]> git.koha-community.org Git - koha.git/log
koha.git
8 months agoBug 34478: Manual fix - Add items (course reserves)
Tomas Cohen Arazi [Mon, 29 Jan 2024 19:47:38 +0000 (16:47 -0300)]
Bug 34478: Manual fix - Add items (course reserves)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - change to post - guided_reports
Nick Clemens [Fri, 26 Jan 2024 19:15:17 +0000 (14:15 -0500)]
Bug 34478: Manual fix - change to post - guided_reports

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - change to post remove cud from confirm step - serials-collection
Nick Clemens [Fri, 26 Jan 2024 17:56:39 +0000 (12:56 -0500)]
Bug 34478: Manual fix - change to post remove cud from confirm step - serials-collection

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - remove cud from search op - authorities-home
Nick Clemens [Fri, 26 Jan 2024 17:45:21 +0000 (12:45 -0500)]
Bug 34478: Manual fix - remove cud from search op - authorities-home

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Switch to post, update op - neworderempty_duplicate
Nick Clemens [Fri, 26 Jan 2024 16:58:07 +0000 (11:58 -0500)]
Bug 34478: Manual fix - Switch to post, update op - neworderempty_duplicate

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Switch to post, update op, add missing include - basket
Nick Clemens [Fri, 26 Jan 2024 16:27:52 +0000 (11:27 -0500)]
Bug 34478: Manual fix - Switch to post, update op, add missing include - basket

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - fix ops and method - deletemem
Nick Clemens [Fri, 26 Jan 2024 16:01:18 +0000 (11:01 -0500)]
Bug 34478: Manual fix - fix ops and method - deletemem

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Rename action with op change to post - merge-patrons
Nick Clemens [Fri, 26 Jan 2024 15:52:54 +0000 (10:52 -0500)]
Bug 34478: Manual fix - Rename action with op change to post - merge-patrons

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - circ/request-article
Jonathan Druart [Fri, 26 Jan 2024 10:35:20 +0000 (11:35 +0100)]
Bug 34478: Rename action with op - circ/request-article

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - circ/checkout-notes
Jonathan Druart [Fri, 26 Jan 2024 10:33:02 +0000 (11:33 +0100)]
Bug 34478: Rename action with op - circ/checkout-notes

svc/checkout_notes will need to be adjusted as well

Bug 34478: [TO SQUASH] Rename action with op - circ/checkout-notes

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - catalogue/search-history
Jonathan Druart [Fri, 26 Jan 2024 10:11:58 +0000 (11:11 +0100)]
Bug 34478: Rename action with op - catalogue/search-history

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - admin/library_groups
Jonathan Druart [Fri, 26 Jan 2024 10:02:56 +0000 (11:02 +0100)]
Bug 34478: Rename action with op - admin/library_groups

This is a bit dirty but it works.
form is not styling correctly when put within the li

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - admin/item_circulation_alerts
Jonathan Druart [Fri, 26 Jan 2024 09:28:06 +0000 (10:28 +0100)]
Bug 34478: Rename action with op - admin/item_circulation_alerts

Also fix possible XSS.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - admin/columns_settings
Jonathan Druart [Fri, 26 Jan 2024 09:06:20 +0000 (10:06 +0100)]
Bug 34478: Rename action with op - admin/columns_settings

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - acqui/cancelorder
Jonathan Druart [Fri, 26 Jan 2024 09:00:41 +0000 (10:00 +0100)]
Bug 34478: Rename action with op - acqui/cancelorder

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove no longer reference form
Martin Renvoize [Wed, 24 Jan 2024 11:44:02 +0000 (11:44 +0000)]
Bug 34478: Remove no longer reference form

Cleanup whilst we're here.. the form here isn't actually included
anywhere and the acompanying controller no longer exists.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Update label ops 'edit' to 'edit_form'
Martin Renvoize [Wed, 24 Jan 2024 11:09:22 +0000 (11:09 +0000)]
Bug 34478: Update label ops 'edit' to 'edit_form'

This serves to clarify that the 'edit' is not an update action in this
case, but instead is a form fetch.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm - Manual parcels.pl
Jonathan Druart [Wed, 24 Jan 2024 11:12:22 +0000 (12:12 +0100)]
Bug 34478: op =~ ^cud- in pl/pm - Manual parcels.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - preferences
Jonathan Druart [Wed, 24 Jan 2024 10:27:01 +0000 (11:27 +0100)]
Bug 34478: Manual fix - preferences

