Bug 20428: Make about.pl inform about missing upload_tmp_path entry
This patch makes about.pl warn about a missing upload_tmp_path entry in
koha-conf.xml. It also mentions the effectively used tmp dir.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20428: Make Koha::UploadedFile use the new config entry for tmp files
This patch makes Koha::UploadedFile->temporary_directory try to use the
new configuration entry. It will fallback to File::Spec->tmpdir
otherwise.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20428: Add the option to specify a tmp uploads dir
This patch adds an option to the koha-conf.xml file for specifying
a temporary uploaded files directory.
The koha-create script is adjusted to handle it and a convenient option
switch is added. If ommited, it will default to
/var/lib/koha/<instance>/uploads_tmp.
koha-create-dirs is patched to create the required directory with the
right permissions.
The docs get the new parameter documented.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Wed, 9 May 2018 11:51:20 +0000 (11:51 +0000)]
Bug 20737: Use https for baker and taylor cover images
Easy change, should be able to verify with code review or testing with
dummy values
To test:
1 - Put some values in baker and taylor prefs (don't need to be valid)
2 - Do a search on the opac (and have some items with isbns)
3 - Inspect the cover images links to ensure they are formed correctly
4 - prove -v t/External/BakerTaylor.t
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Fri, 4 May 2018 13:54:49 +0000 (13:54 +0000)]
Bug 20707: Replace circ/search.pl circulate permission requirement with catalogue
To test:
1 - Setup a staff patron with permissions:
- catalogue
- reserveforothers
- course_reserves
2 - Log in to staff client as that patron
3 - Find a record and click to place a hold
4 - Type more than three letters into the search bar but don't submit
5 - Note that you will not receive autocomplete results
6 - Either submit, or try to visit any page in staff client
7 - Your session has been expired, you must log in again
8 - Log in, go to course reserves
9 - As before, trigger the autocomplete search in the instrcutor field
10 - Again your session has been terminated
11 - Apply patch
12 - Repeat above actions, this time you will not be kicked out
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 5 Jan 2018 16:29:06 +0000 (13:29 -0300)]
Bug 19792: Few minor fixes
- No string extrapolation needed on SQL queries
- '== undef' must be written 'if not defined'
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Wed, 27 Dec 2017 16:04:36 +0000 (17:04 +0100)]
Bug 19792: (QA follow-up) Move anonymous sub out of GetHierarchy
Test plan:
Run t/db_dependent/Budgets.t.
Without both patches, running the test is slower than with only the first
or both patches.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
David Bourgault [Mon, 11 Dec 2017 16:56:27 +0000 (11:56 -0500)]
Bug 19792: Performance boost for GetBudgetHierarchy
This patches reduces the number of SQL calls by combining multiple calls to the recursive functions GetBudgetSpent(), GetBudgetOrdered(), etc. into 4 big queries.
It also removes duplicate function calls from acqui-home.pl
Test plan:
0) Visit Acquisition home
0) Apply patch
1) Refresh page. It shoud look identical.
2) prove t/db_dependent/budgets.t
Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jon Knight <J.P.Knight@lboro.ac.uk> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 22 Dec 2017 17:52:26 +0000 (14:52 -0300)]
Bug 19579: Do not confirm the registration if email already used - PatronSelfRegistrationEmailMustBeUnique
If PatronSelfRegistrationVerifyByEmail and
PatronSelfRegistrationEmailMustBeUnique are set, it should not be
possible to register twice with the same email.
However the test is made on already created patron cards when the
registration is done.
Which means it is possible to register several times with the same
email address and click on the registration link to finalise the
registration.
This patch adds a test when the registration link is clicked and display
the "Registration invalid" generic message if the same email is used
Test plan:
1. Patron submits self registration form using the same email address 3
times
2. Patron receives 3 verification emails
3. Patron clicks on 3 verify token URLs
=> Only the first registration should succeed, the 2 others must fail
Maybe we should display a more specific message?
