Commit graph

133 commits

Author SHA1 Message Date
b0cf6c087b
Bug 31219: Prevent JS injection in patron extended attributes
We are sanitizing other attributes but "extended patron attributes".

Test plan:
Make a patron attribute editable at the OPAC
Edit an existing patron, or register a new one
Use a script tag in the new value ("<script>alert("booh!")</script>" for
instance)
With this patch the value is remove if containing an HTML tag that is
not br b i em big small strong (see C4::Scrubber)

Signed-off-by: Mark Hofstetter <koha@trust-box.at>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-24 14:40:41 -03:00
1c0a187968
Bug 23538: Email library when new patron self-registers
Test plan:
1. Apply all patches
2. Update database
3. Restart services
4. Set email addresses in:
- KohaAdminEmailAddress syspref
- EmailAddressForPatronRegistrations syspref
- Email address in the library branch
5. Enable PatronSelfRegistration syspref
6. Test the following use cases:

- EmailPatronRegistrations syspref = 'none'.
Submit OPAC registration.
= OUTCOME: Confirm no OPAC_REG notice in message_queue table

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-23 09:37:54 -03:00
6c893f7372
Bug 31531: Remove unnecessary use directives on opac-memberentry.pl
This patch just removes two redundant use directives in opac-memberentry.pl

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-09-16 16:52:45 -03:00
48bf9b1d91
Bug 30718: Use flatpickr's altInput
The idea rely on the KohaDates TT plugin for the date formatting. We
should not have any output_pref calls in pl or pm (there are some
exceptions, for ILSDI for instance).

Also flatpickr will deal with the places where dates are inputed. We
will pass the raw SQL value (what we call 'iso' in Koha::DateUtils), and
the controller will receive the same value, no need to additional
conversion.
Note that DBIC has the capability to auto-deflate DateTime objects,
which makes things way easier. We can either pass the value we receive
from the controller, or pass a DT object to our methods.

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-08-19 08:26:31 -03:00
3d5e974f8f Bug 30237: Replace AutoEmailOpacUser with AutoEmailNewUser
This patch replaces the AutoEmailOpacUser system preference with a new
AutoEmailNewUser preference. This makes the functionof the preference
clearer.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
a4da023bae Bug 30237: Reference new WELCOME notice
This patch updates all references to the former ACCTDETAILS notice to
use the new WELCOME email notice instead.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-20 09:03:39 -10:00
bcfc1bea3e Bug 30120: Save and apply extended attributes during self registration verification by email
The self registration form stores a new borrower as a borrower modification when verifying by email.

Borrower modifications can  handle extended attributes.

This patch simply sotres the extended attributes in the modifications table, and approves a modification
to the extended attributes only after patron is created

To test:
1 - Apply patch
2 - Create a patron attribute and set it as viewable/editable in the OPAC
3 - Set system preference PatronSelfRegistrationVerifyByEmail
4 - Reigster a new patron on the OPAC, provide an email and populate the extended attribute
5 - Retrieve the verification token, the last on in the messages table
    SELECT * FROM message_queue;
6 - Go tot he url from above
7 - Confirm successful patron creation
8 - View patron record and confirm attribute was set

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-08 15:49:16 +02:00
59df6a114e Bug 30214: Add ACCTDETAILS notice to self registeration
This patch adds the ACCTDETAILS notice trigger to the opac self
registration process. Allowing new users, without varification enabled,
to receive the ACCTDETAILS notice immediately after their account is
created.

Test plan
1) Enable AutoEmailOpacUser system preference
2) Ensure the ACCTDETAILS notice is configured
3) Ensure `PatronSelfRegistrationVerifyByEmail` is disabled
4) Register a new user via the opac self registration process using an
   email address you have access to
5) The new user should have been created and you should be able to see
   the account details notice in their associated notices
6) Confirm that the email address used above has received the notice.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-03-17 11:22:56 -10:00
0ee23d67c9 Bug 29859: (follow-up) Use iterator instead of as_list
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-11 09:11:39 -10:00
d02e91f269 Bug 29859: Use iterator instead of as_list
On bug 29844 we decided to remove wantarray from Koha::Objects->search.
Reviewing the difference occurrences I found some unnecessary uses of ->as_list,
where iterators should be used instead.

This patch only removes the obvious places, not the tricky ones.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
e53667105d Bug 29844: Fix ->search occurrences
and some more...