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm - Manual preferences.pl
Jonathan Druart [Wed, 24 Jan 2024 10:32:34 +0000 (11:32 +0100)]
Bug 34478: op =~ ^cud- in pl/pm - Manual preferences.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add method="get" to forms without method
Jonathan Druart [Tue, 23 Jan 2024 15:59:44 +0000 (16:59 +0100)]
Bug 34478: Add method="get" to forms without method

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove duplicated form in virtualshelves/downloadshelf.tt
Jonathan Druart [Tue, 23 Jan 2024 15:57:05 +0000 (16:57 +0100)]
Bug 34478: Remove duplicated form in virtualshelves/downloadshelf.tt

Just... don't ask... It's there since 2010

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - label-edit-profile (cud-save)
Martin Renvoize [Mon, 22 Jan 2024 11:56:37 +0000 (11:56 +0000)]
Bug 34478: Manual fix - label-edit-profile (cud-save)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - label-edit-template (cud-save)
Martin Renvoize [Mon, 22 Jan 2024 11:52:58 +0000 (11:52 +0000)]
Bug 34478: Manual fix - label-edit-template (cud-save)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - label-edit-layout (cud-save)
Martin Renvoize [Mon, 22 Jan 2024 11:13:41 +0000 (11:13 +0000)]
Bug 34478: Manual fix - label-edit-layout (cud-save)

Also updated 'cud-edit' in the controller back to 'edit' as it's a 'get'
request to display the form.. i.e. read not create, write or update.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - subscription-nuberpatterns (cud-del)
Nick Clemens [Fri, 19 Jan 2024 17:05:26 +0000 (17:05 +0000)]
Bug 34478: Manual fix - subscription-nuberpatterns (cud-del)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - subscription-frequencies (cud-del)
Nick Clemens [Fri, 19 Jan 2024 17:03:47 +0000 (17:03 +0000)]
Bug 34478: Manual fix  - subscription-frequencies (cud-del)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - parcels.pl (cud-confirm cud-new)
Nick Clemens [Fri, 19 Jan 2024 17:00:44 +0000 (17:00 +0000)]
Bug 34478: Manual fix - parcels.pl (cud-confirm cud-new)

Bug 34478: [TO SQUASH] Manual fix - parcels.pl (cud-confirm cud-new)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - edi_ean (cud-ediorder)
Nick Clemens [Fri, 19 Jan 2024 16:50:47 +0000 (16:50 +0000)]
Bug 34478: Manual fix - edi_ean (cud-ediorder)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - basketgroups
Nick Clemens [Fri, 19 Jan 2024 16:39:37 +0000 (16:39 +0000)]
Bug 34478: Manual fix - basketgroups

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account refund - Add op param to forms
Kyle M Hall [Fri, 19 Jan 2024 16:22:53 +0000 (16:22 +0000)]
Bug 34478: Manual fix - account refund - Add op param to forms

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - delete baskets - Add csrf include
Kyle M Hall [Fri, 19 Jan 2024 15:25:35 +0000 (10:25 -0500)]
Bug 34478: Manual fix - delete baskets - Add csrf include

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - delete baskets
Kyle M Hall [Fri, 19 Jan 2024 14:19:58 +0000 (09:19 -0500)]
Bug 34478: Manual fix - delete baskets

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account line discount
Kyle M Hall [Fri, 19 Jan 2024 14:16:46 +0000 (09:16 -0500)]
Bug 34478: Manual fix - account line discount

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account refund
Kyle M Hall [Fri, 19 Jan 2024 14:15:19 +0000 (09:15 -0500)]
Bug 34478: Manual fix - account refund

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account payout
Kyle M Hall [Fri, 19 Jan 2024 14:11:40 +0000 (09:11 -0500)]
Bug 34478: Manual fix - account payout

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Display programming errors in case plack.psgi caught something suspicious
Jonathan Druart [Wed, 13 Dec 2023 08:27:45 +0000 (09:27 +0100)]
Bug 34478: Display programming errors in case plack.psgi caught something suspicious

