This adds a new syspref: AllowPKIAuth. It can have one of three states:
* None
* Common Name
* emailAddress
If a) this is set to something that's not "None", and b) the webserver
is passing SSL client cert details on to Koha, then the relevant field
in the user's certificate will be matched up against the field in the
database and they will be automatically logged in. This is used as a
secure form of single sign-on in some organisations.
The "Common Name" field is matched up against the userid, while
"emailAddress" is matched against the primary email.
This is an example of what might go in the Apache configuration for the
virtual host:
#SSLVerifyClient require # only allow PKI authentication
SSLVerifyClient optional
SSLVerifyDepth 2
SSLCACertificateFile /etc/apache2/ssl/test/ca.crt
SSLOptions +StdEnvVars
The last line ensures that the required details are
passed to Koha.
To test the PKI authentication, use the following curl command:
curl -k --cert client.crt --key client.key https://URL/
(look through the output to find the "Welcome," line to indicate that a user
has been authenticated or the "Log in to Your Account" to indicate that a
user has not been authenticated)
To create the certificates needed for the above command, the following series
of commands will work:
# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# This is the ca.crt file that the Apache config needs to know about,
# so put the file at /etc/apache2/ssl/test/ca.crt
# Create the Server Key, CSR, and Certificate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
# We're self signing our own server cert here. This is a no-no in
# production.
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key \
-set_serial 01 -out server.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert. Unlike signing our own
# server cert, this is what we want to do.
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key \
-set_serial 02 -out client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
# In theory we can install this client.p12 file in Firefox or Chrome, but
# the exact steps for doing so are unclear, and outside the scope of this
# patch
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Tested with Common Name and E-mail authentication, as well as with PKI
authentication disabled. Regular logins continue to work in all cases when
SSL authentication is set to optional on the server.
Signed-off-by: Ian Walls <koha.sekjal@gmail.com>
QA comment: synchronized updatedatabase.pl version of syspref with sysprefs.sql
version, to avoid divergent databases between new and upgrading users.
Adds a new system preference RoutingListNote under the Serials tab.
The note will display above the note from the subscription and replace
the current hardcoded note:
"Notes: Please return this item promptly as others are waiting for it."
The patch adds unique ids to all notes and the note in general, so it
can be styled using CSS.
Also corrects the routing slip template to follow the HTML4 rule.
Update 2012-03-12: Fixed problem in updatedatebase.
- system preference RoutingSerials and user permission routing
should be taken into account
- print routing list should be independent from routing permission
To test, compare to master and check:
1) If system preference RoutingSerials is OFF, routing list functionality is
not visible in the templates.
2) If system preference RoutingSerials is ON, but user doesn't have routing
permission, routing list functionality is not visible in templates,
with exception of 'print list' on the serial collection page.
3) If system preference RoutingSerials is ON and user has routing permissions,
all routing links are visible (serial collection, serials navigation,
result list of serial search)
Additional changes:
Changed labels on templates to match HTML4 rule from coding guidelines.
http://wiki.koha-community.org/wiki/Coding_Guidelines#Upper_and_Lower_cases_in_strings
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Corrects templates to use permission receive_serials.
Before patch:
1) Serial receive page (/cgi-bin/koha/serials/serials-edit.pl...)
can only be accessed with full serials permissions.
When one permission is missing, page can not be accessed.
2) Serial collection/Issue History page (/cgi-bin/koha/serials/serials-collection.pl...)
can only be accessed with full serials permissions.
After applying patch:
1) Serial receive page can only be accessed when user has receive_serials
permission.
2) Edit and serial receive links are hidden, when user doesn't have
serials_receive permission. Page is accessible with at least 1 serials
permission.
I will send a another patch to correct behaviour for the routing permission.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch adds a C4::Search to subscription-detail.pl to compensate for a removed
one from auth.pm during the denesting effort.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Bug 7546 Do not call routine as bareword
Fixes compilation errors due to calling routine without parens
Also nothing was gained (and obfuscation added) by forcing
the return into a hash ref have changed variable to hash
tidied up the if else chain
These routines should be refactored out future
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
bug 7546 follow-up, enabled_staff_search_views problem
* enabled_staff_search_views was not exported by C4::Search, should have been
* serials/serials-edit.pl were also missing it
Comments:
* checked with for file in */*.pl; do perl -wc $file; done that no script was still having this problem
Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Final sign off for all 3 patches
Note: I had some problems with tests, but it is probably related to my data and not this patch.
getroutinglist returns a count variable to indicate how many elements
are in the array. This is almost always a serious code smell. (We are
programming in a list manipulating language) The routine was executing
am unnecessary loop just to maintain that var.