There are lot of inconsistencies in our ->search calls. We could
simplify some of them, but not in this patch. Here we want to prevent
regressions as much as possible and so don't add unecessary changes.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-02-09 15:36:23 -10:00
9987686f38 Bug 13188: Add PatronSelfModificationMandatoryField system preference
TEST PLAN:
1. Apply patch, updatedatabase, restart_all
2. In the  PatronSelfRegistrationBorrowerMandatoryField add the field password.
3. Go to the self registration page on make sure password is required.
4. Now go to the OPAC modification page, make some changes and attempt to submit. It should work.
5. Go to PatronSelfModificationMandatoryField and select some fields.
6. The columns you selected should now be required.
7. On the PatronSelfModificationMandatoryField page, make sure the select all and clear all buttons work.

Signed-off-by: Kelly McElligott <kelly@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2021-12-14 09:46:22 -10:00
74ec89abc6 Bug 28947: Prevent OPAC user to create new users
This patch prevents an existing user from exploiting the patron edit form in order to
force create new patrons

To test:
Try all combinations of PatronSelfRegistration and PatronSelfRegistrationVerifyByEmail
with and without this patch.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:18:58 +02:00
5f37d8d2f4 Bug 28935: No filtering on patron's data on member entry pages
Security patch. Follow-up for 28929.
Including correction for gonenoaddress and two others.
Includes unwanted fields too now.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:18:57 +02:00
6def280427 Bug 28929: Prevent flags to be sent during patron's edition
* selfreg and selfmod for OPAC
* patron's edition on staff

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested OPAC and staff side. Prevents mangling flags column.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-30 09:18:56 +02:00
ddb24eb403 Bug 28870: Move email address validation to a specific class method
To ease testing and future changes if needed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-28 10:22:36 +02:00
481f52308a Bug 28870: Remove traces of Email::Valid
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-09-28 10:22:35 +02:00
9d6d641d1f Bug 17600: Standardize our EXPORT_OK
On bug 17591 we discovered that there was something weird going on with
the way we export and use subroutines/modules.
This patch tries to standardize our EXPORT to use EXPORT_OK only.

That way we will need to explicitely define the subroutine we want to
use from a module.

This patch is a squashed version of:
Bug 17600: After export.pl
Bug 17600: After perlimport
Bug 17600: Manual changes
Bug 17600: Other manual changes after second perlimports run
Bug 17600: Fix tests

And a lot of other manual changes.

export.pl is a dirty script that can be found on bug 17600.

"perlimport" is:
git clone https://github.com/oalders/App-perlimports.git
cd App-perlimports/
cpanm --installdeps .
export PERL5LIB="$PERL5LIB:/kohadevbox/koha/App-perlimports/lib"
find . \( -name "*.pl" -o -name "*.pm" \) -exec perl App-perlimports/script/perlimports --inplace-edit --no-preserve-unused --filename {} \;

The ideas of this patch are to:
* use EXPORT_OK instead of EXPORT
* perltidy the EXPORT_OK list
* remove '&' before the subroutine names
* remove some uneeded use statements
* explicitely import the subroutines we need within the controllers or
modules

Note that the private subroutines (starting with _) should not be
exported (and not used from outside of the module except from tests).

EXPORT vs EXPORT_OK (from
https://www.thegeekstuff.com/2010/06/perl-exporter-examples/)
"""
Export allows to export the functions and variables of modules to user’s namespace using the standard import method. This way, we don’t need to create the objects for the modules to access it’s members.

@EXPORT and @EXPORT_OK are the two main variables used during export operation.

@EXPORT contains list of symbols (subroutines and variables) of the module to be exported into the caller namespace.

@EXPORT_OK does export of symbols on demand basis.
"""

If this patch caused a conflict with a patch you wrote prior to its
push:
* Make sure you are not reintroducing a "use" statement that has been
removed
* "$subroutine" is not exported by the C4::$MODULE module
means that you need to add the subroutine to the @EXPORT_OK list
* Bareword "$subroutine" not allowed while "strict subs"
means that you didn't imported the subroutine from the module:
  - use $MODULE qw( $subroutine list );
You can also use the fully qualified namespace: C4::$MODULE::$subroutine

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-16 08:58:47 +02:00
Maryse Simard
b23ecb5882 Bug 11879: (follow up) Some fixes and code cleanup
- Display the value in the patron detail page
- Adds support for BorrowerUnwantedField (staff)
- Removes unecessary code in opac/opac-memberentry.pl

Sponsored-by: CCSR ( http://www.ccsr.qc.ca )

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-12 15:47:33 +02:00
Bin Wen
975c48fb4a Bug 11879: Add a new field to patron record: main contact method
This patch adds the "Main Contact Method" field in the borrower
modification form.

This field is useful for reporting purposes, or to
know which contact method to use first when trying to contact a borrower.

Test plan:
0) Apply patch
1) updatedatabase.pl
2) In the staff client, edit a patron's contact info. There should be a new dropdown select to choose the main contact method
3) In the opac page, edit the personal details.There should be a new dropdown select to choose the main contact method.
4) Save the form. It should work.

Sponsored-by: CCSR ( http://www.ccsr.qc.ca )
Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-07-12 15:47:33 +02:00
a98759e3b7 Bug 18112: Use GetAuthValueDropbox from the template
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-11 15:37:42 +02:00
efe0fe85f2 Bug 18112: Add street type to self reg/self mod form
1. Add some values to the ROADTYPE authorized value
2. Go to PatronSelfRegistrationBorrowerUnwantedField and make sure
   streettype is NOT checked
3. Go the self reg form, no street type field
4. Apply patch
5. Check the self reg form, streettype should be there with all the
   options defined in ROADTYPE a.v.
6. Check the self modification form, street type should be there.
7. Make sure PatronSelfRegistrationBorrowerUnwantedField and
   PatronSelfModificationBorrowerUnwantedField hide the field correctly.
8. Make sure PatronSelfRegistrationBorrowerMandatoryField properly makes
   the field required.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-05-11 15:13:28 +02:00
04631818e3 Bug 28162: fix doubled scalar sigil
TEST PLAN:

1 Set up some patron extended attributes
2 Make sure you check 'Display in OPAC' and 'Editable in OPAC'
3 Go to self registration and attempt to register
4 you get an error ( Not a SCALAR reference at /kohadevbox/koha/opac/opac-memberentry.pl line 110 )
5 Apply patch
6 repeat steps 1-3, ther should be no error now

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-21 10:51:29 +02:00
7b9b1b0e2a Bug 28031: (follow-up) Clarify check methods
The check methods were positioned under the 'Internal methods' section
of the meodule but are used externally.

It also felt strange to have a noop or die method. Instead, I propose
renaming them to `repeatable_ok` and `unique_ok` and returning a
boolean denoting their state.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-04-09 15:43:34 +02:00
87eaaf302c Bug 27860: Fix self-registration if messages with incorrect email are inqueued
If the pref KohaAdminEmailAddress was not set correctly (invalid email)
and has been used to generate message, the message_queue table can contain
some messages that are not sent (pending) and will be processed each
time a new self-reg is done.
The PatronSelfRegistrationVerifyByEmail feature must send only the
notice we just generated, not the whole pending queue.

Test plan:
1. Do not apply the patches
2. Set KohaAdminEmailAddress to an invalid email (root@localhost for
instance)
3. Turn on PatronSelfRegistrationVerifyByEmail
4. Self-reg a patron
5. Boom (that must be fixed on a separate bug report)
6. Set KohaAdminEmailAddress to a valid email (root@example.org)
7. Self-reg a patron
8. Still Boom! (because it's processing the first invalid email)
9. Apply the patches, restart_all
10. Self-reg a patron
=> The email is sent!
Notice the change in DB, the first email is still there with status
"pending" and second email is sent!

QA: at step 10. TODO first email must be 'failed' (highlight in tests)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-16 12:04:05 +01:00
592ab10fe5 Bug 22824: Remove C4::Boolean, true_p, boolean_preference, etc.
It seems that we don't really need all this overhead.
YesNo must be a boolean and contain 1 or 0.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-03-04 16:18:42 +01:00
74ae74d5fa Bug 27626: Fix self registration if categorycode is hidden and PatronSelfRegistrationVerifyByEmail
If categorycode is selected in
PatronSelfRegistrationBorrowerUnwantedField and
PatronSelfRegistrationVerifyByEmail is turned on, the patron self registration
fails with

   [You must provide a patron's category to validate password's strength
   and length] at /usr/share/perl5/Exception/Class/Base.pm line 88

Test plan:
0. Select categorycode in PatronSelfRegistrationBorrowerUnwantedField
   and turn on PatronSelfRegistrationVerifyByEmail
1. Self register a patron
2. Confirm that it works as expected with this patch applied.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-23 13:12:56 +01:00
121b633cad Bug 27604: Deal with empty pref
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-16 10:03:54 +01:00
4784b8ffe5 Bug 27604: Init to {}
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-08 14:56:00 +01:00
60a749ff5a Bug 27604: (QA follow-up) Limit the libraries during the query
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-08 14:56:00 +01:00
376bf9b980 Bug 27604: Make sure PatronSelfRegistrationLibraryList is used
The value of PatronSelfRegistrationLibraryList is used to display the dropdown
list of the libraries, but not after the form is submitted.

