Martin Renvoize [Mon, 19 Feb 2024 10:31:19 +0000 (10:31 +0000)]
Bug 35532: Remove shortcut buttons from flatpickr
It doesn't make sense to have the shortcut buttons in the range picker
for bookings. This patch adds the ability to remove them entirely from
display and uses that option in the bookings modal.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Martin Renvoize [Mon, 19 Feb 2024 10:13:14 +0000 (10:13 +0000)]
Bug 35532: Update date select field and add hint
This patch updates the 'Period' select from 'Period' to 'Booking dates'
and adds a hint beneath it too.
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Owen Leonard [Tue, 28 Nov 2023 18:46:11 +0000 (18:46 +0000)]
Bug 35426: Improve layout of bookings modal form
This patch changes the class on the bookings modal form's fieldset in
order to make the form work better in the small space offered by the
modal.
Also changed: The hint for the patron search field has been moved below
the field for consistency.
To test, apply the patch and search for a title in the staff interface.
- View the detail page.
- If you don't see a "Place booking" button in the toolbar,
click "Items" in the sidebar menu.
- Locate the "Priority" heading, and change the "Bookable" setting to
"Yes."
- Click the "PLace booking" button in the toolbar.
- The bookings modal form should appear, and the form layout should be
improved.
Signed-off-by: Barbara Johnson <barbara.johnson@bedfordtx.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
David Cook [Mon, 4 Mar 2024 03:57:27 +0000 (03:57 +0000)]
Bug 36219: Re-add missing state param for Oauth/OIDC client
This change restores the csrf token added as the state param for
the OAuth/OIDC client.
Test plan:
0. Apply the patch and restart Starman
1. Test the SSO using the wiki guide
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 4 Mar 2024 13:46:07 +0000 (14:46 +0100)]
Bug 35329: Fix selenium tests if no fund exist
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 4 Mar 2024 13:38:16 +0000 (14:38 +0100)]
Bug 35329: Fix autocomplete when placing a hold
There was a JS error
Uncaught TypeError: node.autocomplete(...).data(...) is undefined
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Tomas Cohen Arazi [Mon, 4 Mar 2024 13:20:05 +0000 (10:20 -0300)]
Bug 36084: Fix cookie domain for www/ tests
This patch changes the hardcoded `koha.local` value on
t::lib::Mocks::Zebra so tests don't fail when the domain is not `koha`.
To test:
1. Run:
$ ktd --shell
k$ export KOHA_INTRANET_URL=http://kohadev-intra.myDNSname.org:8081
k$ prove t/db_dependent/www/batch.t
=> FAIL: Tests fail!
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests pass!
4. Sign off :-D
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 1 Mar 2024 15:01:13 +0000 (16:01 +0100)]
Bug 35329: Fix conflict with 33457
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 1 Mar 2024 14:32:40 +0000 (15:32 +0100)]
Bug 35329: (follow-up) Add styling to info and error
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 14:34:52 +0000 (15:34 +0100)]
Bug 35329: Handle duplicate without 500
This is not perfect but way better than before!
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 14:34:18 +0000 (15:34 +0100)]
Bug 35329: Adjustment for 34478
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Martin Renvoize [Tue, 23 Jan 2024 11:43:06 +0000 (11:43 +0000)]
Bug 35329: (QA follow-up) Fix for bug 35865
This restores the missing hint that's restored by bug 35865 ahead of
this patchset
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 22 Jan 2024 20:52:52 +0000 (21:52 +0100)]
Bug 35329: Add styling to info and error
There were 2 "class" attribute and the second was ignored.
This could still be improved, but then we should adjust the css from
staff-global, but won't be trivial to test.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 22 Jan 2024 20:35:50 +0000 (21:35 +0100)]
Bug 35329: Fix filter vars scope
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 12 Jan 2024 12:27:50 +0000 (13:27 +0100)]
Bug 35329: Add POD + tidy Selenium.pm
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 10 Jan 2024 15:45:24 +0000 (16:45 +0100)]
Bug 35329: Add cypress tests
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 10 Jan 2024 12:43:04 +0000 (13:43 +0100)]
Bug 35329: Add selenium tests
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Wed, 10 Jan 2024 13:22:28 +0000 (13:22 +0000)]
Bug 35329: (follow-up) Label changes for improved accessibility
This patch alters the patron search form so that <label>s wrap the
<input> fields, allowing the label to be clickable without having to
associate it with a unique id. CSS has been modified to accommodate this
change.
The patch also adds missing Bootstrap classes to the "Clear" button, and
swaps out the "hint" class for the "note" class on the permissions
information ("Only staff with superlibrarian or acquisitions
permissions...").
After this patch, form field labels in the patron search modal should be
clickable to give focus to the field (except for Sort 1 and Sort 2 --
label don't work that way with Select2).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 10 Jan 2024 12:56:15 +0000 (13:56 +0100)]
Bug 35329: Prevent XSS
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Wed, 10 Jan 2024 12:20:28 +0000 (12:20 +0000)]
Bug 35329: (follow-up) Trigger Select2 upon modal open
If we wait until the modal is visible Select2 can correctly calculate
the width needed for the Sort 1 and Sort 2 dropdowns.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 10 Jan 2024 08:04:31 +0000 (09:04 +0100)]
Bug 35329: Remove fixedHeader
If fixedHeader is set for the result table in the modal, the header will
still appear (quite randomly) on the main view.
To recreate the problem:
Go to /cgi-bin/koha/members/memberentry.pl
Click Add guarantor
Search
Close the modal
Scroll down
=> The header of the table will be displayed randomly at the top of the
page
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 10 Jan 2024 07:49:07 +0000 (08:49 +0100)]
Bug 35329: Fix neworderempty
Hum I had to put it that way but I cannot remember why. Moving patron_search_js after patron_search_modal fixes the search problem (see comment 12).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 9 Jan 2024 12:42:54 +0000 (13:42 +0100)]
Bug 35329: Move patron search to modal - remove members/search.pl
git grep members/search.pl
should not return any results
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 9 Jan 2024 11:09:55 +0000 (12:09 +0100)]
Bug 35329: Move patron search to modal - suggestion
Test plan:
Edit a suggestion
Click "Set patron" to change the suggester
Click "Select manager" to set the manager
On the suggestion list view, you can also select a manager. Make sure
you are testing with different tabs (suggestions with different statuses).
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 8 Jan 2024 13:17:40 +0000 (14:17 +0100)]
Bug 35329: Move patron search to modal - erm
Test plan:
Edit an agreement or a license
Add new user and click "Select user" to open the modal
Test with different user for the same agreement/license
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 5 Jan 2024 13:50:38 +0000 (14:50 +0100)]
Bug 35329: Move patron search to modal - routing list
The behaviour is a bit different here. Adding a patron from the popup
refreshed the parent page with the newly added patron.
With this patch the refresh of the page will happen when the modal is
closed (if patrons have been added).
Test plan:
Create a subscription, receive one item, create a routing list.
Add users.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 5 Jan 2024 11:01:55 +0000 (12:01 +0100)]
Bug 35329: Move patron search to modal - edit-batch
Test plan:
Create new patron card batch
Keep the textarea empty and click "Add patron(s)" to open the modal
There is a special feature here, the "checkbox" column is displayed and
you can select several patrons and click "Add selected patrons".
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 5 Jan 2024 11:10:33 +0000 (12:10 +0100)]
Bug 35329: Move patron search to modal - funds
This is a tricky one.
We can have several modals per page, patron-search.inc needs to be
adjusted to not use ids but classes. Also we need to declare JS
variables with 'var' instead of 'let' (which does not allow redefinition
of the same variable).
Test plan:
Create or modify a fund
"Select owner" and "Add users" to open the modals.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 5 Jan 2024 07:13:29 +0000 (08:13 +0100)]
Bug 35329: Move patron search to modal - basket
Add user to an acquisition basket
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 4 Jan 2024 15:44:39 +0000 (16:44 +0100)]
Bug 35329: Move patron search to modal - neworderempty
Test plan:
Create a new acquisition order and add users.
FIXME:
Note that rules for .modal-dialog .dialog.message need to be adjusted.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 4 Jan 2024 15:13:49 +0000 (16:13 +0100)]
Bug 35329: move patron search to modal - Add guarantor
This is the first of many patches to come.
We will rewrite the patron search popup to convert it to a Bootstrap's modal.
I faced different problems on different pages, it is preferable to test
each page on top of the whole patchset, to make sure a futur change will
not break previous pages (and this is why they are all on the same bug
report).
For each page we will test that:
* the different filters work
* the "Clear" filters button work
* the "Add" or "Select" patron button works
* the nested modal to display patron's details (when clicking on their
name or cardnumber) works
On this patch we are testing the guarantor search:
Create a edit a patron and click "Add guarantor" to open the modal.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 10:29:17 +0000 (11:29 +0100)]
Bug 36148: Do not deal with CSRF error in get_template_and_user
We deal with that in the middleware, we don't want 403.pl to early exit.
If we notice that we actually need it (for other scripts), we could
eventually add a new flag to get_template_and_user to skip the CSRF check,
or build the template without using get_template_and_user for errors/*
scripts.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 23 Feb 2024 08:07:23 +0000 (09:07 +0100)]
Bug 36148: Fix header name
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 23 Feb 2024 07:53:46 +0000 (08:53 +0100)]
Bug 36148: Improve error handling and restore programming errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Fri, 23 Feb 2024 05:15:24 +0000 (05:15 +0000)]
Bug 36148: Add explanatory notes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Fri, 23 Feb 2024 05:05:30 +0000 (05:05 +0000)]
Bug 36148: Allow Koha::Middleware::CSRF to use error/exception middlewares
This change allows Koha::Middleware::CSRF to use the ErrorDocument and
HTTPExcetions middlewares to display the correct status codes and HTML
documents.
Leveraging Plack environmental variables, we're also able to pass along
data to the error page handlers to show warnings indicating that there
was a missing CSRF token.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 14:16:08 +0000 (15:16 +0100)]
Bug 36148: Move CSRF check to a Plack middleware
The easiest here is to not empty 'op' but instead redirect to an error
page.
Minor changes: to keep the patch simple it removed the 'dev only' error and
display the error for non-dev installs. It should not be a problem
anyway and will prevent errors to be hidden in the log.
We could make KOHA_ERROR an arrayref, but later (we don't need it now
anyway).
Note that the OPAC still not benefit from a friendly specific error for
invalid token.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Tue, 27 Feb 2024 19:14:19 +0000 (19:14 +0000)]
Bug 36084: svc - overdrive
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 09:01:25 +0000 (10:01 +0100)]
Bug 36084: Fix file upload and www/batch.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 08:44:42 +0000 (09:44 +0100)]
Bug 36084: svc - mana
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 13:30:06 +0000 (14:30 +0100)]
Bug 36084: (follow-up) svc - localization
This form is never sent.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 13:13:57 +0000 (14:13 +0100)]
Bug 36084: (follow-up) svc - config/systempreferences
This form is never sent.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 23 Feb 2024 11:15:42 +0000 (12:15 +0100)]
Bug 36084: svc - renew
Material - The code that is supposed to replace the checkbox with a text
was not at the correct place. It should be with checkin, not renewal.
With the table refresh it does not make sense to keep it as we will
never see it.
Best is to replace the checkbox with the text directly.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 23 Feb 2024 08:51:04 +0000 (09:51 +0100)]
Bug 36084: svc - recall
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 15:50:15 +0000 (16:50 +0100)]
Bug 36084: svc - problem_reports
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 13:04:09 +0000 (14:04 +0100)]
Bug 36084: svc - virtualshelves/search
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 22 Feb 2024 11:01:31 +0000 (12:01 +0100)]
Bug 36084: svc - members/add_to_list
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 21 Feb 2024 15:56:54 +0000 (16:56 +0100)]
Bug 36084: svc - localization
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 21 Feb 2024 12:30:29 +0000 (13:30 +0100)]
Bug 36084: svc - creator_batches
No desire to have a nice api client for this.
This patch also:
Improve failure handling
Remove unecessary code in svc script
Remove duplicated on click binding
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 21 Feb 2024 10:46:42 +0000 (11:46 +0100)]
Bug 36084: svc - cover_images
Removing the ability to remove several cover images, it was not used.
FIXME - Note that I am getting randomly a failure when uploading an image and
seeing the following error in the log:
[Wed Feb 21 10:43:59.168934 2024] [cgi:error] [pid 24037] [client 172.18.0.1:45074] AH01215: Use of uninitialized value $fileID in bitwise and (&) at /kohadevbox/koha/tools/upload-cover-image.pl line 101.: /kohadevbox/koha/tools/upload-cover-image.pl, referer: http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=1
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Wed, 21 Feb 2024 06:17:50 +0000 (06:17 +0000)]
Bug 36084: Add CSRF token support to svc/authentication
GET svc/authentication will return a CSRF token in a response header
POST svc/authentication requires a CSRF token which can be sourced
from the response header of GET svc/authentication or some other
place like the meta element on a HTML page
Note: misc/migration_tools/koha-svc.pl is a simple script which
can be used to practically evaluate svc/authentication and svc/bib
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 15:43:51 +0000 (16:43 +0100)]
Bug 36084: svc - clubs
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 14:39:51 +0000 (15:39 +0100)]
Bug 36084: svc - checkout_notes - OPAC
Decided to not use APIClient for OPAC, LATER.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 14:39:21 +0000 (15:39 +0100)]
Bug 36084: svc - checkout_notes
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 09:00:11 +0000 (10:00 +0100)]
Bug 36084: Fix is_ajax by setting X-Requested-With header
Some svc scripts (and controllers) are using using is_ajax to guess if
it's an AJAX request.
$.ajax is setting the (non standard) X-Requested-With header, but the
low level JS 'fetch' does not.
This patch set it in http-client.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 19 Feb 2024 15:29:23 +0000 (16:29 +0100)]
Bug 36084: svc - checkin
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 16 Feb 2024 13:56:09 +0000 (14:56 +0100)]
Bug 36084: svc - config/systempreferences
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 16 Feb 2024 12:41:14 +0000 (13:41 +0100)]
Bug 36084: svc - shelfbrowser.pl - Replace with GET
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 14 Feb 2024 15:34:20 +0000 (16:34 +0100)]
Bug 36084: svc - authorised_values - APIClient now global
APIClient is not a global variable, which will make the next changes
much easier!
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 15:32:35 +0000 (16:32 +0100)]
Bug 36084: Do not allow absence of token
Well, this test was silly, I was focussed on propagating an error to the
UI, but we really need to explode in this case.
Note that this requires more work as login is now broken.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 14:16:38 +0000 (15:16 +0100)]
Bug 36084: Add a global #messages div
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 14:11:59 +0000 (15:11 +0100)]
Bug 36084: Add a Dialog class
To display potential errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 13 Feb 2024 14:08:25 +0000 (15:08 +0100)]
Bug 36084: Bring fetch for everywhere
We are retrieving the awesome fetch modules from Vue, so that it can be
used in other areas. Here we will use it to inject the CSRF token to the
header of every POST request.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 12 Feb 2024 15:32:40 +0000 (16:32 +0100)]
Bug 36084: svc - article_request - POC
This is a proof of concept
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 12 Feb 2024 16:36:44 +0000 (17:36 +0100)]
Bug 36084: C4::Auth+plack.psgi for svc?
Suggestion to move the CSRF check to CGI->new so that we will check it
for every request, and it will cover svc scripts as well (they are not
using get_template_and_user).
The token will be retrieve from the param list *or the csrf_token
header* (do we want to name it x-koha-csrf-token instead?).
This will be done for *every* request that are not GET: CSRF token is now
required everywhere CGI is used (side-effects possible?).
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 09:06:08 +0000 (10:06 +0100)]
Bug 36102: (follow-up 2) Add cud-login to the login form - fix tests
Bug 36102: [TO SQUASH] (follow-up 2) Add cud-login to the login form - fix tests
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 08:09:05 +0000 (09:09 +0100)]
Bug 36102: Add cud-login to the login form (2FA)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 11:18:06 +0000 (12:18 +0100)]
Bug 36102: (follow-up) Add cud-login to the login form
Previous patch missed opac-auth
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Cook [Wed, 21 Feb 2024 01:50:24 +0000 (01:50 +0000)]
Bug 36102: Fix removal of cookie from the installer session on upgrades
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 14:12:23 +0000 (15:12 +0100)]
Bug 36102: Fix expired session on the login page of the installer (?)
I *think* this change fixes a bug when starting the installer with an
expired session. I am no longer able to reproduce the problem however.
Just skip if it does not make sense.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 13:31:04 +0000 (14:31 +0100)]
Bug 36102: If CSRF check fails, try with anonymous
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 13:10:40 +0000 (14:10 +0100)]
Bug 36102: Remove cookie from the installer session
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 13:01:04 +0000 (14:01 +0100)]
Bug 36102: Generate a new sessionID if the existing one is invalid
If the cookie contain an expired sessionID we need to create another
one to correctly generate the CSRF token.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 12:37:21 +0000 (13:37 +0100)]
Bug 36102: Do not repeat op or csrf_token on the login form - staff
Needed for OPAC?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 10:03:37 +0000 (11:03 +0100)]
Bug 36102: (follow-up) Add cud-login to the login form
Hum this didn't make sense. We are not checking credentials after
checkauth.
This patch is suggesting to rename "userid" and "password" parameters
from login forms to "login_userid" and "login_password" to not interfere
with other parameters with the same name.
This looks quite correct, however I am seeing
"The form submission failed (Wrong CSRF token)."
in the log after a successful login. Which feels wrong, what's
happening?
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 20 Feb 2024 09:09:25 +0000 (10:09 +0100)]
Bug 36102: Do not keep op and csrf_token in param list after login - OPAC
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 15 Feb 2024 13:06:33 +0000 (14:06 +0100)]
Bug 36102: Fix 01-installation.t
Something very weird is happening here.