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Victor Grousset [Fri, 20 Apr 2018 09:17:26 +0000 (11:17 +0200)]
Bug 20623: Fix basket group PDF when itemtype not itemtype table
When an item has an itemtype not in the itemtype table. Trying to fetch
it's description lead to an error.
Using authorized values like ccode to populate the itemtypes of the
biblioitems (instead of the itemtype table) can lead to such data.
Or importing records with invalid itemtype codes. Koha doesn't do enough
checks at import to at least warn about these issues.
== Test plan ==
1. first we need an item with an itype not in the item_types table
1. download a record as MARCXML
2. find it's item type in administration; and the related code
3. open the MARCXML file and search for occurences of the code
and replace them by some non-existing value like "FOOBAR"
4. also change the barcode so it won't be ignored because
it's a duplicate
5. also change the title to easily find it later in the search
6. tools → "Stage MARC records for import"
7. upload your file
8. "stage for import"
9. click "Manage staged records"
You should end on the page related to your staged record
10. "Import this batch into the catalog"
2. now we need it in a basket group
1. have/create a active budget
2. have/create a fund
3. have/create a vendor with minimal info
4. create a basket with minimal info
5. add our imported item to the basket
for example search it by name
6. go to the basket. URL should be
/cgi-bin/koha/acqui/basket.pl?basketno=XXXXX
7. close this basket
and tick "Attach this basket to a new basket group with the same name"
8. you will end up in the basket groups lists
9. go to the "closed" tab
11. go to the basket group
your vendor page => Basket groups => Closed
3. export as PDF, it should fail (internal server error)
this is the bug (no kidding ^_^)
4. apply this patch
5. reexport the basket as PDF
6. it should work
7. create an item type (in administration)
that has the same code as the one that you put in the MARCXML
8. reexport the basket as PDF
9. check that in the PDF that the description is here:
table at the bottom of the document → "Document" column
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Mon, 7 May 2018 18:04:33 +0000 (15:04 -0300)]
Bug 20722: Display search results when searching only by ITEMTYPECAT
- Create an entry for the ITEMTYPECAT authorised value category.
Make sure to fill in the OPAC description.
- Go to administration > itemtypes and add the new category to 2 item types.
- Go to the OPAC and check that the advanced search shows your new itemtype
group instead of the individual itemtypes.
- Check the checkbox and Search.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Wed, 2 May 2018 12:50:32 +0000 (14:50 +0200)]
Bug 20695: Fix multiple upload result in tools/upload script
Instead of calling UploadedFiles->find only once with $id, we should
extract all comma separated id's from the parameter.
Test plan:
[1] Before this patch, upload two files at once in Tools/Upload. After doing
so, you should see only one result reported. But both files should
have been uploaded.
[2] With this patch, repeat step 1 and see two upload results.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Patch applies and functions as described. Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett [Mon, 7 May 2018 18:14:22 +0000 (18:14 +0000)]
Bug 20719: USE Branches in TT files
TEST PLAN
---------
In the staff client on a kohadevbox:
1) Enable the HouseboundModule system preference.
2) Enable the EnableBorrowerFiles system preference.
3) Go to a patron detail page.
-- note the Home library is shown.
4) Go to Fines tab (left pane)
-- Home library is still shown.
5) Click each of the four horizontal tabs
(Account, Pay fines, Create manual invoice,
Create manual credit)
-- Home library not visible for both create tabs
and the account tab
6) Click the 'Create manual invoice' tab, and create
some kind of entry.
7) On the 'Account' tab, the table has a 'Details' button.
Click that.
-- Home library not visible.
8) Click the 'Details' tab in the left pane.
9) Click 'More' button and choose 'Delete'
-- Home library not visible when asked for delete
confirmation.
10) Cancel that, and if you know how to actually
set up the Norwegian system preferences you can
figure out how to test the nl-search change.
After seeing all these not visible, apply this patch.
Repeat all the steps, but this time the Home library
should be visible.
