Tree:
d10513dfc0
16.05.x
16.11.x
17.05.x
17.11.x
18.05.x
18.11.x
19.05.x
19.11.x
20.05.x
20.11.x
21.05.x
21.11.x
22.05.x
22.11.x
23.05.x
23.11.x
3.0.x
3.10.x
3.12.x
3.14.x
3.16.x
3.18.x
3.2.x
3.20.x
3.22.x
3.4.x
3.6.x
3.6.x-maint/testing
3.6.x-rmaint/testing
3.8.x
MM-OPAC/theme_dep
main
new/bootstrap-opac
new_12478_elasticsearch
3.0.5_rc1
3.02.02
R_1-1-1RC1
R_1-2-1
R_1-2-1RC6
R_1-2-2
R_1-2-2RC4
R_1-2-3
R_1-2-3RC11
R_1-2-3RC12
R_1-2-3RC13
R_1-2-3RC14
R_1-2-3RC15
R_1-2-3RC16
R_1-2-3RC17
R_1-2-3RC18
R_1-2-3RC20
R_1-2-3RC21
R_1-2-3RC22
R_1-2-3RC23
R_1-2-3RC25
R_1-2-3RC26
R_1-2-3RC5
R_1-3-0
R_1-3-1
R_1-3-2
R_1-3-3
R_1-9-0
R_1-9-1
R_1-9-2
R_1-9-3
R_2-0-0
R_2-0-0RC1
R_2-0-0RC2
R_2-0-0RC3
R_2-0-0RC4
R_2-0-0pre1
R_2-0-0pre2
R_2-0-0pre3
R_2-0-0pre4
R_2-0-0pre5
R_2-1
R_2-2-6
R_2-2-6RC2
R_2-2-6RC3
R_2-2-6RC4
R_2-2-7
R_2-2-9
R_2-3-0
R_2-4
R_2_2_4
R_2_2_5
R_2_2_6_RC
dev_week
html_template_pro
rel_3_0_5
v16.05.00
v16.05.00-beta
v16.05.01
v16.05.02
v16.05.02-01
v16.05.03
v16.05.04
v16.05.05
v16.05.05-01
v16.05.06
v16.05.06-01
v16.05.07
v16.05.08
v16.05.09
v16.05.10
v16.05.11
v16.05.12
v16.05.13
v16.05.14
v16.05.15
v16.05.16
v16.05.17
v16.05.18
v16.05.19
v16.11.00
v16.11.01
v16.11.02
v16.11.03
v16.11.04
v16.11.05
v16.11.06
v16.11.07
v16.11.08
v16.11.09
v16.11.10
v16.11.11
v16.11.11-1
v16.11.12
v16.11.13
v16.11.14
v16.11.15
v16.11.16
v17.05.00
v17.05.01
v17.05.02
v17.05.03
v17.05.04
v17.05.05
v17.05.06
v17.05.07
v17.05.08
v17.05.09
v17.05.10
v17.05.11
v17.05.12
v17.05.13
v17.05.14
v17.11.00
v17.11.01
v17.11.02
v17.11.03
v17.11.04
v17.11.05
v17.11.06
v17.11.07
v17.11.08
v17.11.09
v17.11.10
v17.11.11
v17.11.12
v17.11.13
v17.11.14
v17.11.15
v17.11.16
v17.11.17
v17.11.18
v18.05.00
v18.05.00-rc1
v18.05.00-rc2
v18.05.01
v18.05.02
v18.05.03
v18.05.04
v18.05.05
v18.05.06
v18.05.07
v18.05.08
v18.05.09
v18.05.10
v18.05.11
v18.05.12
v18.05.13
v18.05.14
v18.11.00
v18.11.01
v18.11.02
v18.11.03
v18.11.04
v18.11.05
v18.11.06
v18.11.07
v18.11.08
v18.11.09
v18.11.10
v18.11.11
v18.11.12
v18.11.13
v18.11.14
v18.11.15
v18.11.16
v19.05.00
v19.05.01
v19.05.02
v19.05.03
v19.05.04
v19.05.05
v19.05.05-1
v19.05.06
v19.05.07
v19.05.08
v19.05.09
v19.05.10
v19.05.11
v19.05.12
v19.05.13
v19.05.14
v19.05.15
v19.05.16
v19.05.17
v19.11.00
v19.11.01
v19.11.02
v19.11.03
v19.11.04
v19.11.05
v19.11.06
v19.11.07
v19.11.08
v19.11.09
v19.11.10
v19.11.11
v19.11.12
v19.11.13
v19.11.14
v19.11.15
v19.11.16
v19.11.17
v19.11.18
v19.11.18-2
v19.11.19
v19.11.20
v19.11.21
v19.11.22
v19.11.23
v19.11.24
v19.11.25
v19.11.26
v19.11.27
v19.11.28
v19.11.29
v20.05.00
v20.05.01
v20.05.02
v20.05.03
v20.05.04
v20.05.05
v20.05.06
v20.05.07
v20.05.08
v20.05.09
v20.05.10
v20.05.11
v20.05.12
v20.05.13
v20.05.14
v20.05.15
v20.05.16
v20.05.17
v20.05.18
v20.11.00
v20.11.01
v20.11.02
v20.11.03
v20.11.04
v20.11.05
v20.11.06
v20.11.07
v20.11.08
v20.11.09
v20.11.10
v20.11.11
v20.11.12
v20.11.13
v20.11.15
v20.11.16
v20.11.17
v20.11.18
v20.11.19
v21.05.00
v21.05.01
v21.05.02
v21.05.03
v21.05.04
v21.05.05
v21.05.06
v21.05.07
v21.05.08
v21.05.09
v21.05.10
v21.05.11
v21.05.12
v21.05.13
v21.05.14
v21.05.15
v21.05.16
v21.05.17
v21.05.18
v21.05.19
v21.05.20
v21.05.21
v21.05.22
v21.05.22-1
v21.05.22-2
v21.11.00
v21.11.01
v21.11.02
v21.11.03
v21.11.04
v21.11.04-1
v21.11.05
v21.11.06
v21.11.07
v21.11.08
v21.11.09
v21.11.10
v21.11.11
v21.11.12
v21.11.13
v21.11.14
v21.11.15
v21.11.16
v21.11.17
v21.11.18
v21.11.19
v21.11.20
v21.11.21
v21.11.21-1
v21.11.22
v21.11.23
v21.11.24
v21.11.25
v21.11.26
v22.05.00
v22.05.01
v22.05.02
v22.05.03
v22.05.03-1
v22.05.04
v22.05.05
v22.05.05-01
v22.05.06
v22.05.07
v22.05.08
v22.05.09
v22.05.10
v22.05.11
v22.05.12
v22.05.13
v22.05.14
v22.05.15
v22.05.16
v22.05.17
v22.05.18
v22.05.19
v22.05.20
v22.05.20-2
v22.05.21
v22.11.00
v22.11.01
v22.11.02
v22.11.03
v22.11.04
v22.11.05
v22.11.05-1
v22.11.06
v22.11.07
v22.11.08
v22.11.09
v22.11.10
v22.11.11
v22.11.12
v22.11.13
v22.11.14
v22.11.15
v22.11.15-1
v22.11.16
v22.11.16-1
v22.11.17
v23.05.00
v23.05.01
v23.05.02
v23.05.03
v23.05.04
v23.05.05
v23.05.06
v23.05.07
v23.05.08
v23.05.09
v23.05.09-01
v23.05.10
v23.05.10-02
v23.05.11
v23.11.00
v23.11.01
v23.11.02
v23.11.03
v23.11.04
v23.11.04-4
v23.11.05
v3.0.6
v3.00.00
v3.00.00-alpha
v3.00.00-beta
v3.00.00-beta2
v3.00.00-stableRC1
v3.00.01-stable
v3.00.01-stable_update
v3.00.01.005
v3.00.02-final
v3.00.02-stable
v3.00.03
v3.00.04
v3.00.04_final
v3.00.04_fixed
v3.00.05
v3.00.06
v3.02.00
v3.02.00-alpha
v3.02.00-alpha2
v3.02.00-beta
v3.02.00-rc
v3.02.01
v3.02.03
v3.02.04
v3.02.05
v3.02.06
v3.02.07
v3.02.08
v3.02.09
v3.02.10
v3.02.11
v3.04.00
v3.04.01
v3.04.02
v3.04.03
v3.04.04
v3.04.05
v3.04.06
v3.04.07
v3.04.08
v3.06.00
v3.06.01
v3.06.02
v3.06.03
v3.06.04
v3.06.05
v3.06.06
v3.06.07
v3.06.08
v3.06.09
v3.06.10
v3.06.10.000
v3.06.11
v3.06.12.000
v3.08.00
v3.08.01
v3.08.02
v3.08.03
v3.08.04
v3.08.05
v3.08.06
v3.08.07
v3.08.08
v3.08.09
v3.08.10
v3.08.11
v3.08.12
v3.08.13
v3.08.14
v3.08.15
v3.08.16
v3.08.17
v3.08.18
v3.08.19
v3.08.20
v3.08.21
v3.08.22
v3.08.23
v3.08.24
v3.10.00
v3.10.01
v3.10.02
v3.10.03
v3.10.04
v3.10.05
v3.10.06
v3.10.07
v3.10.08
v3.10.09
v3.10.10
v3.10.11
v3.10.12
v3.10.13
v3.12.00
v3.12.00-alpha
v3.12.00-alpha2
v3.12.00-beta1
v3.12.00-beta3
v3.12.00-rc1
v3.12.00-rc2
v3.12.00-rc3
v3.12.01
v3.12.02
v3.12.03
v3.12.04
v3.12.05
v3.12.06
v3.12.07
v3.12.08
v3.12.09
v3.12.10
v3.12.11
v3.12.12
v3.12.13
v3.12.14
v3.12.15
v3.14.00
v3.14.00-alpha1
v3.14.00-alpha2
v3.14.00-beta
v3.14.01
v3.14.02
v3.14.03
v3.14.04
v3.14.05
v3.14.06
v3.14.07
v3.14.08
v3.14.09
v3.14.10
v3.14.11
v3.14.12
v3.14.13
v3.14.14
v3.14.15
v3.14.16
v3.14.17
v3.16.00
v3.16.00-beta
v3.16.00-pkg
v3.16.00-rc
v3.16.01
v3.16.02
v3.16.03
v3.16.04
v3.16.05
v3.16.05.1
v3.16.06
v3.16.07
v3.16.08
v3.16.09
v3.16.10
v3.16.11
v3.16.12
v3.16.13
v3.16.14
v3.16.15
v3.18.00
v3.18.00-beta
v3.18.01
v3.18.02
v3.18.03
v3.18.04
v3.18.05
v3.18.05.1
v3.18.06
v3.18.06-3
v3.18.07
v3.18.08
v3.18.09
v3.18.10
v3.18.11
v3.18.12
v3.18.13
v3.20.00
v3.20.00-beta
v3.20.01
v3.20.02
v3.20.03
v3.20.04
v3.20.05
v3.20.06
v3.20.07
v3.20.07.1
v3.20.08
v3.20.09
v3.20.10
v3.20.11
v3.20.12
v3.20.13
v3.20.14
v3.20.15
v3.22.00
v3.22.00-beta
v3.22.01
v3.22.02
v3.22.03
v3.22.04
v3.22.05
v3.22.06
v3.22.07
v3.22.08
v3.22.09
v3.22.10
v3.22.11
v3.22.12
v3.22.13
v3.22.14
v3.22.15
v3.22.16
v3.22.17
v3.22.18
v3.22.19
v3.22.20
v3.22.21
v3.8.16
version-1-2-0
version-1-2-1
${ noResults }
20 Commits (d10513dfc0d47846fdb874b0a62ce9c8c7107644)
Author | SHA1 | Message | Date |
---|---|---|---|
Mark Tompsett | c4113dce70 |
Bug 18956: Fix empty to in message queue
Follow the test plan in comment #20. Also tweaked string, because it was really 'or' before too. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Amended text in added comment. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
Marcel de Rooy | 6336e53aed |
Bug 18956: (QA follow-up) Resolve a CGI::Param in list context warn
From the plack-error.log: CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_masterclone_opac_opac_2dpassword_2drecovery_2epl line 129, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
Mark Tompsett | e08a0afa26 |
Bug 18956: Prevent leaking during password recovery
