Koha/members/member-password.pl
Magnus Enger c98c1994ea
Bug 22706: Add plugin hooks for Norwegian national patron database
The main point of this patch is to make it possible to integrate Koha
with the Norwegian national patron database (NNPDB). Code for this was
earlier introduced in Bug 11401 and removed again in Bug 21068.

To test this is mainly a question of spotting regressions, it should
still be possible to set and change a password in all possible ways:
- Setting a password for a new user
- Changing a password in the staff client
- Changing a password in the OPAC
If these work as expected, everything should be OK.

A nice side effect of this work is that it will allow for plugins that
validate passwords. I have created a tiny plugin that enforces PIN
codes of 4 digits. (Yeah, I know, those are the worst passwords, but
some libraries do require them.) It is published here:
https://github.com/Libriotech/koha-plugin-pin
To test this way, install the plugin and try to change the password
of an exsisting user to something that is not a 4 digit PIN. You
should get an error that says "The password was rejected by a plugin".

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>

Updated 2019-10-23:
- Moved the plugin checks to before the call to $self->SUPER::store to
  make sure patrons are not saved if the password fails a plugin check
- Made the plugin checks in set_password respect skip_validation while
  retaining the functionality for NNPDB

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-10-29 12:19:49 +00:00

116 lines
3.6 KiB
Perl
Executable file

#!/usr/bin/perl
#script to set the password, and optionally a userid, for a borrower
#written 2/5/00
#by chris@katipo.co.nz
#converted to using templates 3/16/03 by mwhansen@hmc.edu
use Modern::Perl;
use C4::Auth;
use Koha::AuthUtils;
use C4::Output;
use C4::Context;
use C4::Members;
use C4::Circulation;
use CGI qw ( -utf8 );
use Koha::AuthUtils;
use Koha::Token;
use Koha::Patrons;
use Koha::Patron::Categories;
use Try::Tiny;
my $input = new CGI;
my $theme = $input->param('theme') || "default";
# only used if allowthemeoverride is set
my ( $template, $loggedinuser, $cookie, $staffflags ) = get_template_and_user(
{
template_name => "members/member-password.tt",
query => $input,
type => "intranet",
authnotrequired => 0,
flagsrequired => { borrowers => 'edit_borrowers' },
debug => 1,
}
);
my $patron_id = $input->param('member');
my $destination = $input->param('destination');
my $newpassword = $input->param('newpassword');
my $newpassword2 = $input->param('newpassword2');
my $new_user_id = $input->param('newuserid');
my @errors;
my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
my $patron = Koha::Patrons->find( $patron_id );
output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
my $category_type = $patron->category->category_type;
if ( ( $patron_id ne $loggedinuser ) && ( $category_type eq 'S' ) ) {
push( @errors, 'NOPERMISSION' )
unless ( $staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} );
# need superlibrarian for koha-conf.xml fakeuser.
}
push( @errors, 'NOMATCH' ) if ( ( $newpassword && $newpassword2 ) && ( $newpassword ne $newpassword2 ) );
if ( $newpassword and not @errors) {
output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
try {
$patron->set_password({ password => $newpassword });
$patron->userid($new_user_id)->store
if $new_user_id and $new_user_id ne $patron->userid;
$template->param( newpassword => $newpassword );
if ( $destination eq 'circ' ) {
print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=" . $patron->cardnumber);
}
else {
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$patron_id");
}
}
catch {
if ( $_->isa('Koha::Exceptions::Password::TooShort') ) {
push @errors, 'ERROR_password_too_short';
}
elsif ( $_->isa('Koha::Exceptions::Password::WhitespaceCharacters') ) {
push @errors, 'ERROR_password_has_whitespaces';
}
elsif ( $_->isa('Koha::Exceptions::Password::TooWeak') ) {
push @errors, 'ERROR_password_too_weak';
}
elsif ( $_->isa('Koha::Exceptions::Password::Plugin') ) {
push @errors, 'ERROR_from_plugin';
}
else {
push( @errors, 'BADUSERID' );
}
};
}
$template->param(
patron => $patron,
destination => $destination,
csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }),
);
if ( scalar(@errors) ) {
$template->param( errormsg => 1 );
foreach my $error (@errors) {
$template->param($error) || $template->param( $error => 1 );
}
}
output_html_with_http_headers $input, $cookie, $template->output;