c98c1994ea
The main point of this patch is to make it possible to integrate Koha with the Norwegian national patron database (NNPDB). Code for this was earlier introduced in Bug 11401 and removed again in Bug 21068. To test this is mainly a question of spotting regressions, it should still be possible to set and change a password in all possible ways: - Setting a password for a new user - Changing a password in the staff client - Changing a password in the OPAC If these work as expected, everything should be OK. A nice side effect of this work is that it will allow for plugins that validate passwords. I have created a tiny plugin that enforces PIN codes of 4 digits. (Yeah, I know, those are the worst passwords, but some libraries do require them.) It is published here: https://github.com/Libriotech/koha-plugin-pin To test this way, install the plugin and try to change the password of an exsisting user to something that is not a 4 digit PIN. You should get an error that says "The password was rejected by a plugin". Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com> Updated 2019-10-23: - Moved the plugin checks to before the call to $self->SUPER::store to make sure patrons are not saved if the password fails a plugin check - Made the plugin checks in set_password respect skip_validation while retaining the functionality for NNPDB Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
116 lines
3.6 KiB
Perl
Executable file
116 lines
3.6 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
#script to set the password, and optionally a userid, for a borrower
|
|
#written 2/5/00
|
|
#by chris@katipo.co.nz
|
|
#converted to using templates 3/16/03 by mwhansen@hmc.edu
|
|
|
|
use Modern::Perl;
|
|
|
|
use C4::Auth;
|
|
use Koha::AuthUtils;
|
|
use C4::Output;
|
|
use C4::Context;
|
|
use C4::Members;
|
|
use C4::Circulation;
|
|
use CGI qw ( -utf8 );
|
|
use Koha::AuthUtils;
|
|
use Koha::Token;
|
|
|
|
use Koha::Patrons;
|
|
use Koha::Patron::Categories;
|
|
|
|
use Try::Tiny;
|
|
|
|
my $input = new CGI;
|
|
|
|
my $theme = $input->param('theme') || "default";
|
|
|
|
# only used if allowthemeoverride is set
|
|
|
|
my ( $template, $loggedinuser, $cookie, $staffflags ) = get_template_and_user(
|
|
{
|
|
template_name => "members/member-password.tt",
|
|
query => $input,
|
|
type => "intranet",
|
|
authnotrequired => 0,
|
|
flagsrequired => { borrowers => 'edit_borrowers' },
|
|
debug => 1,
|
|
}
|
|
);
|
|
|
|
my $patron_id = $input->param('member');
|
|
my $destination = $input->param('destination');
|
|
my $newpassword = $input->param('newpassword');
|
|
my $newpassword2 = $input->param('newpassword2');
|
|
my $new_user_id = $input->param('newuserid');
|
|
|
|
my @errors;
|
|
|
|
my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
|
|
my $patron = Koha::Patrons->find( $patron_id );
|
|
output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
|
|
|
|
my $category_type = $patron->category->category_type;
|
|
|
|
if ( ( $patron_id ne $loggedinuser ) && ( $category_type eq 'S' ) ) {
|
|
push( @errors, 'NOPERMISSION' )
|
|
unless ( $staffflags->{'superlibrarian'} || $staffflags->{'staffaccess'} );
|
|
|
|
# need superlibrarian for koha-conf.xml fakeuser.
|
|
}
|
|
|
|
push( @errors, 'NOMATCH' ) if ( ( $newpassword && $newpassword2 ) && ( $newpassword ne $newpassword2 ) );
|
|
|
|
if ( $newpassword and not @errors) {
|
|
|
|
output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
|
|
unless Koha::Token->new->check_csrf({
|
|
session_id => scalar $input->cookie('CGISESSID'),
|
|
token => scalar $input->param('csrf_token'),
|
|
});
|
|
|
|
try {
|
|
$patron->set_password({ password => $newpassword });
|
|
$patron->userid($new_user_id)->store
|
|
if $new_user_id and $new_user_id ne $patron->userid;
|
|
$template->param( newpassword => $newpassword );
|
|
if ( $destination eq 'circ' ) {
|
|
print $input->redirect("/cgi-bin/koha/circ/circulation.pl?findborrower=" . $patron->cardnumber);
|
|
}
|
|
else {
|
|
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$patron_id");
|
|
}
|
|
}
|
|
catch {
|
|
if ( $_->isa('Koha::Exceptions::Password::TooShort') ) {
|
|
push @errors, 'ERROR_password_too_short';
|
|
}
|
|
elsif ( $_->isa('Koha::Exceptions::Password::WhitespaceCharacters') ) {
|
|
push @errors, 'ERROR_password_has_whitespaces';
|
|
}
|
|
elsif ( $_->isa('Koha::Exceptions::Password::TooWeak') ) {
|
|
push @errors, 'ERROR_password_too_weak';
|
|
}
|
|
elsif ( $_->isa('Koha::Exceptions::Password::Plugin') ) {
|
|
push @errors, 'ERROR_from_plugin';
|
|
}
|
|
else {
|
|
push( @errors, 'BADUSERID' );
|
|
}
|
|
};
|
|
}
|
|
|
|
$template->param(
|
|
patron => $patron,
|
|
destination => $destination,
|
|
csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }),
|
|
);
|
|
|
|
if ( scalar(@errors) ) {
|
|
$template->param( errormsg => 1 );
|
|
foreach my $error (@errors) {
|
|
$template->param($error) || $template->param( $error => 1 );
|
|
}
|
|
}
|
|
|
|
output_html_with_http_headers $input, $cookie, $template->output;
|