TEST PLAN --------- It is assumed you have set the OpacResetPassword to 'allowed', and likely in combination with OpacPasswordChange to 'Allowed'. You will have two patrons: one with and another without any email address entered. You will want to test this test plan with both patrons. $ git checkout -b bug_18956 origin/master Prepend the following as understood between step sections: opac -> forgot password and then enter... correct login/cardnumber, it will email delete from borrower_password_recovery; correct email, it will email delete from borrower_password_recovery; correct login/cardnumber && correct email, it will email delete from borrower_password_recovery; wrong login/cardnumber && correct email, error page as expected delete from borrower_password_recovery; correct login/cardnumber && wrong email, error page as expected delete from borrower_password_recovery; wrong login/cardnumber && wrong email, error page as expected delete from borrower_password_recovery; submit empty -- INTERNAL SERVER ERROR?! delete from borrower_password_recovery; -- None of the above step sections displayed email. correct login/cardnumber, it will email correct login/cardnumber again, but it leaks email address! delete from borrower_password_recovery; correct email, it will email correct email again, but it leaks login/cardnumber! delete from borrower_password_recovery; $ git bz apply 18956 -- choose interactive, and choose this counter patch. repeat the same test set again -- no leaks will occur, error message pages returned should be reasonable, code should read reasonably. run koha qa test tools. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
Jonathan Druart | 3f9da34683 |
Bug 18298: Add server-side checks and refactor stuffs
Now that we have a check client-side, nothing prevents us from a smart guy to bypass it and force an invalid password. This patch adds two new subroutines to Koha::AuthUtils to check the validity of passwords and generate a password server-side. It is used only once (self-registration) but could be useful later. Moreover the 3 different cases of password rejection (too leak, too short, contains leading or trailing whitespaces) were not tested everywhere. Now they are! This patch makes things consistent everywhere and clean up some code. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
Jonathan Druart | ec4e666bc5 |
Bug 18298: minPaswordLength should not be < 3
Indeed if RequireStrongPassword is set we need at least 3 characters to match 1 upper, 1 lower and 1 digit. We could make things more complicated to allow minPasswordLength < 3 but, really, 3 is already too low... Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
David Bourgault | 078eb77451 |
Bug 19345: Add missing error flag to template
Adds a missing error flag to the template->param { } call. Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
David Kuhn | e29163af4c |
Bug 18616 - The "Add forgot password link to OPAC" should allow patrons to use their library card number in addition to username
Allow patrons to enter either their library card number or user name in the "Log in" box for password recovery. Most patrons at our library use their card number to log in and are unaware of what their userid is. However there are some who have set a customized userid and would prefer to use that. This patch would allow either to be entered for password recovery. To test: 1. Enable the password recovery feature. 2. In the OPAC, click on "Forgot you password?" link and enter a valid library card number. 3. The error message "No account found with the provided information" appears. 4. Apply the patch. 5. Repeat step 2. The recovery email is now sent. Note: Moved patch from 16711 back here and re-tested. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
