Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
45248 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Tomas Cohen Arazi 6fba85d23b Bug 29924: Avoid leaking information on wrong credentials 
If the passed credentials are wrong, we shouldn't expose things like the
password is expired.

This patch takes care of that.

To test:
1. Have a known patron with password_expiration_date set so its
   password is expired. Can be done like:
   $ koha-mysql kohadev
   > UPDATE borrowers \
     SET password_expiration_date='2022-04-25' \
     WHERE borrowernumber=132;
   Note: change the borrowernumber
2. Attempt to login to the OPAC with wrong credentials
=> SUCCESS: You are rejected, with a message telling credentials are
            wrong
=> FAIL: You are told the password is expired.
3. Apply this patch and restart Plack
4. Repeat 2
=> SUCCESS: You are rejected, credentials are wrong and no mention to
            password being expired.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
acqui Bug 16258: Add a syspref to govern EDIFACT functionality 2022-04-13 15:55:38 +02:00
admin Bug 29924: Add password expiration feature 2022-05-06 10:33:09 -10:00
api Bug 29924: (QA follow-up) Remove password_expiration_date from API 2022-05-06 10:33:09 -10:00
authorities Bug 11083: Add ability to generate authority summary using XSLT 2022-04-08 15:49:15 +02:00
basket Bug 29609: Centralized code to build the link to a biblio detail page 2022-04-08 15:49:16 +02:00
bin
C4 Bug 29924: Avoid leaking information on wrong credentials 2022-05-06 10:33:09 -10:00
catalogue Bug 30291: Changes to staff client files 2022-05-05 11:17:36 -10:00
cataloguing Bug 30644: (bug 29788 follow-up) Make Koha::Item->safe_to_delete use Koha::Result::Boolean 2022-04-28 10:49:20 -10:00
circ Bug 30291: Changes to staff client files 2022-05-05 11:17:36 -10:00
clubs
course_reserves
debian Bug 29936: Add holds_get_captured option to sip config 2022-05-05 11:17:37 -10:00
docs
errors Bug 29420: HTTP status code incorrect when calling error pages directly under Plack/PSGI 2022-04-20 09:03:39 -10:00
etc Bug 29936: Add holds_get_captured option to sip config 2022-05-05 11:17:37 -10:00
ill
installer Bug 29924: (follow-up) Add bug number to atomicupdate; Style OPAC message 2022-05-06 10:33:09 -10:00
Koha Bug 29924: (QA follow-up) Remove password_expiration_date from API 2022-05-06 10:33:09 -10:00
koha-tmpl Bug 29924: Avoid leaking information on wrong credentials 2022-05-06 10:33:09 -10:00
labels Bug 29821: Add interface for generating barcodes using svc/barcode 2022-04-08 15:49:17 +02:00
lib/CGI/Session/Serialize
members Bug 30291: Changes to staff client files 2022-05-05 11:17:36 -10:00
misc Bug 30354: Don't assign warn as letter 2022-05-05 11:17:37 -10:00
offline_circ Bug 30525: Items batch modification broken 2022-04-21 13:41:36 -10:00
opac Bug 30291: Changes to OPAC files 2022-05-05 11:17:36 -10:00
patron_lists
patroncards Bug 24001: Fix patron card template edition 2022-04-28 10:49:20 -10:00
plugins Bug 29787: Add plugin version to plugin search results 2022-04-08 15:49:15 +02:00
pos
recalls Bug 30291: Changes to staff client files 2022-05-05 11:17:36 -10:00
reports Bug 30532: (bug 29957 follow-up) Fix '$cookie->value' 2022-04-21 13:41:36 -10:00
reserve Bug 29346: (QA follow-up) Rebuild queue when adjusting priorities of holds 2022-05-05 11:17:36 -10:00
reviews
rotating_collections
serials Bug 29609: Centralized code to build the link to a biblio detail page 2022-04-08 15:49:16 +02:00
services
skel
suggestion Bug 30055: Use /api/v1/suggestions/managers to list managers or suggestions 2022-04-04 09:46:57 +02:00
svc Bug 30167: (follow-up) Return a hash with soonest_renew_date 2022-05-04 14:29:23 -10:00
t Bug 29924: Add tests for API Basic auth behavior 2022-05-06 10:33:09 -10:00
tags
tmp/modified_authorities
tools Bug 22785: Allow option to choose which record match is applied during import 2022-05-03 11:19:50 -10:00
virtualshelves Bug 26346: Add option to make public lists editable by all staff 2022-04-12 17:13:02 +02:00
xt
.editorconfig
.eslintrc.json
.gitignore
.htaccess
.mailmap
.perlcriticrc
.proverc.dist
.scss-lint.yml
about.pl Bug 28998: (follow-up) Add warning on about for missing key 2022-05-04 05:18:31 -10:00
app.psgi
changelanguage.pl
cpanfile Bug 28998: Add Crypt::CBC dependency 2022-05-04 05:18:31 -10:00
fix-perl-path.PL
gulpfile.js Bug 30373: Enable translation of UNIMARC frameworks 2022-04-21 13:41:35 -10:00
help.pl
INSTALL
Koha.pm Bug 30563: DBRev 21.12.00.049 2022-05-06 10:33:09 -10:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl
Makefile.PL
MANIFEST.SKIP
package.json
README
README.md
README.robots
rewrite-config.PL
yarn.lock

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo