This patch set attempts to replace all the <i> tags with <em> and all
the <b> tags with <strong> in the staff interface.
I attempted to get all the templates, includes, and xslt files.
To test:
1. Review the changes as best as possible, looking for mistakes.
2. grep for <i> and <b> in the modules, includes, and xslt folders. You should get nothing/
3. If you grep '<\/i>' you should only see instances of Font Awesome.
4. If you grep '<\/b>' you should only see instances where caret is used.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category
To test:
1. koha-shell kohadev
2. koha-mysql kohadev
3. drop database koha_kohadev;
4. create database koha_kohadev;
5. go to admin page and start webinstaller. There continue the steps until onboarding.
6. reach step 3 of onboarding and create a new administrator patron
CHECH => Password control woks as normal (Minimum length 3 and strong required)
7. finish Koha installation and enter admin with your new administrator
8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require”
9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password
10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2)
CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password.
CHECK => Try changing patron category before saving. Password requirements will change with category change.
11. Edit CAT1 and set minimum password length to 5
12. Go to patron1 details page, and change password.
CHECH => Now password minimum length is 5, but still it doesn’t require strong password
13. Edit CAT1, leave blank minimum password length and set require strong password to yes.
14. Go to patron1 details page, and change password.
CHECH => Password minimum length is back to 3, but now strong password is required
15. Set minimum password length in CAT2 to 12.
16. Go to patron2 details page, and click to fill a random generated password
CHECK => generated password should be 12 characters length
17. Set PatronSelfRegistration to Allow in admin settings
18. Go to OPAC and fill self registration from.
CHECK => Play with patron category. For each change in category, password requirements are modified.
CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input.
19. Create a patron for CAT1 and another for CAT2, leaving password blank
CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12
20. In admin set PatronSelfRegistrationVerifyByEmail to require
21. Fill self registration form again with CAT2 as category
CHECK => Password requirements works as previous case.
22. Leave password blank and click submit
23. select * from message_queue;
24. Copy the link in the message and paste it in OPAC
CHECH => Generated password is 12 characters long. (Copy user id for next steps)
25. In admin set OpacResetPassword to Allow
26. Go back to OPAC, reload and click on “Forgot password?” link
27. Paste user id and click submit
28. Repeat steps 23 and 24
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in warning.
29. Login OPAC with the last user and your newly created password
30. Go to “Change your password” option
CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.”
CHECK => enter an invalid password and you’ll get the same message in below “New password” input.
31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t
32. Sign off
Sponsored-by: Northeast Kansas Library - NEKLS
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Highlight text with red by adding “required” class to the label and added red
“Required” text next to select field in "onboardingstep5.tt" template.
To test:
1) Start new installation. During onboarding tool phase you will be
requested to create a new circulation rule.
2) Observe that "Units" label has no "required" class and that
there’s no “Required” text next to a select field.
3) Apply patch.
4) Repeat step 2 (you can reload circulation rule creation page).
5) Observe the error is gone.
Mentored-by: Peter Vashchuk <stalkernoid@gmail.com>
Mentored-by: Andrew Nugged <nugged@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Added "required" class to "itemtype" label in "onboardingstep5.tt"
template.
To test:
1) Start new instalation. During onboarding tool phase you will be
requested to create a new circulation rule.
2) Observe that "itemtype" label has no "required" class.
3) Apply patch.
4) Repeat step 2 (you can reload circulation rule creation page).
5) Observe the error is gone.
Mentored-by: Peter Vashchuk <stalkernoid@gmail.com>
Mentored-by: Andrew Nugged <nugged@gmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
This patch adds the following fields to the circ rule step in the
onboarding tool:
- holds allowed (total)
- holds allowed (daily)
- holds per record (count)
To test:
1) Apply patch, drop and recreate database, restart memcached and refresh page
2) Go through the installer and get to the final step of the onboarding
tool
3) Confirm the above fields are now available to set in your circulation
rule
4) Save and log in to Koha
5) Go to Admin -> Circ and fines rules
6) Confirm the fields saved correctly
Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Test plan:
Use installer and onboaarding tool, make sure the js and css files are
loaded
Signed-off-by: Hayley Mapley <hayleymapley@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
This patch updates the installer and onboarding templates so that
JavaScript is included in the footer instead of the header. A new
include file is added, installer-intranet-bottom.inc, so that only
required JS is being loaded.
Some markup changes are included to improve validity.
To test, apply the patch and start with a blank Koha database. Run
through the installer and onboarding processes and confirm that there
are no problems. Check especially JS-related interactions like
datepickers and fields which are validated via JS, like the password
inputs.