Marc Véron | 3829020c26 |
Bug 16711: OPAC Password recovery: Handling if multiple accounts have the same mail address
To reproduce: - Create 3 Accounts, login names are test01, test02, test03, Email is the same for all. - Go to OPAC -> Password recovery and indicate E-Mail only - You will get an email for only one of the accounts above. To test: - Apply patch, restart memcached and plack - Go to db, delete from borrower_password_recovery; - Try steps above to reproduce. You will get an error message: Account identification with this email address only is ambiguous. Please use the field 'Login' as well. - Verify that other cases work as before (provide valid / invalid login only, provide valid email for an existing account, provide unknown email, provide both login and email with all combinations of valid / invalid) Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Bug 16711: (QA-followup) Use count directly See comment # 13 Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> |
7 years ago |
Jonathan Druart | a471ad80bb |
Bug 18025: Simplify logic and avoid 1 call to ValidateBorrowernumber
Signed-off-by: Liz Rea <liz@catalyst.net.nz> This is fine with me. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> |
7 years ago |
Liz Rea | e87dab6411 |
Bug 18025 - Expired password recovery links cause sql crash
When a user gets an email, but doesn't act or visit it within two days, attempting to create a new one causes a collision. We should just delete the old one, assuming they still want to reset their password. To test: create yourself a borrower with a userid and password. Attempt a password recovery on the OPAC update the entry in the database for that user to have an expired token e.g. update borrower_password_recovery set valid_until = '2017-01-25 03:25:26' where borrowernumber = 12; Attempt another password recovery operation - should error apply the patch Try it again - no error, new token is generated and additional email with new link is sent. Issue reproduced - is resolved by patch Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> |
7 years ago |
Jonathan Druart | afc008b2fa |
Bug 16853: Move changepassword to Koha::Patron->update_password
This patch moves the code from C4::Members::changepassword to Koha::Patron->update_password Test plan: Change your password at the OPAC and the staff interface This should work as before Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> I rebased this on top of 16849 because they were conflicting. Tests pass, code looks good (as usual) and I checked both OPAC and staff password change work as expected. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> |
8 years ago |
Jonathan Druart | 0d690ca383 |
Bug 16707: Fix software error in OPAC password recovery when leaving form fields empty
The $search_results is considered as an arrayref but is not defined if no patron matches the recovery infos. Test plan: - Set syspref OpacResetPassword to "Allow" - Go to OPAC - Click link "Forgot your password? - On the following screen "Forgotten password recovery", do not fill in form fields, click "Submit" => Without this patch you got the software error => With this patch apply, you will get "No account was found with the provided information." Sign-off on counter patch. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> |