It will help developpers to debug the problematic places.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - duplicate_orders (cud-select)
Jonathan Druart [Wed, 13 Dec 2023 07:31:04 +0000 (08:31 +0100)]
Bug 34478: Manual fix - duplicate_orders (cud-select)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - preferences
Jonathan Druart [Wed, 13 Dec 2023 07:23:54 +0000 (08:23 +0100)]
Bug 34478: Manual fix - preferences

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - memberentry (modify)
Jonathan Druart [Tue, 12 Dec 2023 16:03:58 +0000 (17:03 +0100)]
Bug 34478: Manual fix - memberentry (modify)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - batchMod
Jonathan Druart [Tue, 12 Dec 2023 15:43:21 +0000 (16:43 +0100)]
Bug 34478: Manual fix - batchMod

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm
Jonathan Druart [Tue, 12 Dec 2023 15:43:08 +0000 (16:43 +0100)]
Bug 34478: op =~ ^cud- in pl/pm

This is the result of
  bash op_must_start_with_cud-perl.sh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - additem
Jonathan Druart [Tue, 12 Dec 2023 15:26:51 +0000 (16:26 +0100)]
Bug 34478: Manual fix - additem

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - opac-suggestions
Jonathan Druart [Tue, 12 Dec 2023 13:54:34 +0000 (14:54 +0100)]
Bug 34478: Manual fix - opac-suggestions

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace POST with GET when needed - add_form
Jonathan Druart [Tue, 12 Dec 2023 13:39:15 +0000 (14:39 +0100)]
Bug 34478: Replace POST with GET when needed - add_form

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Adjust selenium tests
Jonathan Druart [Tue, 12 Dec 2023 13:32:59 +0000 (14:32 +0100)]
Bug 34478: Adjust selenium tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add missing csrf-token.inc for opac
Jonathan Druart [Tue, 12 Dec 2023 13:12:20 +0000 (14:12 +0100)]
Bug 34478: Add missing csrf-token.inc for opac

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- everywhere
Jonathan Druart [Tue, 12 Dec 2023 10:21:07 +0000 (11:21 +0100)]
Bug 34478: op =~ ^cud- everywhere

This is the result of
  perl op_must_start_with_cud.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud-
Jonathan Druart [Fri, 22 Sep 2023 08:55:29 +0000 (10:55 +0200)]
Bug 34478: op =~ ^cud-

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op-cud - Trick CGI directly
Jonathan Druart [Thu, 21 Sep 2023 10:00:17 +0000 (12:00 +0200)]
Bug 34478: op-cud - Trick CGI directly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op-cud - Rename op with op-cud in templates
Jonathan Druart [Thu, 21 Sep 2023 08:50:07 +0000 (10:50 +0200)]
Bug 34478: op-cud - Rename op with op-cud in templates

This is the result of
  perl rename_op_with_op-cud.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op-cud - Adjust C4::Auth code
Jonathan Druart [Thu, 21 Sep 2023 08:23:41 +0000 (10:23 +0200)]
Bug 34478: op-cud - Adjust C4::Auth code

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Move C4::Auth check
Jonathan Druart [Thu, 21 Sep 2023 07:59:09 +0000 (09:59 +0200)]
Bug 34478: Move C4::Auth check

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove check_csrf from pl files
Jonathan Druart [Fri, 4 Aug 2023 09:37:52 +0000 (11:37 +0200)]
Bug 34478: Remove check_csrf from pl files

We should no longer need to check CSRF token from pl files

TODO - there is a change for some files where we returned 403

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Check CSRF in get_template_and_user
Jonathan Druart [Fri, 4 Aug 2023 09:32:27 +0000 (11:32 +0200)]
Bug 34478: Check CSRF in get_template_and_user

Not sure this is the right place in get_template_and_user
Will have to test login and 2FA

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add 'op' to opac-passwd
Jonathan Druart [Fri, 4 Aug 2023 09:13:14 +0000 (11:13 +0200)]
Bug 34478: Add 'op' to opac-passwd

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add 'op' to opac-user.tt
Jonathan Druart [Fri, 4 Aug 2023 09:06:16 +0000 (11:06 +0200)]
Bug 34478: Add 'op' to opac-user.tt

Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt

Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add missing CSRF token to POST forms
Jonathan Druart [Fri, 12 Jan 2024 14:00:48 +0000 (15:00 +0100)]
Bug 34478: Add missing CSRF token to POST forms

