From 9e43658e6f4fbc4f39c5ac7552f4376c109e119e Mon Sep 17 00:00:00 2001 From: Phil Ringnalda Date: Tue, 10 Sep 2024 20:17:20 -0700 Subject: [PATCH] Bug 37887: OPAC password recovery needs to use a cud- op while POSTing new password To pass xt/find-missing-op-in-forms.t after bug 37728 updates it to notice that there can be more than one form in a template, opac-password-recovery.tt needs to have a param named 'op' which starts with 'cud-' for the form that POSTs the new password. Luckily, testing this doesn't require that you set Koha up to actually send email (though you can), because you can get the link to reset the password by looking at the list of notices sent to the patron in the staff interface: the failure to send notice works just fine. Test plan: 1. There's no behavior change to test, you just need to see that resetting the password still works, so start with the patch applied. 2. Administration - System preferences - change OpacResetPassword to allowed 3. Set a patron so you can use them, which requires that you know the username, and they have an email address. I give Acosta, Edna one of my email addresses, and copy her cardnumber. 4. Open the OPAC, and below the login form click the "Forgot your password?" link 5. Enter the cardnumber for Login and the email you used for Email and click Submit. If you didn't set up sending email, you'll get an error message, but ignore it, not a problem 6. Back in the staff interface, check out to the patron you are using, and on the left sidebar choose Notices and find the Koha password recovery notice and click that linked phrase 7. In the popup with the notice text, open the recovery link in a new tab 8. Following the instructions for the content of a new password, enter one in both fields and click Submit 9 In the success message, click the link to Log in to your account and log in with the new password Sponsored-by: Chetco Community Public Library Signed-off-by: Olivier V Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer --- .../opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt | 1 + opac/opac-password-recovery.pl | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt index f83859599e..1fefb27964 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt @@ -151,6 +151,7 @@ [% UNLESS ( errLinkNotValid ) %]
[% INCLUDE 'csrf-token.inc' %] + Password not valid
diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl index 437ec121af..08d1f38262 100755 --- a/opac/opac-password-recovery.pl +++ b/opac/opac-password-recovery.pl @@ -148,7 +148,7 @@ if ( $op eq 'cud-sendEmail' || $op eq 'cud-resendEmail' ) { ); } } -elsif ( $query->param('passwordReset') ) { +elsif ( $op eq 'cud-reset_password' ) { ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); my $error; -- 2.39.5