8 years ago |
charles | db0ecc3cc5 |
Bug 15585 - Move C4::Passwordrecovery to the new namespace Koha::Patron::Password::Reset
As promised, here is the long-awaited sequel to #8753. What has changed : - The Koha::Patron::Password::Reset is now used in place of C4::Passwordrecovery - That ugly shift-grep contraption is no more (goodbye old friend) - The generated unique key won't end in a dot anymore Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com |
8 years ago |
Kyle Hall | 77e1e7c4ef |
Bug 15548 [QA Followup] - More new uses of Koha::Borrower
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com> |
8 years ago |
Marcel de Rooy | 8ec7572d0c |
Bug 8753: [QA Follow-up] Primary key and collation
This patch includes: [1] Adds primary key borrowernumber to new table. [2] Fixes collation. [3] Removes manual PK in DBIx schema file. [4] Fixes typo CompletePasswordRevovery. [5] Removes use strict from opac-password-recovery; Modern::Perl is used. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> |
8 years ago |
Liz Rea | 563688050c |
Bug 8753 - Various little things - removing new dependency, changes to errors, textual updates
Koha already has a sub that creates salts, so lets use that instead of math::Random::secure, so as not to add a new dependency. Made the references to "Forgotten password" consistent, including adding it to the title of the page. Also removed the individual error for "this email doesn't belong to this account" as that could expose the existence of a login, which I think we'd rather not do. Made some of the text more grammatically correct, and more library specific. To test: Apply on top of all of the other patches. All the usual checks, plus make sure there are no typos in any text references. Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> |
9 years ago |
Charles Farmer | 76d1509838 |
Bug 8753 - Smartmatch substitute, Math::Random::Secure, Perltidy, Passwordrecovery.t
This is a collection of changes taken from different comments (but mostly comment 21 and comment 122). Passes qa and prove, on my machine at least. There's also a new test file, Passwordrecovery.t, which covers every method of C4::Passwordrecovery. To test: All normal checks plus : 1/ Receive the email 2/ Click on the link 3/ Change the pwd 4/ Click again on the link 5/ You should immediately get an error message Problems with Math/Random/Secure.pm, is solved in following patch, signing off Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> |
9 years ago |
mxbeaulieu | 0f2aea716a |
Bug 8753 - Use Koha::Borrowers instead of C4::Members
Use the new library to search for borrowers. Changed how the $borrower variable is used since it is now a Koha::Borrower object. Removed the $protocol parameter from the generated link. It should be included in the OPACBaseURL syspref. modified: C4/Passwordrecovery.pm modified: opac/opac-password-recovery.pl Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> |
9 years ago |
Liz Rea | b99f1dcbfc |
Bug 8753 - Followup - change value text on syspref