This is the result of
  % perl csrf_add_missing_csrf.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove generate_csrf from pl
Jonathan Druart [Fri, 4 Aug 2023 09:15:54 +0000 (11:15 +0200)]
Bug 34478: Remove generate_csrf from pl

We do not longer need to generate_csrf from pl files

TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted

Bug 34478: [TO SQUASH] Remove generate_csrf from pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace csrf_token input with include file - manual
Jonathan Druart [Fri, 4 Aug 2023 08:57:42 +0000 (10:57 +0200)]
Bug 34478: Replace csrf_token input with include file - manual

A couple of left not caught by the previous regex

Still TODO:
% git grep csrf_token **/*.inc **/*.tt
still shows example that needs to be replaced, later (because we use GET)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace csrf_token input with include file
Jonathan Druart [Fri, 4 Aug 2023 08:56:50 +0000 (10:56 +0200)]
Bug 34478: Replace csrf_token input with include file

perl -p -i -n -e 's#<input type="hidden" name="csrf_token" value="\[% csrf_token \| html %]" />#[% INCLUDE '\''csrf-token.inc'\'' %]#g' **/*.tt **/*.inc

This should have actually been done at the same time as
  "Bug 30524: (QA follow-up) Only generate CSRF token if it will be used"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace get with post when needed
Jonathan Druart [Fri, 4 Aug 2023 08:32:17 +0000 (10:32 +0200)]
Bug 34478: Replace get with post when needed

This is what has been marked as done in "csrf_get.txt"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35955: Add tests
Jonathan Druart [Tue, 27 Feb 2024 07:56:24 +0000 (08:56 +0100)]
Bug 35955: Add tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35955: Cache CSRF token in template plugin
David Cook [Tue, 27 Feb 2024 06:05:24 +0000 (06:05 +0000)]
Bug 35955: Cache CSRF token in template plugin

This change uses the Koha::Cache::Memory::Lite cache to
cache the CSRF token, so that it is only generated once,
and is re-used by the Koha::Template::Plugin::Koha object
throughout the entire template processing for the HTTP request.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Default to 'file' if pref does not exist
Jonathan Druart [Wed, 21 Feb 2024 08:42:16 +0000 (09:42 +0100)]
Bug 36098: Default to 'file' if pref does not exist

During the installer process there is a bunch of warnings
  "Use of uninitialized value $storage_method in string eq at"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: (follow-up) extend test to check driver
David Cook [Thu, 15 Feb 2024 23:07:02 +0000 (23:07 +0000)]
Bug 36098: (follow-up) extend test to check driver

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Fix storage_method pass
David Cook [Thu, 15 Feb 2024 22:49:19 +0000 (22:49 +0000)]
Bug 36098: Fix storage_method pass

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Allow to pass storage_method
Jonathan Druart [Thu, 15 Feb 2024 13:05:21 +0000 (14:05 +0100)]
Bug 36098: Allow to pass storage_method

Will need this on follow-up bugs.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: (QA follow-up) Add POD to Koha::Session
Martin Renvoize [Thu, 15 Feb 2024 11:53:02 +0000 (11:53 +0000)]
Bug 36098: (QA follow-up) Add POD to Koha::Session

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Add Koha::Session module to ease session handling
David Cook [Thu, 15 Feb 2024 02:49:18 +0000 (02:49 +0000)]
Bug 36098: Add Koha::Session module to ease session handling

This patch adds a Koha::Session module that makes it easier
to work with Koha sessions without needing the full C4::Auth module.

Test plan:
0. Apply the patch
1. Run the following unit tests:
prove ./t/db_dependent/Auth.t
prove ./t/db_dependent/Auth_with_cas.t
prove ./t/db_dependent/Koha/Session.t
2. Observe that they all pass

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35935: Ensure login branch will be used after incorrect login
Jonathan Druart [Tue, 30 Jan 2024 08:02:19 +0000 (09:02 +0100)]
Bug 35935: Ensure login branch will be used after incorrect login

If a different branch is selected after an incorrect login, the previous
branch will be used.

To recreate:
* login with foo/bar, select CPL => FAIL
* login with koha/koha, select another branch => OK but CPL is picked!

It was caused by a dup of "branch" in CGI param list (and first was
picked).

This patch patch also removes "koha_login_context" to not have it twice.
You can also open the source of the page to confirm that form#loginform
contains "branch" and "koha_login_context" in hidden inputs.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested in KTD. Works as advertised.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36092: Pass sessionID at the end of get_template_and_user
Jonathan Druart [Wed, 14 Feb 2024 08:45:45 +0000 (09:45 +0100)]
Bug 36092: Pass sessionID at the end of get_template_and_user

It seems safer to pass the logged in user and session info at the end of
the sub.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36092: Pass the sessionID from checkauth if we hit auth
Jonathan Druart [Wed, 14 Feb 2024 09:33:11 +0000 (10:33 +0100)]
Bug 36092: Pass the sessionID from checkauth if we hit auth

If we hit the auth page we were not passing sessionID to the template

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36092: Add test
Jonathan Druart [Wed, 14 Feb 2024 09:56:17 +0000 (10:56 +0100)]
Bug 36092: Add test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35918: Fix auto library connect (AutoLocation)
Jonathan Druart [Fri, 26 Jan 2024 07:58:17 +0000 (08:58 +0100)]
Bug 35918: Fix auto library connect (AutoLocation)

This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.

To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
  branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
  branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
  branchip: 172.18.0.4

Connect and select CPL. Randomly FFL will be picked instead.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35918: Add test
Jonathan Druart [Fri, 26 Jan 2024 07:57:03 +0000 (08:57 +0100)]
Bug 35918: Add test

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35890: Add tests for AutoLocation
Jonathan Druart [Thu, 25 Jan 2024 08:36:01 +0000 (09:36 +0100)]
Bug 35890: Add tests for AutoLocation

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35890: Reject login if IP is not valid
Jonathan Druart [Wed, 24 Jan 2024 15:25:30 +0000 (16:25 +0100)]
Bug 35890: Reject login if IP is not valid

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35904: (QA follow-up): tidy up code
Victor Grousset/tuxayo [Thu, 15 Feb 2024 03:18:37 +0000 (04:18 +0100)]
Bug 35904: (QA follow-up): tidy up code

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35904: Make C4::Auth::checkauth testable easily
Jonathan Druart [Thu, 25 Jan 2024 09:35:41 +0000 (10:35 +0100)]
Bug 35904: Make C4::Auth::checkauth testable easily

This patch suggests to add a new flag do_not_print to
C4::Auth::checkauth to not print the headers and allow to test this
subroutine more easily.

We do no longer need to mock safe_exit and redirect STDOUT to test its
return values.

There are still 3 left:
1.
733         # checkauth will redirect and safe_exit if not authenticated and not authorized
=> Better to keep this one, not trivial to replace

2.
806         # This will fail on permissions
This should be replaced but testing $template->{VARS}->{nopermission}
fails, I dont' think the comment is better.

3.
828         # Patron does not have the borrowers permission
Same as 2.

2. and 3. should be investigated a bit more.

This patch also move duplicated code to set patron's password to a
subroutine set_weak_password.

Test plan:
Read the code and confirm that everything makes sense.
QA: Do you have a better way for this? Yes it's dirty!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35904: Remove var loggedin
Jonathan Druart [Wed, 24 Jan 2024 15:24:51 +0000 (16:24 +0100)]
Bug 35904: Remove var loggedin

It is never used and add confusion

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36019: Remove dead code in tags/review
Jonathan Druart [Wed, 7 Feb 2024 14:54:28 +0000 (15:54 +0100)]
Bug 36019: Remove dead code in tags/review

Since bug 20489 it is no longer possible to login with the DB user.
At the time, get_template_and_user returned borrowernumber=0 in this case.

In tags/review.pl we have:
  $borrowernumber == 0 and push @errors, {op_zero=>1};

This condition is never met, and op_zero related code can be removed in the template.

Test plan:
Confirm the above

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36017: Remove dead code in admin/clone-rules
Jonathan Druart [Wed, 7 Feb 2024 14:42:40 +0000 (15:42 +0100)]
Bug 36017: Remove dead code in admin/clone-rules

Since
  commit 61628c97c245e72c750b61d9df6fa9b9100f3093
  Bug 18936: (follow-up) Add cloning of circulation rules back to Koha

There are some dead code in admin/clone-rules.