Works OK.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Amit Gupta [Mon, 7 May 2018 12:18:57 +0000 (17:48 +0530)]
Bug 20719: Add missing USE Branches to files.tt
Test
On a kohadevbox:
0. Enable the EnableBorrowerFiles system preference
1. Go to any patron, and click on the 'Files' tab in the
left pane.
-- the Home library is not displayed.
2. Apply the patch, restart_all, and reload the page.
-- the Home library is now displayed.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Fri, 19 Jan 2018 12:34:20 +0000 (09:34 -0300)]
Bug 20746: Move it-IT files to optional
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20745: koha-zebra doesn't return the correct error codes
This patch makes koha-zebra return 0 (or 1) even when verbose mode is
off. This made koha-zebra --start always return a failure even when the
daemon was correctly launched.
To test:
- Have Zebra running for kohadev instance on your KohaDevBox
- Run:
$ sudo koha-zebra --stop kohadev && echo yay || echo doh
=> FAIL: 'doh' is printed
- Run:
$ sudo koha-zebra --start kohadev e&& echo yay || echo doh
=> FAIL: 'doh' is printed as well
- Apply this patch
- Run:
$ sudo perl misc4dev/cp_debian_files.pl
$ sudo koha-zebra --stop kohadev && echo yay || echo doh
=> SUCCESS: 'yay' is printed
- Run:
$ sudo koha-zebra --start kohadev e&& echo yay || echo doh
=> SUCCESS: 'yay' is printed
- Sign off :-D
Sponsored-by: ByWater Solutions Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett [Mon, 30 Oct 2017 03:28:20 +0000 (03:28 +0000)]
Bug 19181: Change to use ENV, fix login and passwords
The kohadevbox has admin/admin set, so for testing when
creating the initial superuser, if you wish to minimize
effort, use admin/admin. Otherwise, make sure to:
export KOHA_USER={whatever your user is}
export KOHA_PASS={whatever your password is}
before attempting to run the test.
Also, this test was failing because of a validation check on
the passwords requiring uppercase letters, lowercase letters,
and numbers. Changed the sample data passwords to fix.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Alex Buckley [Thu, 20 Jul 2017 10:50:49 +0000 (10:50 +0000)]
Bug 19181: Selenium test for logging into the Koha intranet and OPAC
This selenium test goes through the process of creating a category and
patron user (as is completed in the basic_workflow.t test) then the
superlibrarian used to create them is logged out and the newly created
patron user authenticates into the OPAC and staff intranet therefore testing the
authenitcation of both.
Test plan (this test plan includes how to install Selenium as well as
how to run this test, for the benefit of people who have not got
Selenium installed on their machines):
Note: This will start up the selenium server. Everytime you want to shut
down this terminal window and want to restart Selenium just run the step
9 command to restart the Selenium server
10. Open a new terminal window and write in:
git clone https://github.com/gempesaw/Selenium-Remote-Driver --branch
build/master --single-branch --depth 1
11. cd Selenium-Remote-Driver
12. perl Makefile.PL
13. make
14. make test
15. sudo make install
16. Now everything is installed and you can et up for running the selenium tests
17. Create a superlibrarian user with the username koha and password
koha
18. If your usual port configuration for the intranet and OPAC is 8081
and 8080 respectively then set the staffClientBaseURL and OPACBaseURL
system preferences to localhost:8080 and localhost:80 respectively
19. sudo koha-shell <instancename>
20. perl t/db_dependent/selenium/authenticate.t
21. The test should pass.
Note: The time_diff comments in the test output showing what the test is
doing
Note: If you have issues with installing Selenium and
Selenium::Remote::Driver please write a comment on the bug report and I
will be more than happy to create a screencapture video showing all the
steps
Sponsored-By: Catalyst IT
https://bugs.koha-community.org/show_bug.cgi?id=19181
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 4 May 2018 07:54:30 +0000 (09:54 +0200)]
Bug 11943: Add unit test for double accepts
Test plan:
Run t/db_dependent/Virtualshelves.t
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 4 May 2018 07:34:02 +0000 (09:34 +0200)]
Bug 11943: Prevent double accepts in Koha::Virtualshelfshare
This 'bug' existed long enough now to finally remove it ;)
We do so by deleting the invitation if the borrower already has a share
on this list. Actually not that hard.
We still need: a unit test and a db revision.
Test plan:
[1] Share a list. Let user B accept.
[2] Without this patch: Share again and let B accept again.
[3] Verify that you have two shares for this list in virtualshelfshares.
[4] With this patch: Share another list, let B accept.
[5] Share this other list again, let B accept again.
[6] Verify that virtualshelfshares does not contain double entries now.
(Note: This pertains to the second list only.)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20734: Add warning to the about page if RESTOAuth2ClientCredentials and not Net::OAuth2::AuthorizationServer
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the /token endpoint and the authenticate_api_request
method behave correctly in the event of missing deps for OAuth2.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: The behaviour is not implemented
- Apply this patch
- Run:
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20624: (QA follow-up) Unit tests for missing deps situation
This patch tests the situation in which Net::OAuth2::AuthorizationServer
is missing. It mocks Module::Load::Conditional::can_load and expects the
/token endpoint answers 'Unimplemented grant type' to all requests, and
the 'authenticate_api_request' in 'under' exit with unauthorized (403)
to requests in which the Authorization header is passed containing a
Bearer token, but OAuth2 is not really available.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because our REST endpoints don't support this
behaviour.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20624: Make staff client respect RESTOAuth2ClientCredentials
This patch makes the staff client UI respect the
RESTOAuth2ClientCredentials syspref.
To test:
- Make sure RESTOAuth2ClientCredentials is "Don't enable"
- Go to a patron's detail page
=> SUCCESS: The 'More' dropdown doesn't show the API keys management
link.
- Enable RESTOAuth2ClientCredentials
- Reload
=> SUCCESS: The 'More' dropdown shows the API keys management link
- Click on the API keys management link
=> SUCCESS: You can edit the api keys
- Disable the syspref
- Reload
=> SUCCESS: You are presented an error 400 page.
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20624: Make /api/v1/oauth/token respect RESTOAuth2ClientCredentials
This patch makes the /api/v1/oauth/token enpoint respect the
RESTOAuth2ClientCredentials syspref. It will return 400 (with
'Unimplemented grant type' error message) on the event of the syspref
being disabled and the grant_type => 'client_credentials' value passed.
To test:
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: It fails because the off-switch is not implemented
- Apply this patch
- Run:
k$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds tests to verify that disabling the RESTOAuth2ClientCredentials syspref
makes any request on the /api/v1/oauth/token using the
'client_credentials' grant fail with 'grant not implemented'.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests fail because the change is not implemented!
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
As Martin correctly highlighted, the method name is not correctly
spelled in POD. This patch fixes it.
To test:
- Look carefully
=> FAIL: Method name is _verify_client_cb but POD says _verify_client_db
- Apply this patch
- Look carefully
=> SUCCESS: Notice the POD is fixed!
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20612: Make OAuth2 use patron's client_id/secret pairs
This patch wires the OAuth related code so it leverages on the new
Koha::ApiKey(s) classes and tools introduced by bug 20568 instead of the
hardcoded entries in koha-conf.xml originally proposed by bug 20402.
To test revisit the test plan for bug 20402, and verify that it works.
But create API key pairs instead of writing them down in koha-conf.xml.
Also:
- Run:
$ prove t/db_dependent/api/v1/oauth.t
=> SUCCESS: Tests pass!
- Sign off :-D
Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the oauth.t tests leverage on the new Koha::ApiKey(s)
classes. It adds tests for expired tokens too.
To test:
- Apply this patch
- Run:
$ kshell
k$ prove t/db_dependent/api/v1/oauth.t
=> FAIL: Tests should fail without the rest of the patches.