NOTE: The qa tool will flag this patch for not using the Asset plugin,
but it doesn't work correctly for installer files.
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Here we go, next step then.
As we did not fix the performance issue when autofiltering
the variables (see bug 20975), the only solution we have is to add the
filters explicitely.
This patch has been autogenerated (using add_html_filters.pl, see next
pathces) and add the html filter to all the variables displayed in the
template.
Exceptions are made (using the new 'raw' TT filter) to the variable we
already listed in the previous versions of this patch.
To test:
- Use t/db_dependent/Koha/Patrons.t to populate your DB with autogenerated
data which contain <script> tags
- Remove them from borrower_debarments.comments (there are allowed here)
update borrower_debarments set comment="html tags possible here";
- From the interface hit page and try to catch alert box.
If you find one it means you find a possible XSS.
To know where it comes from:
* note the exact URL where you found it
* note the alert box content
* Dump your DB and search for the string in the dump to identify its
location (for instance table.field)
Next:
* Ideally we would like to use the raw filter when it is not necessary
to HTML escape the variables (in big loop for instance)
* Provide a QA script to catch missing filters (we want html, uri, url
or raw, certainly others that I am forgetting now)
* Replace the html filters with uri when needed (!)
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
I changed the "To give new patron superlibrarian permissions go to:"
message to "To edit patron permissions, go to:". Please clarify if this
is clearer or not.
Test plan:
1) Apply patch
2) Go through the web installer
3) At the create koha administrator patron step, notice that at the
bottom, there is a message saying "To edit patron permissions, go
to:"
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
New patch without trailing IF construction in tt directives as
requested in comment #28
To test: Verify that translation tool no longer shows tt directives as
described in comment #1
New patch, needs SO.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The file onboardingstep2.tt exposes the following to translations:
"[%% IF (categories && categories.count > 1 ) # This if statement checks if "
"the categories variable handed to this template # by onboarding.pl has data "
"in it. If the categories variable does have data # in it this means that the "
"user has previously imported sample patron category # data and so we do not "
"need to show them the create patron category screen 1, #instead we can "
"display a screen with ubtton redirecting the user to step 3 %%] "
Translators should not be confronted with such internals. This patch removes it
To test:
- Verify that code change makes sense
- Run QA tools
- Bonus test: Create a new "language" aa-AA and verify that the lines above
are no longer exposed.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes changes following QA comments:
- Login error messages now have a style
- Select all/Select none links should now be translatable
- Date format hint now correctly detects date format preference
- Unused JS is removed from onboarding.js
This patch also modifies the 'category_code_check' validation method to
allow numbers as well as letters.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
It it no longer in used by the templates.
Also add the include files for step5 (if the circ rule is not inserted)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch makes style and markup changes to the web installer and new
onboarding tool (Bug 17855).
- Markup has been corrected, improved, and in many places reindented.
- Some page titles have been made more specific.
- Some JavaScript and CSS have been moved to separate files.
In the onboarding tool I have removed form validation from the markup
and JavaScript in many cases where the requirements were not matched
elsewhere in Koha. For instance, we shouldn't limit item type
descriptions to only letters because the database doesn't require such a
limit.
To test, apply the patch and run the web installer with an empty
database. Confirm that the installation process completes correctly and
that each page looks good and works correctly.
Works as advertised
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
This patch should not modify a lot the behaviours of the onboarding
tool.
Its goal is mainly to remove duplicated as well as useless (because
copy/pasted from existing script files) code.
It assumes that the onboarding tool will be done on an empty database
and will skip steps that are not needed. For instance if a library
already exists, the first step will be skipped.
One of the main problem was the lack of feedback messages sent to the
user when something wrong/ok happened.
Explanation on main changes:
1. Use checkauth first, then get_template_and_user
=> As we do not know the template to use, it's better to use checkauth
first to know if the user is logged in, then retrieve the template we
need, depending on the success or the failure of the action
2. Create a @messages variables
Pushing messages to this variable and handling the messages via an
include files (onboarding_messages.inc) simplify error handling. Note
that we could remove this include file if we merge all the
onboardingstepX.tt files altogether
3. Simplify creation of the admnistrator user
This patch removes some unecessary checks done on the user's info
(passwd to short, mandatory fields
Todo (minor): Add style to feedback messages
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Tested 3 patches together on current master
- Dropped database
- Recreated database
- Went through installer
- Language en, Marc21
- Installed mandatory data only
- Went through Onboarding tool
- After finishing, logged in as superlibrarian
that was created by onboarding tool
Everything worked fine.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>