Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
52122 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Kyle M Hall c1b94fc011
Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 
Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.

Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
   Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
   and password being the password you set for that patron
   http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-02-02 17:31:46 +01:00
acqui Bug 30070: Update edifactmsgs to use the API 2024-01-17 11:38:53 +01:00
admin Bug 35460: Fix add and edit of hold rules in circulation rules table 2023-12-11 19:41:26 +01:00
api Bug 35368: Add public to "Add a new checkout" in API documentation 2024-01-30 17:48:40 +01:00
authorities Bug 33406: (QA follow-up) Adjust tests and tidy 2023-09-15 15:50:43 -03:00
basket Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
bin
bookings Bug 35574: Bookings tab from biblio details should only require manage_bookings permission 2023-12-18 15:21:04 +01:00
C4 Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron 2024-02-02 17:31:46 +01:00
catalogue Bug 34913: Adjust item search 2024-01-26 15:13:44 +01:00
cataloguing Bug 35774: Use itemnumber instead of biblioitemnumber 2024-01-29 12:25:06 +01:00
circ Bug 25835: Include overdues with fines in overdues_report permission 2024-01-11 15:44:45 +01:00
clubs Bug 25079: Show club enrollment question answers in staff client 2023-06-23 11:00:54 -03:00
course_reserves Bug 20256: Use new methods 2023-02-02 11:59:26 -03:00
debian Bug 30627: Verify --days parameter and use find command to select old backups for deletion 2024-01-26 15:13:49 +01:00
docs Bug 35504: Split list of ERM Topic experts 2024-01-11 15:44:51 +01:00
erm Bug 32922: Remove space in shebang 2023-02-20 09:44:06 -03:00
errors
etc Bug 35086: (follow-up) Use 5000 as example in conf file 2024-01-16 12:06:02 +01:00
ill Bug 34282: Fix availability check in ILL batches 2024-01-31 14:44:39 +01:00
installer Bug 30230: (follow-up) Update missing descriptions 2024-01-29 12:25:12 +01:00
Koha Bug 35744: Implement +strings for GET /patrons/:patron_id 2024-01-29 12:24:59 +01:00
koha-tmpl Bug 35506: Move the checkouts table load delay logic out of document ready 2024-02-01 14:11:00 +01:00
labels Bug 10762: (QA follow-up) Perltidy 2023-10-25 10:35:31 -03:00
lib/CGI/Session/Serialize
members Bug 30230: Add new 'list_borrowers' permission 2024-01-29 12:25:08 +01:00
misc Bug 35479: (QA follow-up): Tidy 2024-01-31 14:44:41 +01:00
offline_circ Bug 34529: Offline circulation should be able to accept userid as well as cardnumber 2023-11-06 11:34:44 -03:00
opac Bug 35445: Require OPAC user to confirm self-registration with button push 2024-01-29 12:25:04 +01:00
patron_lists Bug 34977: (QA follow-up) Tidy code 2023-11-08 11:41:33 -03:00
patroncards
plugins Bug 25672: Fix double output_html_with_http_headers 2023-10-31 11:02:45 -03:00
pos Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
preservation Bug 34030: Add a "print slips" action links to print in batch 2023-10-23 11:33:55 -03:00
recalls Bug 34013: Recalls awaiting pickup doesn't show count on each tab 2023-06-23 10:01:04 -03:00
reports Bug 34456: (QA follow-up) perltidy code 2023-11-01 17:23:18 -03:00
reserve Bug 34519: Add a template plugin for fetch searchable patron attributes 2023-11-08 17:52:37 -03:00
reviews
rotating_collections
serials Bug 28012: Use definedness test instead of bool when checking whether to null fields 2023-12-27 19:06:06 +01:00
services
skel
suggestion Bug 35276: Remove authentication params from suggestion hash 2023-11-14 10:32:38 -03:00
svc Bug 34913: Adjust C4::Utils::DataTables::VirtualShelves 2024-01-26 15:13:42 +01:00
t Bug 34893: Add unit tests 2024-02-02 17:31:46 +01:00
tags
tools Bug 35817: Fix hint on patron's category when batch update patron 2024-01-26 15:13:58 +01:00
virtualshelves Bug 35547: Show public "staff only" lists in addbybiblionumber.pl 2023-12-27 19:06:03 +01:00
xt Bug 34911: Test files from HEAD instead of 'master' 2023-10-04 09:15:35 -04:00
.editorconfig
.eslintrc.json
.gitignore Bug 35174: Add misc/translator/po to .gitignore 2023-11-16 08:56:36 +01:00
.htaccess
.mailmap 23.11.00: Update mailmap 2023-11-30 14:58:47 -03:00
.perlcriticrc
.perltidyrc Bug 30002: Adjust perltidy 2023-06-08 08:32:42 -03:00
.proverc.dist
.stylelintrc.json
about.pl Bug 35504: Distinguish different RMaint and Topic Expert roles 2024-01-11 15:44:52 +01:00
app.psgi
build-resources.PL Bug 32609: Use the current yarn.lock to generate node_modules 2023-02-10 11:07:57 -03:00
changelanguage.pl
cpanfile Bug 34064: Add SQL::Translator dependency to cpanfile 2023-10-10 10:54:04 -03:00
cypress.config.ts Bug 34319: Upgrade cypress 9.7.0 to 12.17.2 2023-09-05 11:52:25 -03:00
fix-perl-path.PL
gulpfile.js Bug 35428: Remove temporary files for gulp po tasks 2023-12-12 15:04:54 +01:00
help.pl
INSTALL
Koha.pm Bug 30230: DBRev 23.12.00.006 2024-01-29 12:25:11 +01:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 35019: Add a CSRF token when deleting news 2023-10-20 17:22:02 -03:00
Makefile.PL Bug 35759: (bug 30708 follow-up) Generated dist file not installed for preservation module 2024-01-16 12:06:17 +01:00
MANIFEST.SKIP
package.json Bug 34319: Upgrade cypress 9.7.0 to 12.17.2 2023-09-05 11:52:25 -03:00
README
README.md
README.robots
rewrite-config.PL
tsconfig.json Bug 32030: Move cypress to t - fix build_js/watch_js 2022-11-08 09:44:52 -03:00
webpack.config.js Bug 30708: Vue app 2023-10-18 15:41:40 -03:00
yarn.lock Bug 34319: Update yarn.lock 2023-09-05 11:52:25 -03:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo