Koha/members/notices.pl
Björn Nylén 043017af13
Bug 31739: Password recovery from staff fails if previous expired reset-entry exists.
SendPasswordRecoveryEmail relies on the calling script to tell if there is an
existing valid recovery already. If there's an expired recovery-entry the
members/notices.pl script will try to create a new entry resulting in a duplicate
key error.

This patch fixes the bug by removing the need for the calling script to do the check as
since SendPasswordRecoveryEmail does the same thing anyway.
SendPasswordRecoveryEmail will now use DBIx ->update_or_create instead of looking at
the $update param to determine if it should update an existing entry or create a new.

The update param is removed from all calling scripts and test are updated.

To test:
1. Generate a password recovery mail for a patron
2. Let it expire.
3. Generate a new password recovery from staff to the same patron - Fail!
4: Apply patch
5. Generate a new password recovery from staff to the same patron - Success!
6. Opac password recovery flow should also work.
7. Tests pass.

Sponsored-by: Lund University Library

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2022-10-24 14:12:16 -03:00

122 lines
4.1 KiB
Perl
Executable file

#!/usr/bin/perl
# Displays sent notices for a given borrower
# Copyright (c) 2009 BibLibre
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use C4::Auth qw( get_template_and_user );
use C4::Output qw( output_and_exit_if_error output_and_exit output_html_with_http_headers );
use CGI qw ( -utf8 );
use C4::Members;
use C4::Letters qw( GetPreparedLetter EnqueueLetter );
use Koha::Patrons;
use Koha::Patron::Categories;
use Koha::Patron::Password::Recovery qw( SendPasswordRecoveryEmail ValidateBorrowernumber );
my $input=CGI->new;
my $borrowernumber = $input->param('borrowernumber');
my $patron = Koha::Patrons->find( $borrowernumber );
unless ( $patron ) {
print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
exit;
}
my $borrower = $patron->unblessed;
my ($template, $loggedinuser, $cookie)= get_template_and_user({template_name => "members/notices.tt",
query => $input,
type => "intranet",
flagsrequired => {borrowers => 'edit_borrowers'},
});
my $logged_in_user = Koha::Patrons->find( $loggedinuser );
output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
# Allow resending of messages in Notices tab
my $op = $input->param('op') || q{};
if ( $op eq 'resend_notice' ) {
my $message_id = $input->param('message_id');
my $message = C4::Letters::GetMessage( $message_id );
if ( $message->{borrowernumber} = $borrowernumber ) {
C4::Letters::ResendMessage( $message_id );
# redirect to self to avoid form submission on refresh
print $input->redirect("/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
}
}
if ( $op eq 'send_welcome' ) {
my $emailaddr = $patron->notice_email_address;
# if we manage to find a valid email address, send notice
if ($emailaddr) {
eval {
my $letter = GetPreparedLetter(
module => 'members',
letter_code => 'WELCOME',
branchcode => $patron->branchcode,,
lang => $patron->lang || 'default',
tables => {
'branches' => $patron->branchcode,
'borrowers' => $patron->borrowernumber,
},
want_librarian => 1,
) or return;
my $message_id = EnqueueLetter(
{
letter => $letter,
borrowernumber => $patron->id,
to_address => $emailaddr,
message_transport_type => 'email'
}
);
};
}
# redirect to self to avoid form submission on refresh
print $input->redirect("/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
}
if ( $op eq 'send_password_reset' ) {
my $emailaddr = $patron->notice_email_address;
if ($emailaddr) {
# send staff initiated password recovery
SendPasswordRecoveryEmail( $patron, $emailaddr, 1 );
}
# redirect to self to avoid form submission on refresh
print $input->redirect(
"/cgi-bin/koha/members/notices.pl?borrowernumber=$borrowernumber");
}
# Getting the messages
my $queued_messages = C4::Letters::GetQueuedMessages({borrowernumber => $borrowernumber});
$template->param(
patron => $patron,
QUEUED_MESSAGES => $queued_messages,
borrowernumber => $borrowernumber,
sentnotices => 1,
);
output_html_with_http_headers $input, $cookie, $template->output;