Sponsored-by: ByWater Solutions Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Benjamin Rokseth <benjamin.rokseth@deichman.no> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20568: (QA follow-up) Get rid of the id column
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20568: (QA follow-up) Make sure client_id and secret are not overwritten on store
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20568: (QA follow-up) Test client_id and secret are not overwritten
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch addresses the request from Julian that api keys are expected
to be client id/secret pairs.
It does so by
- Adding 'client_id' and 'secret' columns
- Removing 'value'
Tests got adjusted and so controller scripts and templates.
Both libs and tests changes have been squashed. This ones remain in
order to keep Owen's attribution on the template changes and avoid
rebase conflicts.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Owen Leonard [Mon, 16 Apr 2018 15:23:50 +0000 (15:23 +0000)]
Bug 20568: (follow-up) Interface and markup changes
This patch makes some interface changes to bring things better in line
with existing interface patterns. This patch also re-indents the
modified templates with 4 spaces instead of 2 and makes <input>s
self-closing.
Also changed: Corrected system preference check in opac-apikeys.pl.
To test, apply the patch and:
In the staff client:
- Open a patron record and choose More -> Manage API keys.
- There should be a standard message dialog containing a link to
"Generate a new key."
- Clicking the link should show the form for adding a new key.
- Test that clicking the "Cancel" link hides the form.
- Test that creating the new key works correctly.
- You should now see a table showing existing keys and a "Generate a
new key" button above it.
- Test that the "Delete" button asks for confirmation, and that
confirming and denying both work correctly.
- Test that "Revoke" and "Activate" actions still work correctly.
In the OPAC:
- Set the AllowPatronsManageAPIKeysInOPAC system preference to "Allow."
- Log in to the OPAC and click the "your API keys" link in the sidebar.
- Clicking the "Generate new key" button should display the form for
adding a new key.
- Clicking the "cancel" link should hide the form.
- Submitting the form should add a new key.
- You should now see a table showing existing keys.
- Test that the "Delete" link asks for confirmation, and that
confirming and denying both work correctly.
- Test that "Revoke" and "Activate" actions still work correctly.
- Set the AllowPatronsManageAPIKeysInOPAC system preference to "Don't
allow."
- Log in to the OPAC and confirm that the "your API keys" link in the
sidebar is no longer visible.
- Confirm that navigating directly to /cgi-bin/koha/opac-apikeys.pl
results in a 404 error.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes the OPAC interface for API keys management work
with the new lib. Verify all actions work for a logged user.
Users without login should be redirected to an error page.
The AllowPatronsManageAPIKeysInOPAC syspref is added to control if the
OPAC feature is enabled or not.
To test:
- Verify the syspref works
- Verify users can manage their API keys
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds unit tests for the introduced classes: Koha::ApiKey(s).
To test:
- Apply this patch
- Run
$ kshell
k$ prove t/db_dependent/Koha/ApiKeys.t
=> FAIL: Tests fail because the feature is not implemented.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20568: Add mandatory description field for api keys
This patch changes the table structure adding fields usually found on
this kind of api management pages.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Mon, 23 Mar 2015 19:14:23 +0000 (20:14 +0100)]
Bug 20568: API keys management in interface
This introduces the concept of API keys for use in the new REST API.
A key is a string of 32 alphanumerical characters (32 is purely
arbitrary, it can be changed easily).
A user can have multiple keys (unlimited at the moment)
Keys can be generated automatically, and then we have the possibility to
delete or revoke each one individually.
Test plan:
1/ Go to staff interface
2/ Go to a borrower page
3/ In toolbar, click on More -> Manage API keys
4/ Click on "Generate new key" multiple times, check that they are
correctly displayed under the button, and they are active by default
5/ Revoke some keys, check that they are not active anymore
6/ Delete some keys, check that they disappear from table
7/ Go to opac interface, log in
8/ In your user account pages, you now have a new tab to the left "your
API keys". Click on it.