Test plan:
1. Empty PatronSelfRegistrationLibraryList
2. Self register a new patron
=> Confirm the dropdown list with the libraries contain all the
libraries
3. Fill in PatronSelfRegistrationLibraryList with branchcodes (eg. "CPL|MPL")
4. Self register a new patron
5. Edit the HTML form and replace the option's value with another
branchcode (FPL)
6. Save
=> Without this patch the branchcode FPL is used
=> With this patch applied an ugly 500 is returned

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-08 14:56:00 +01:00
4b2c284092 Bug 27450: Remove password from the mandatory fields when editing details
When a patron edit their personal details at the OPAC, the password must
be removed from the mandatory fields

Test plan:
0 - Don't apply the patch
1 - Set PatronSelfRegistrationBorrowerMandatoryField to require password
2 - Create or sign in as a patron on the opac
3 - Click 'Your personal details'
4 - Attempt to edit
5 - Save changes
=> They are rejected because not all required fields are populated
6 - Apply the patch
7 - Repeat 3 to 5
=> details are saved successfully
8 - Test the self registration feature and confirm that the password is
required

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2021-02-01 16:32:39 +01:00
Agustin Moyano
f5373b7a5e Bug 27148: Fix bug on self registration when user category is hidden
This patch fixes the bug when there is no patron category available for
selection in self registration form. It uses PatronSelfRegistrationDefaultCategory
to get patron's password length and strength.

To test:
1. Do not apply this patch
2. Allow SeflRegistration, set PatronSelfRegistrationDefaultCategory to
   a valid patron category and finally add categorycode to PatronSelfRegistrationBorrowerUnwantedField
3. Go to opac and enter self registration form
CHECK => There is no patron category available for selection
      => Password's info alert shows "Password must contain at least
undefined characters"
4. Fill the form setting a password and send.
CHECH => You get an exception saying "You must provide a patron's
category to validate password's strength and length"
5. Apply this patch and restart_all
6. repeat steps 3 and 4
SUCCESS => Password's info alert message shows a number instead of
"undefined"
        => Password's strength and length checks are working
        => If you change default category's lenght or strength parameter it get's reflected when you refresh the page
        => When you click send, patron is saved

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-12-26 17:58:33 +01:00
Julian Maurice
96cc447045 Bug 25898: Prohibit indirect object notation
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-10-15 12:56:30 +02:00
Agustin Moyano
5848da810e Bug 23816: Add minimum password length and require strong password overrides by category
This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category

To test:
1. koha-shell kohadev
2. koha-mysql kohadev

3. drop database koha_kohadev;
4. create database koha_kohadev;

5. go to admin page and start webinstaller. There continue the steps until onboarding.
6. reach step 3 of onboarding and create a new administrator patron
CHECH => Password control woks as normal (Minimum length 3 and strong required)

7. finish Koha installation and enter admin with your new administrator
8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require”
9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password
10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2)
CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password.
CHECK => Try changing patron category before saving. Password requirements will change with category change.

11. Edit CAT1 and set minimum password length to 5
12. Go to patron1 details page, and change password.
CHECH => Now password minimum length is 5, but still it doesn’t require strong password

13. Edit CAT1, leave blank minimum password length and set require strong password to yes.
14. Go to patron1 details page, and change password.
CHECH => Password minimum length is back to 3, but now strong password is required

15. Set minimum password length in CAT2 to 12.
16. Go to patron2 details page, and click to fill a random generated password
CHECK => generated password should be 12 characters length

17. Set PatronSelfRegistration to Allow in admin settings
18. Go to OPAC and fill self registration from.
CHECK => Play with patron category. For each change in category, password requirements are modified.
CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input.

19. Create a patron for CAT1 and another for CAT2, leaving password blank
CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12

20. In admin set PatronSelfRegistrationVerifyByEmail to require
21. Fill self registration form again with CAT2 as category
CHECK => Password requirements works as previous case.
22. Leave password blank and click submit

23. select * from message_queue;
24. Copy the link in the message and paste it in OPAC
CHECH => Generated password is 12 characters long. (Copy user id for next steps)

25. In admin set OpacResetPassword to Allow
26. Go back to OPAC, reload and click on “Forgot password?” link
27. Paste user id and click submit
28. Repeat steps 23 and 24
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in warning.