Followup changes text from "The user can reset | can not reset their password on OPAC" to "Library users are allowed | not allowed to recover their password via e-mail in the OPAC" This change more clearly differentiates the purpose of this new preference from OpacPasswordChange. Bug 8753 - followup - update text for link to match common UI paradigms, fixes OpacPublic disabled view Also corrects OpacNav being included on the reset page on private catalogues. Updated the link for forgotten passwords to more closely match common UI paradigms, i.e. Facebook and Twitter To test: apply all patches, link should now be the less verbose "Forgot your password?" disable OpacPublic, anything in opacnav should not appear (you may need to add something to opacnav to test properly) Bug 8753 - [followup] fix the title on opac-password-recovery.tt The title stanza was missing a <title></title> around it, causing the extra text to appear. To test, apply all patches and make sure it looks ok and there is no extra text at the top or bottom of the page. Bug 8753 - [followup} Correcting spelling mistakes Make sure it all still works Bug 8753 - [followup] fix error when no information is provided To test: All normal checks plus make sure that a nice error is displayed when no data is provided. fixing the deprecated thing Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> |
9 years ago |
Maxime Beaulieu | d5abcbc8f3 |
Bug 8753 - Add forgot password link to OPAC
I've addressed a lot of Liz Rea's points. 1. I have moved the code from updatedatabase.pl and kohastructure.sql to a file in the atomicupdates directory. 1a. The feature is now off by default when the atomicupdate is run. 2. The password reset link is now visible on the home page, in the modal box and on opac-user.pl . 3. The password recovery pages now use bootstrap markup. 4. I am unsure here. I see "New Password:" and "Confirm new password:". 5. This should still work :). 6. I could not reproduce. 7. I have added the userid field. You can now reset the password by submitting either your useid or email address. Both fields can be filled, but the email address must be one of the borrower's (email, emailpro or b_email). When entering only the email address and two borrowers use that same address, the system tells the user to try with another address or to specify his userid. 8. The text is in the atomicupdate file. Have at it, anyone. Concerning the email. It is inconvenient for the use to have to wait X minutes for the message queue the be processed. Maybe we could add a sub in Letters.pm that: Takes the same argments as EnqueueLetter Sends the letter. Saves the letter in the message queue with a 'sent' status. TEST PLAN: Setup) 1) apply the patch 2) go to system preferences OPAC>>Privacy and set 'OpacResetPassword' to ON. 2b) make sure that OpacPasswordChange is also ON. A) 1) refresh front page, click on 'Forgot your password' and enter a VALID address 1b) Also try an INVALID address (valid yet not in your koha db). An error message will show up. 2) An email should be received at that address with a link. 3) Follow the link in the mail to fill the new password. Until a satisfactory new password is entered, the old password is not reset. 4) Go to main page try the new password. B) 1) Repeat the password reset, this time use the userid (username) field. 2) Try to reset the password using a userid and an email not linked to the account. An error appears. 3) Make sure the borrower has many available email addresses. 4) For each email, reset the password using both the userid and the email. The link should be sent to the specified address C) 1) Make sure two borrowers use the same email. 2) Repeat the reset procedure in test case A). An error message appears http://bugs.koha-community.org/show_bug.cgi?id=13068 Author: Maxime Beaulieu <maxime.beaulieu@inlibro.com> Followed test plan. Works as described. Signed-off-by: Marc Veron <veron@veron.ch> New sign-off after testing all patches together Signed-off-by: Marc Veron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> |
9 years ago |