9/ Repeat steps 4-6
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Thu, 12 Apr 2018 07:17:43 +0000 (09:17 +0200)]
Bug 20402: Fix oauth.t
GET /patrons now requires { "borrowers": 1 } instead of
{ "borrowers": "edit_borrowers" }
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Julian Maurice [Tue, 13 Mar 2018 12:17:12 +0000 (13:17 +0100)]
Bug 20402: Implement OAuth2 authentication for REST API
It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.
Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an <api_client> element under <config>:
<api_client>
<client_id>$CLIENT_ID</client_id>
<client_secret>$CLIENT_SECRET</client_secret>
<patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
</api_client>
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
configuration:
- OAuth flow: Client credentials
- Access Token Request Method: POST
- Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
- Access Token Request Client Authentication: Credentials in request
body
- Client ID: $CLIENT_ID
- Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
(which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
http://$KOHA_URL/api/v1/patrons then click on SEND
If patron X has permission 'borrowers', it should return 200 OK
with the list of patrons
Otherwise it should return 403 with the list of required permissions
(Please test both cases)
7. Wait an hour (or run the following SQL query:
UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
You should have a 403 Forbidden status, and the token must have been
removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
using the previous SQL query, and run the following command:
misc/cronjobs/cleanup_database.pl --oauth-tokens
Verify that expired tokens were removed, and that the others are
still there
9. prove t/db_dependent/api/v1/oauth.t
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds a --timezone switch to koha-create so the timezone can
be set on creation time. It defaults to empty (i.e. using the server's
local time).
To test:
- Create an instance:
$ sudo koha-create --create-db timezone1
=> SUCCESS: /etc/koha/sites/timezone1/koha-conf.xml contains an empty
<timezone> entry.
- Apply this patch
- Run:
$ perl misc4dev/cp_debian_files.pl
- Create a new instance:
$ sudo koha-create --create-db timezone2
=> SUCCESS: /etc/koha/sites/timezone2/koha-conf.xml contains an empty
<timezone> entry (i.e. the current behaviour is preserved).
- Create a new instance:
$ sudo koha-create --create-db --timezone Your/Timezone timezone3
=> SUCCESS: /etc/koha/sites/timezone3/koha-conf.xml contains
<timezone>Your/Timezone</timezone> (i.e. introduced behaviour works)
- Sign off :-D
Sponsored-by: ByWater Solutions Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mason James [Tue, 1 May 2018 01:24:37 +0000 (13:24 +1200)]
Bug 20686: OPAC shows 'Login to OverDrive account' with 'OverDriveCirculation' syspref disabled
ps: you will need an active and working overdrive account to test this patch
1/ prepare a koha with overdrive sysprefs set and working
(OverDriveLibraryID,OverDriveClientKey,OverDriveClientSecret)
2/ set OverDriveCirculation syspref to 'disable'
3/ do an opac search, note the 'Login to OverDrive account' message is incorrectly displayed
see pic 1
4/ apply patch
5/ do an opac search, note the 'Login to OverDrive account' message is no longer displayed (good)
see pic 2
Can confirm that bug is replicable and patch applies and functions as described. Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Tue, 27 Feb 2018 16:37:53 +0000 (13:37 -0300)]
Bug 20305: Remove warnings from tools scripts
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Marcel de Rooy [Fri, 4 May 2018 06:10:46 +0000 (08:10 +0200)]
Bug 20687: (follow-up) Look for invitekey in show_accept and fix error codes
We should check the invitekey in show_accept by passing it along in the
search call.
On the way I fixed some error checking: if the list number is invalid, or
the list is public or you are the owner, or if the key is not found, we
should set the right error code; the template contains those messages.
Test plan:
[1] Share a list and accept a correct invitation with another user.
