preference.
    27) Change the GoogleOpenIDConnect preference to 'Use'.
    28) Click 'Save all Administration preferences'
    29) In the OPAC, click 'Log in to your account'.
        -- You should get a confirmation request, if you are
            already logged in, OR a login screen if you are not.
        -- You need to have the primary email address set to one
           authenticated by Google in order to log in.
    30) Run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
2016-04-01 19:25:35 +00:00
1167871402 Bug 9303 [QA Followup] - Restore missing svc script
Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-12-31 13:09:49 +00:00
Jonathan Druart
baea0a79d5 Bug 7976: Remove the borrow permission
The borrow permission was used but uselessly.
For instance, at the opac, the flagsrequired parameter was set to
'borrow' but the 'authnotrequired' was set also (which means no auth
required).
At the end, this permission was used at only 1 place: for the basket,
intranet side.
This can be replaced with the catalogue permission (which is used to
search).

Test plan:
1/ Confirm that you are able to show/download/sent the cart (intranet side)
with the catalogue permission.
2/ At the OPAC, you should be able to access the same pages as before
with any other permissions.

Concretely it is quite difficult to test this patch, you should have a
look at the code.

Signed-off-by: Nick Clemens <nick@quecheelibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-06-05 13:43:34 -03:00
Jonathan Druart
11049f9d02 Bug 13758: Move the Koha version from kohaversion.pl
It will permit not to run another perl interpreter.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
2015-05-07 11:39:04 -03:00
Jonathan Druart
a6c9bd0eb5 Bug 9978: Replace license header with the correct license (GPLv3+)
Signed-off-by: Chris Nighswonger <cnighswonger@foundations.edu>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

http://bugs.koha-community.org/show_bug.cgi?id=9987

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-04-20 09:59:38 -03:00
Jonathan Druart
e20270fec4 Bug 11944: use CGI( -utf8 ) everywhere
Signed-off-by: Paola Rossi <paola.rossi@cineca.it>
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2015-01-13 13:07:21 -03:00
Jonathan Druart
6e7192f0d7 Bug 12886: shelfbrowser script should write headers
opac/svc/shelfbrowser.pl does not write http headers.

On a production server, this patch resolves a server internal error
(500):
  Bad header=    <div id="shelfbrowser">

I did not reproduce on my local instance, but this should be fixed.

Test plan:
Verify there is no regression on browsing a shelf (with "en" and translated
templates)

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes tests and QA script, no regressions found.

Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-11-21 20:54:38 -03:00
Robin Sheat
e9715c7921 Bug 12041 - improve Koha::Cache
This makes Koha::Cache behave better by default. It will use memcached
if available to do shared caching, if that's not available it will fall
back to in-memory caching. It also allows for a singleton accessor to
allow a single cache to be shared within a process.

* Added tests to confirm UTF8-cleanness.
* Added minor fixups to stop warnings.

Test plan:
* The t/Cache.t file runs successfully with and without the
  MEMCACHED_SERVERS envvar set (and memcached running in the
  environment.)

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
2014-06-19 13:05:04 -03:00
da8d126c9a Bug 12114: (QA Followup) Use JSON instead of JSON::XS
RM note: on most platforms, the JSON module will use JSON::XS
by default.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-25 15:32:06 +00:00
Katrin Fischer
8f006fd002 Bug 12114: Fix encoding problem with reports JSON web service (opac)
- catalog a record that includes umlauts äöü
- write a report, that has the record in the result set
- access the JSON output of the report
  <OPAC BaseURL/cgi-bin/koha/svc/report?id=1
- verify the umlaut displays not correctly
- switch the encoding in the browser to 'western'/latin1
- verify the umlaut now displays correctly
- apply patch
- verify umlaut now displays correctly from the beginning

Based on paste from Galen Charlton.

Followed test plan. Result as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-25 15:31:33 +00:00
Galen Charlton
1931d2d22f Bug 9915: (follow-up) use SQL placeholders
This patch teaches C4::Reports::Guided::execute_query()
how to accept a list of query parameter values.  It then
follows-up on the main patch by simplifying how it converts
report parameters to a complete SQL query, and removes the
use of DBI->quote() and complicated regexes.

To test:

[1] Verify that using the OPAC svc/report service with
    sql_params continues to work.
[2] Verify that there are no regressions with running
    reports from the staff interface, both via the web
    service and the reports interface.
[3] Verify that prove -v /db_dependent/Reports_Guided.t passes.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.
No regressions found.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-20 22:54:09 +00:00
9161911612 Bug 9915: Allow sql_params to be passed to a report using the OPAC svc/report interface
Test plan:

1/ Make a public report that contains SQL parameters
2/ Test it from the staff side
3/ Hit the url like
cgi-bin/koha/svc/report?id=1&sql_params=chris&sql_params=chris2
4/ Test you get JSON

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Passes all tests and QA script.

Tested with a public report:
select * from items
  - cgi-bin/koha/svc/report?id=6
  - URL shows JSON and all items
select * from items where itype = <<itype>>
  - cgi-bin/koha/svc/report?id=6&sql_params=BK
  - URL shows JSON and only BK items
select * from items where itype = <<itype>> and homebranch = <<homebranch>>
  - cgi-bin/koha/svc/report?id=6&sql_params=BK&sql_params=MPL
  - URL shows JSON and only BK items in MPL
select * from items where itype = <<itype|itemtypes>> and homebranch = <<homebranch|branches>>
  - same as above
  - URL shows JSON and only BK items in MPL
select * from items where dateaccessioned = 2013-12-15
  - cgi-bin/koha/svc/report?id=6&sql_params=BK&sql_params=MPL&sql_params=2013-12-15
  - URL shows JSON and correct items

Note: This will currently only work for public reports!

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
2014-04-20 22:54:04 +00:00