29. Login OPAC with the last user and your newly created password
30. Go to “Change your password” option
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in below “New password” input.

31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t

32. Sign off

Sponsored-by: Northeast Kansas Library - NEKLS

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-09-09 15:39:52 +02:00
David Gustafsson
b12198a53f Bug 20057: System preference for auto approval of patron profile changes
Testplan for this patch:

1. Apply patch.
2. Make sure syspref "AutoApprovePatronProfileSettings" is set to "Disable".
3. Edit patron personal details via opac interface.
4. Expect modifications to require manual approval by staff via link on main page.
5. Set syspref "AutoApprovePatronProfileSettings" to "Enable".
6. Edit patron personal details via OPAC interface again.
7. Expect modifications to have been approved automatically.

Signed-off-by: Liz Rea <liz@catalyst.net.nz>
This works, we may want some different text for this situation in the OPAC, it still says the librarian has to approve the change.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-08-31 14:41:08 +02:00
dc0077b3a1 Bug 22844: Make the patron's attribute mandatory at the OPAC
Test plan:
- Set 1+ patron's attribute(s) mandatory
- Use the self-registration feature and confirm that you cannot selfreg
if the attribute has no value (or empty string)
- Same with the modification form (logged in)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-07-20 16:08:22 +02:00
73c421a516 Bug 25769: Patron self modification triggers change request for date of birth to null
If PatronSelfModificationBorrowerUnwantedField contains dateofbirth, all
patron self modification requests will attempt to set dateofbirth to
null instead of ignoring the field.

Test Plan:
1) Add dateofbirth to PatronSelfModificationBorrowerUnwantedField
2) Run a patron self modification
3) Note the request sets dateofbirth to null on the staff side
4) Apply this patch
5) Restart all the things!
6) Run another self-modification
7) Note of the staff side that dateofbirth is unaffected

Signed-off-by: Emmi Takkinen <emmi.takkinen@outlook.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2020-06-24 14:23:33 +02:00
Aleisha Amohia
3d022f0f27
Bug 24913: Add PatronSelfRegistrationConfirmEmail syspref
To test:
1) update database, restart memcached/plack
2) Go to Administration -> System preferences -> OPAC tab. Enable the
new PatronSelfRegistrationConfirmEmail system preference. Enable other
required self registration sysprefs.
3) Go to the OPAC home page. (You may need to log out). Click the
'Register' link so you are redirected to the member entry form.
4) Notice the 'Confirm primary email' field after the 'primary email'
field. Put 'a@a.com' in primary email, and 'b@b.com' in the confirm
field. Scroll to the end of the form and Submit.
5) Confirm the form is not successfully submitted, and an error message
is shown to indicate the email addresses do not match.
6) Confirm you cannot cut, copy or paste in either the primary email or
confirm primary email fields. Confirm the right click menu doesn't work
in these fields.

7) Disable javascript in your browser.
8) Repeat steps 3 and 4.
9) Confirm there is an error message to indicate the email addresses do
not match.

10) Re-enable javascript. Fill in the form correctly with matching email
addresses and confirm it successfully submits.

11) Disable the PatronSelfRegistrationConfirmEmail syspref.
12) Attempt to register an account on the OPAC again. Confirm the
'confirm email address' field is gone and form works as expected.
13) Re-enable the PatronSelfRegistrationConfirmEmail syspref.
14) Log in to the OPAC and go to your personal details
15) Edit the primary email field
16) Confirm you are able to submit your changes (you should not see an
error about emails not matching).

Sponsored-by: Bibliotheksservice-Zentrum Baden-Württemberg (BSZ)
Signed-off-by: holly <hc@interleaf.ie>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-21 12:30:40 +01:00
665c8328d1
Bug 25136: Join the 2 ifs
Highlight that we only need this for action="new"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-16 19:26:48 +01:00
dbf604e141
Bug 25136: Make PatronSelfRegistrationLibraryList only effect new registration
This patch makes it so PatronSelfRegistrationLibraryList will only effect the registration from and not the modification form.
TO TEST:
1. Turn on self reg and add some libaries to PatronSelfRegistrationLibraryList.
2. Notice that the libaries that display in the borrower_branchcode dropdown are the ones you selected on both the new registration from and the modification form.
3. Apply patch.
4. Now only the new registration from should show libaries on PatronSelfRegistrationLibraryList.
5. The modifciation dropdown should still show all libraries.