[2] Try to accept some invalid proposals: wrong key, wrong list.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested invalid key, wrong list, owner, public list, expiry.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Nick Clemens [Tue, 1 May 2018 13:47:18 +0000 (13:47 +0000)]
Bug 20687: Check all share keys for a given list
This patch gets all the shares for a list and iterates through to find
the correct one when accepting from a link
To test:
1 - Create a private list in the opac
2 - Invite 2 patrons to the list
3 - Try to accept from the patron you first shared to
4 - You will get a failure message about expiration of the link
5 - Apply patch
6 - Now try to accept the first share
7 - It works! Success!
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 20284: ILLModuleCopyrightClearance text breaks
This patch fixes the display of the copyright notice text that is defined
in ILLModuleCopyrightClearance preference when placing ILL requests from
the OPAC. Handling of the copyrightclearance stage was missing,
this has been added.
To test:
1) Ensure you have at least one ILL backend available:
https://wiki.koha-community.org/wiki/ILL_backends
2) Ensure you have the "ILLModule" preference enabled
3) Add some text to the "ILLModuleCopyrightClearance" preference
4) Navigate to a search results page in the catalog
5) Click the "Make an Interlibrary Loan request" link at the bottom
6) Choose "Create a new request", then select a backend
7) Observe the text you added earlier is displayed with buttons for
agreeing or disagreeing (prior to this patch, this screen displayed
an error)
8) Observe that clicking "Yes" takes you to the form for adding request
details
9) Observe that clicking "No" takes you back to the "Interlibrary loan
requests" page
Signed-off-by: Barry Cannon <bc@interleaf.ie> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett [Thu, 26 Apr 2018 04:31:32 +0000 (04:31 +0000)]
Bug 20663: Add some POD, so koha test tools don't complain
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett [Thu, 26 Apr 2018 04:17:51 +0000 (04:17 +0000)]
Bug 20663: Remove dead code related to compound reports
TEST PLAN
---------
git grep "Create Compound Report"
-- only one file
git grep compound | grep 1
-- this is the only setting of the compound tt variable
less koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt
-- There is an TT IF statement for compound.
-- In that statement it would trigger 'Save Compound'
git grep save_compound
-- only the template and the guided report perl
git grep create_compound
-- only triggered by the save code in the guided report perl
-- in the export for the C4/Reports/Guided.pm
git grep run_compound
-- left over in export
apply the patch
look around and see the pieces are cleaned up.
run koha qa test tools
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Katrin Fischer [Sun, 22 Apr 2018 22:00:17 +0000 (22:00 +0000)]
Bug 19171: Attempt to make "no holds possible" messages less confusing
At the moment, when no holds are possible, the OPAC reads something
like:
Sorry, none of these items can be placed on hold.
No items available.
This is confusing to the patrons, because the records have items,
but they are not showing. The record also may have available items,
they are just not permitted to place holds on them.
Changes:
- Only display the first message, when somoene tried unsuccessfully
to place holds on multiple records.
- Change first message to: Sorry, none of these titles can be placed on hold.
- Change the second message to read:
No items available to be placed on hold.
- Remove <strong> around Sorry for better translatability.
To test:
- Try to place a hold on single record, where no hold is possible.
- Try to place a hold on a single record, where a hold is possible.
- Try to place holds on multiple records where no hold is possible.
- Try to place holds on multiple records where at least one hold
is possible.
Verify the screen messages make sense in all cases.
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Fixed stray </strong> during signoff.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
For consistency with staff, I renamed multi_holds to multi_hold.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Jonathan Druart [Thu, 3 May 2018 17:30:00 +0000 (14:30 -0300)]
Bug 11317: Add id and class attributes to body
This fixes xt/tt_valid.t
# Failed test '<body> tag with id and class attributes'
# at xt/tt_valid.t line 91
# Files list:
# intranet-tmpl/prog/en/modules/tools/access_files.tt: 8
# Looks like you failed 1 test of 3.
[16:44:56] xt/tt_valid.t
Dubious, test returned 1 (wstat 256, 0x100)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Katrin Fischer [Sat, 28 Apr 2018 00:30:55 +0000 (02:30 +0200)]
Bug 11317: (QA follow-up) Change tool name to be more general
I think this tool could be used in multiple ways, for all kinds
of files that you want to protect by login in Koha. So a more
general name might work better.