"result" is always passed to the template.

Test plan:
Confirm the above and that cloning rules from the circ rules page still
works correctly.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35949: Remove useless code pointing to branchreserves.pl in request.tt
Jonathan Druart [Tue, 30 Jan 2024 15:40:17 +0000 (16:40 +0100)]
Bug 35949: Remove useless code pointing to branchreserves.pl in request.tt

messagetransfert is never set (it is from circ/waitingreserves.pl, `git grep messagetransfert`) and branchreserves.pl does not exist!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34426: (QA follow-up) Polishing xt script
Marcel de Rooy [Fri, 23 Jun 2023 09:56:40 +0000 (09:56 +0000)]
Bug 34426: (QA follow-up) Polishing xt script

Test plan:
Run it again. Same results?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34426: Add xt/find-missing-csrf.t
Martin Renvoize [Wed, 16 Jun 2021 10:04:42 +0000 (11:04 +0100)]
Bug 34426: Add xt/find-missing-csrf.t

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35930: Add guards for plugins_enabled
Andreas Jonsson [Mon, 12 Feb 2024 11:16:02 +0000 (11:16 +0000)]
Bug 35930: Add guards for plugins_enabled

The 'new' method in Koha::Plugins returns undefined if
plugins are disabled.  Therefore, calls to this method
must be guarded by a check that plugins actually are enabled.

Test plan:

* Code inspection of patch, alternatively
* Activate the ill system by installing a backend such as
  koha-illbackend-libris:
  https://github.com/Libriotech/koha-illbackend-libris
* Make sure plugins are disabled in koha-conf.xml
* In the staff interface, go to ILL requests.
* The page should load without getting an error 500.

PA amended commit message: This is not related to ILL backends being plugins or not
This is about ILL batches, where checking for metadata enrichment plugins was missing 'enable_plugins' guard
Additionally, unrelated to batches, it's also about ILLAvailability, where checking for ILL availabililty plugins was missing enable_plugins guard

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Hans PĂ„lsson <hans.palsson@hkr.se>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
8 months agoBug 35518: Tidy the moved blocks
Martin Renvoize [Thu, 8 Feb 2024 15:55:43 +0000 (15:55 +0000)]
Bug 35518: Tidy the moved blocks

This patch just tidies the moved blocks to get us past the QA script
check.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
8 months agoBug 35518: Check authentication and set userenv before fetching userenv variables
Nick Clemens [Fri, 26 Jan 2024 14:10:01 +0000 (14:10 +0000)]
Bug 35518: Check authentication and set userenv before fetching userenv variables

Currently we get the userenv before we have set it correctly for the session

To test:
 1 - Sign in as a user with fast cataloging permission
 2 - Bring up a patron, type gibberish into barcode field to get a fast cataloging link
 3 - Check the link, it should have your current signed in barcode
 4 - Sign in to a different browser with a different user and at a different branch
 5 - Bring up a aptron in circulation and type gibberish into barcode field to get a fast cataloging link
 6 - It may have your branch, but it may also have the other user's branch from the other window
 7 - Keep entering gibberish to get a link until one user has the correct branch
 8 - Then switch to the other browser, and keep entering gibberish, watch the branchcode change
 9 - Apply patch, restart all
10 - Test switching between browsers. generating fast cataloging links
11 - Users should now consistently have the correct branch

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
8 months agoBug 36034: Add test
Jonathan Druart [Wed, 14 Feb 2024 07:49:33 +0000 (08:49 +0100)]
Bug 36034: Add test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
8 months agoBug 36034: (bug 34893 follow-up) fix capture of return values from checkpw
Andreas Jonsson [Thu, 8 Feb 2024 10:57:03 +0000 (11:57 +0100)]
Bug 36034: (bug 34893 follow-up) fix capture of return values from checkpw

Adapt code to the change of return value type of checkpw
introduced in bug 34893

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
9 months agoBug 29002: Remove whitespace only lines
Martin Renvoize [Thu, 11 Jan 2024 11:14:27 +0000 (11:14 +0000)]
Bug 29002: Remove whitespace only lines

Jonathan highlighted some trailing whitespace.. I only see a few cases
where a line only contains whitespace and I didn't see these caught by
the QA script at the time of submission.