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-16 19:26:14 +01:00
cc6c3f5815
Bug 25137: (bug 23084 follow-up) Fix incorrect grep ternary condition
The lack of parenthesis makes the condition evaluated wrong.

Test plan:
- confirm you have a branch with code X
- enter X in PatronSelfRegistrationLibraryList
- go to cgi-bin/koha/opac-memberentry.pl (either as a logged in patron or as a self-reg patron)
- confirm branch dropdown is not empty and contain X
- empty out PatronSelfRegistrationLibraryList
- reload cgi-bin/koha/opac-memberentry.pl and confirm branches show

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-04-15 08:35:04 +01:00
37e634bb5b
Bug 20443: Remove C4::Members::AttributeTypes
We do no longer need this package, we can use
Koha::Patron::Attribute::Types directly instead.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:41 +00:00
5dd44a8f08
Bug 20443: Remove CheckUniqueness
There is already a method in Koha::Patron::Attribute to check the
uniqueness constraint, let us it to replace CheckUniqueness

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:30 +00:00
ccfc6572f7
Bug 20443: Remove UpdateBorrowerAttribute and SetBorrowerAttributes
This patch replace Koha::Patron->get_extended_attributes with
->extended_attributes
It's now a getter a setter method.

It permits to replace UpdateBorrowerAttribute and use
create_related from DBIx::Class

Notes:
* We face the same variable names difference than in a previous patch
(value vs attribute)

Bug 20443: Remove SetBorrowerAttributes

squash  + RM get_extended_attributes

 RM get_extended_attributes

SQUASH Bug 20443: Remove UpdateBorrowerAttribute and SetBorrowerAttribute

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:44:16 +00:00
9707167a48
Bug 20443: Move GetBorrowerAttributes to Koha::Patron->extended_attributes
The GetBorrowerAttributes subroutine return the attributes for a given
patron.

Using get_extended_attributes we can acchieve it easily. The problematic
here is to restore the method's name (value vs attribute,
value_description vs description of the authorised value, as well as
display_checkout that should not be a method of Attribute, but
Attribute::Type instead)

value_description was used when the attribute types were attached to an
authorised value category. To avoid the necessary test in template and
controller there is now a $attribute->description method that will
display either the attribute's value OR the value of the authorised
value when needed. We should certainly use this one from few other
places.

Notes:
* This patch rename Koha::Patron->attributes with Koha::Patron->get_extended_attributes.
It will be renamed with Koha::Patron->extended_attributes in ones of the next
patches when it will become a setter as well.
* GetBorrowerAttributes did not care about the library limits, we still
do not
* The opac_only flag was not used outside of test, we drop it off.
* To maintain the existing behavior we add a default order-by clause to
the search method [code, attribute]
* From C4::Letters::_parseletter we always display the staff description
of the AV, There is now a FIXME to warn about it
* FIXMEs are not regressions, existing behaviors must be kept
* TODO add a new check to bug 21010 to search for inconsistencies in
patron's attributes attached to non-existent authorised values
* One test has been updated in Modifications.t, order_by is now
by default set to ['code', 'attribute']

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:39:25 +00:00
37f464e1cf
Bug 20443: Remove opac_display and opac_editable from Patron::Attribute
Same as previously for methods that have been added by bug 17792.
It's better to be explicite and tell we are fetch the related attribute's type

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-23 13:39:10 +00:00
3944f20beb
Bug 24892: Resolve uninitialized warns from opac-memberentry
Especially line 500 (current master).

Use of uninitialized value $new_data{"sort2"} in string eq at /usr/share/koha/opac/opac-memberentry.pl line 500.
Use of uninitialized value in string eq at /usr/share/koha/opac/opac-memberentry.pl line 500.

Simple fix, not completely trivial due to adding xor ;)

Test plan:
Do not apply, update from opac memberentry. Check warns in log.
Apply patch, update again. Less warns?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-03-20 15:40:43 +00:00
82716a0172
Bug 23084: Replace grep {^$var$} with grep {$_ eq $var}
We certainly faced 3 similar bugs due to this syntax: bug 23006, bug
22941 and bug 17526.

To prevent other issues related to this syntax this patch suggests to
replace them all in one go.

Test plan:
Confirm that the 2 syntaxes are similar
Eyeball the patch and confirm that there is no typo!

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-02-17 10:44:45 +00:00
127dfc0b8f
Bug 19809: Remove some new occurrences
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2020-01-23 10:27:36 +00:00