There is a FIXME already, but the trick does not seem to work anymore
(?)
This patch contains some debug statements and take some screenshots.
We are reaching the cud-selectframeworks step then we are expecting the
form to submit the form with op=cud-addframeworks
BUT it seems that "op" is empty, and there is an unexpected warning from
Starman:
==> /var/log/koha/kohadev/plack-error.log <==
""
Use of uninitialized value in string ne at /usr/share/perl5/Starman/Server.pm line 304.
==> /var/log/koha/kohadev/plack-intranet-error.log <==
[2024/02/15 13:09:34] [WARN] Warning: something's wrong at /kohadevbox/koha/installer/install.pl line 89.
What's going on here??
UPDATE: This is fixed by "Bug 34478: Manual fix - Make Koha::Token use
session id not userenv id"
Bug 36102: [TO SQUASH] Fix 01-installation.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 15 Feb 2024 13:04:46 +0000 (14:04 +0100)]
Bug 36102: Use Koha::Session from C4::InstallAuth
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 14 Feb 2024 13:54:55 +0000 (14:54 +0100)]
Bug 36102: Add cud-login to the login form
TODO This needs to be covered by tests.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 1 Mar 2024 09:46:41 +0000 (10:46 +0100)]
Bug 34478: serials/routing-preview.pl
Not totally done, still need the "save and preview"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 1 Mar 2024 07:27:00 +0000 (07:27 +0000)]
Bug 34478: (follow-up) Move resend link out of form for display reasons
This improves display. This only comes up when you try to reset your
password after you did already.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 12:15:14 +0000 (13:15 +0100)]
Bug 34478: (follow-up) Manual fix - Make Koha::Token use session id not userenv id
See comment 174.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Wed, 28 Feb 2024 09:13:08 +0000 (10:13 +0100)]
Bug 34478: Fix www/auth_values_input_www.t
See bug 36189, we need to rewrite this using Selenium.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Tue, 27 Feb 2024 20:05:46 +0000 (15:05 -0500)]
Bug 34478: Manual fix - reopen basket - add cud- - basket.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 14:34:40 +0000 (15:34 +0100)]
Bug 34478: Add cud to updatestructure
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 14:00:31 +0000 (15:00 +0100)]
Bug 34478: (follow-up) batchMod
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:54:52 +0000 (14:54 +0100)]
Bug 34478: (follow-up) batch_record_modification
Fix Edit > Modify record using template
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:48:14 +0000 (14:48 +0100)]
Bug 34478: Fix delete from addbiblio
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:42:08 +0000 (14:42 +0100)]
Bug 34478: Fix delallitems for additem
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 13:19:18 +0000 (14:19 +0100)]
Bug 34478: Fix saveitem and delete for additem
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 12:45:11 +0000 (13:45 +0100)]
Bug 34478: Manual fix - adjust op for acqui/cancelorder
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 12:23:09 +0000 (13:23 +0100)]
Bug 34478: Adjust 'op' on serials/subscription-renew
multi_renew now has a validation step
This patch also removes 2 variables that were not used ($mode and $done)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 10:43:22 +0000 (11:43 +0100)]
Bug 34478: Prevent renew if logged in user is not allowed to
This should be on its own bug. Feel free to do it if you have the
energy, I do not.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2024 10:17:30 +0000 (11:17 +0100)]
Bug 34478: Replace delete links with form - smart-rules
We can certainly do better here (too many duplicated code in on click
functions), but it's good enouh for now...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 14:20:25 +0000 (15:20 +0100)]
Bug 34478: Manual fix - remove cud from members/search
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 13:38:23 +0000 (14:38 +0100)]
Bug 34478: Move to get - reserve/request.tt:248
This form is never sent
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 13:05:54 +0000 (14:05 +0100)]
Bug 34478: Move to get - acqui/uncertainprice
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 11:32:18 +0000 (12:32 +0100)]
Bug 34478: Convert form to link - sci-main
Nothing to POST, we could move to GET, but we do not have parameters. A
link is good here.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 26 Feb 2024 11:05:21 +0000 (12:05 +0100)]
Bug 34478: (follow-up) Fix circ/set-library
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Fri, 23 Feb 2024 18:58:16 +0000 (18:58 +0000)]
Bug 34478: Corrections to some serials scripts
This patch updates the serials toolbar and related JS so that delete,
close, and reopen are all POST operations.
The patch also fixes an incorrect op check in the subscription search
popup.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
projects / koha.git / log