Anyway, this removes the spaces

9 months agoBug 35962: (bug 35843 follow-up 2) Fix BackgroundJob.t on D10
Jonathan Druart [Tue, 6 Feb 2024 07:32:31 +0000 (08:32 +0100)]
Bug 35962: (bug 35843 follow-up 2) Fix BackgroundJob.t on D10

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
9 months agoBug 34893: Unit tests for C4::Auth::checkpw
Tomas Cohen Arazi [Fri, 15 Dec 2023 13:54:11 +0000 (10:54 -0300)]
Bug 34893: Unit tests for C4::Auth::checkpw

This patch introduces some tests on the current (and new) behavior for
the `checkpw` function.

I needed it to better understand if an edge case was actually possible
(it wasn't).

Found a really minor annoyance for the internal check with expired
password not returning the $patron object for consistency with the other
use cases.

I think this method deserves (at least) changing the return value to a
sane data structure. But that's not target for backporting to stable
releases. So a separate bug.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
9 months agoBug 34893: (QA follow-up) Tidy code for qa script
Kyle M Hall [Fri, 1 Dec 2023 11:29:19 +0000 (06:29 -0500)]
Bug 34893: (QA follow-up) Tidy code for qa script

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
9 months agoBug 34893: Add checkpw change to REST API
David Cook [Tue, 28 Nov 2023 22:57:39 +0000 (22:57 +0000)]
Bug 34893: Add checkpw change to REST API

This patch adds the checkpw return value change to the REST API
route for validating user identifiers and password.

Test plan:
0. Apply patch
1. prove t/db_dependent/api/v1/password_validation.t

Bonus points:
1. koha-plack --reload kohadev
2. Enable syspref RESTBasicAuth
3. curl -XPOST -H "Content-Type: application/json" \
-u <staff_userid>:<staff_password> \
-d '{"identifier":"<cardnumber>","password":"<password>"}' \
http://localhost:8081/api/v1/auth/password/validation
4. Validation doesn't fail. It gives you cardnumber, patron_id, userid

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
9 months agoBug 34893: ILS-DI can return the wrong patron for AuthenticatePatron
Kyle M Hall [Fri, 22 Sep 2023 18:20:59 +0000 (14:20 -0400)]
Bug 34893: ILS-DI can return the wrong patron for AuthenticatePatron

Imagine we have a set of users. Some of those users have a NULL userid. We then call AuthenticatePatron from ILS-DI for a patron with a NULL userid, but a valid cardnumber. We call checkpw, which returns the cardnumber and userid. We then call Koha::Patrons->find on the userid *which is null*, meaning the borrowernumber returned is not the correct one, but instead the earliest patron inserted into the database that has a NULL userid.

Test Plan:
1) Give three patrons a userid and a password
2) From the database cli, set all patrons's userid to null
   Run this query: update borrowers set userid = null;
3) Call AuthenticatePatron with username being the 1st patron cardnumber,
   and password being the password you set for that patron
   http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=kohacard&password=koha
4) Note you get back a borrowernumber for a different patron. Refresh the page and the number is correct.
5) Do the same with the 2nd patron. Same issue at 1st and correct number after.
6) Apply this patch
7) Restart all the things!
8) Do the same with the 3rd patron.
9) Note you get the correct borrowernumber! :D
10) prove t/Auth.t t/db_dependent/Auth_with_ldap.t t/Auth_with_shibboleth.t t/db_dependent/Auth_with_cas.t

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
9 months agoBug 34893: Add unit tests
Kyle M Hall [Wed, 29 Nov 2023 17:18:32 +0000 (17:18 +0000)]
Bug 34893: Add unit tests

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
9 months agoBug 32474: (follow-up): Tell the tests to wait for the intercepted request responses
Matt Blenkinsop [Fri, 2 Feb 2024 10:29:06 +0000 (10:29 +0000)]
Bug 32474: (follow-up): Tell the tests to wait for the intercepted request responses

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
9 months agoBug 35962: (bug 35843 follow-up) Fix BackgroundJob.t on D10
Jonathan Druart [Wed, 31 Jan 2024 15:44:47 +0000 (16:44 +0100)]
Bug 35962: (bug 35843 follow-up) Fix BackgroundJob.t on D10

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>