Removed the variable from the routine and perldoc
refactored calls of the routine removed the c-style loops for
more idiomatic and maintainable for loops
renamed some opaquely named variables
removed a call to the routine where nothing was done with the data
moved some html out of the calling script and into the template
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
To be tested together with
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6690
1) Create a subscription for a title
- check the link 'Show any subscription...' doesn't show now
- check the serials collection page works correctly and shows all
necessary information
2) Create a second subscription for the same title
- check a new link 'Show any subscription...' shows up now
- use links in the issue table to change between viewing the single subscription
and the overview page
- check it works correctly and all information shows up
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
It works. With this patch, on Serials Collection page, the link, 'See any
subscription attached to this biblio' appears only when there are more than one
subscription attached to the biblio record.
Don't display link to the serial, when the collection page displays just
one subscription. Display it when several subscriptions. Alway display a
link for displaying biblio record other subscriptions.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Patch works nicely, but always shows link to 'any subscriptions'.
I did a follow-up so the link would only show if there was more
than 1 subscription for the record.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Corrects a problem when an UTF-8 character is used in the serial
numbering formula. The encoding became incorrect when concatenating the
number in the subscriptionhistory table.
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
To reproduce:
- Create subscription with numbering pattern N° {X}
- Receive 2 or more issues
- Check subscription summary page and manual history fields on the edit screen
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
To test:
- add a new subscription, choose 'create items on receive'
- receive some issues and create items > should work ok
- create a supplement, alone or at the same time as receiving a normal issue
- check if item was created and attached to the biblio record
Without patch this should give you an error message. Although supplement will be created,
no item will be added to the bibliogrpahic record.
With patch applied there should be no error message and the item should be created
and attached to the proper record.
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This seems to fix the problem with editing existing subscriptions. Please test.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Do not misleadingly document or pass an unused second parameter
makes all calls use the single parameter call as the C4
routines already did
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
As subscription info was passed as a scalar hashref
template could not access any of the data contained therein
esp Bib and Vendor ids
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Merge unfao changes to C4::Bookseller
Enable warnings in Bookseller.pm
Some cleanups in Bookseller code
Do not export everything by default
Display vendors more rationally
Was displaying by id make it name as the searchstring is for all
embedded substrings
Have removed "if mysql" logic as we want to deal with this by
abstracting the DB interaction and it makes cleaner code until then
Sponsered by UN FAO, Rome
Signed-off-by: Nicole C. Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Don't display junk in empty fields
Don't generate errors
Merged some changes to make variable names moremeaningful in loops ( within loops)
Thanks to M De Rooy for spotting a couple of issues in the original patch
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Changes the template variable checked in serials-menu.inc for determining where to
show 'Create Routing List' or 'Edit Routing List' to hasRouting.
Also adds the $hasRouting variable to serials/routing.pl and serials/routing-preview.pl,
for completeness.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
HasSubscriptionExpired is not a boolean return it may also
return that a valid subscription enddate is not set
This should not block receipting of issues
Signed-off-by: Nicole Engard <nengard@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Wrong parameter was being passed to GetLateOrMissingIssues
causing incorrect display of count
Remove superfluous loop creating array we dont use
No need to sort a sorted array
waiting issues which where planned for an old date were not "claimable"
This also fixes a bug from commit
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
As a consequence of previous MT3667 patch, the subscriptionid list was processed.
And unfortunately, since array order is the only relevant information from HTML processing,
it caused subscriptionid to be null for a double edition.
This patch only uses uniq for serials-collection and when passing information to serials-collection page.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
The same subscription would be displayed multiple times when coming from serials-edit.
This patch fixes that problem
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
No subscription id was set
Also entered a default arrived date on the supplement
And removed errors due to bad dates returned from GetSerials
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
- Adds location dropdown to subscription edit form
- Pulls authorised value for display on subscription detail page
- Adds function for pulling authorised value description based
on category and value
This patch does NOT implement automatic preselection of the shelving
location form field on the serial add item screen. This must be
worked out in order for the bug to be closed.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Two duplicate calls to GetSerials appear to have been merged in
to no purpose other than to generate warnings
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
The value of the letter variable was not being correctly passed
to the edit template instead it was reset to none
Also compressed some verbage from letter_loop generation
(if you want a scalar use one)
removed an unused $count variable (?!)
and put a couple of lone )s back on the line they came from
Resend to remove wrong utf-9 header.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
The only serials routine without warnings enabled was a
script with the least code to generate them
removed the numerous Module use declarations that were not
required
aligned the parameters for a more aesthetically pleasing effect
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
When a serial status is changed to "Arrived" or "Claimed", the "Expected on"
date is changed to the current date.
A bit of rewriting to get it to apply on master - chris@bigballowax.co.nz
Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
While the idea of showing the number of late serials against the
vendor name was nice it does not scale and on large sites selecting claims
was just timing out. Improved the speed of the initial query but have removed
the big query for each user just to get a count.
Check for 0000-00-00 dates so that C4::Dates does not log error
Removed a variable that was never set and the bit of template used
if the impossible happened
Removed some useless counts from serials-edit / Serials interfaces
Removed old commented out code. Unrequired variables
Reformatted some code so that improving logic can be done
more easily
Also cleaned the interface to the claims related functions
in C4::Serials so they do not return an extra count variable
moved generation of dropdown to template instead of inline code