This is a suggestion, not mandatory.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 11317: (follow-up) Add two-level entry to koha-conf and remove unwanted characters
- Removed merge marker
- Changed include path in favor of using the Asset tt plugin (bug 20538)
- Changed access_dir to a two-level entry for clarity
Test plans stay the same, just make sure that the two-level configuration entry
work properly and everything pass QA.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 11317: Add a way to access files from the intranet
This squash contains all of these commits:
- Adds a page to access log files on the server from the intranet
- Update ID to allow for permalinking
- Rename config to "'accessdir' and fix qa
- Allows for multiple directories to be accessible
- Update the link under reports
- (Follow-up) Fixing merge error and cosmetic changes
- (Follow-up) Fix tab chars and move javascript to the footer
- (QA Follow-up) Fix datatable
- Make filename unicode-proof, renamed accessdir to access_dir and fix update
Test plans:
- Apply patch, update database
- Add to koha-conf:
<access_dir>/tmp/koha-public/one</access_dir>
<access_dir>/tmp/koha-public/two</access_dir>
<access_dir>/tmp/koha-public</access_dir>
- Create these directories ( mkdir /tmp/koha-public , etc...)
- Create these files:
echo "hello world!" > /tmp/koha-public/❤
echo "test" > /tmp/koha-public/one/samename.txt
echo "this is not the same" > /tmp/koha-public/two/samename.txt
- Login as Superadmin, go to tools > reports files
- Click on ❤, make sure it's downloadable and readable
- Click on both samename.txt, look inside and make sure the file is different
- Login as NON-superadmin. Go under tools, see no Report/Log under the third column
- Go to add tools/access_file permission to user
- See new entry under tools third column.
- validate link is ok.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Mark Tompsett [Wed, 28 Mar 2018 22:40:09 +0000 (22:40 +0000)]
Bug 20103: Readonly::XS is completely bogus post perl 5.8
A ha! Lie about who we are, and the module will return a version.
./koha_perl_deps.pl -a
-- before patch Readonly::XS is 0
-- after patch it has a version number.
run koha qa test tools
Signed-off-by: Victor Grousset <victor.grousset@biblibre.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Josef Moravec [Mon, 19 Mar 2018 09:27:07 +0000 (09:27 +0000)]
Bug 20444: Use Koha::Patron::Attribute::Types object for getting patron attributes in letter.pl
Test plan:
0) Apply the patch
1) Do not have any patron attribute types defined
2) Go to Tools -> Notices and slips
3) Edit any slip/letter which uses table borrower
4) Confirm the editing works, and the slip/letter itself works
5) Add some patron attributes types and define them a value for any
patron
6) Go to Tools -> Notices and slips and edit any slip/letter which uses
table borrower
7) Confirm, the attributes are listed in available fields
8) Confirm the slip/letter is working when you add a attribute to it
Signed-off-by: Séverine QUEUNE <severine.queune@bulac.fr> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Alex Arnaud [Tue, 5 Dec 2017 10:43:05 +0000 (10:43 +0000)]
Bug 19752: offline_circ/service.pl - Return HTTP status 401 when authentication failed and add option nocookie
Test plan:
- Apply this patch,
- log in to Koha,
- go to cgi-bin/koha/offline_circ/service.pl with no valid user
and password as parameters and nocookie set to 1. i.e:
cgi-bin/koha/offline_circ/service.pl?userid=alex&password=wrongpass&nocookie=1,
- auth should fail
- check that the response code is 401
Signed-off-by: Maksim Sen <maksim.sen@inlibro.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Victor Grousset [Tue, 16 Jan 2018 09:06:20 +0000 (10:06 +0100)]
Bug 19972: Make holds to pull list honors item-level_itypes syspref
And reflect that in the UI strings + variable names
Test plan:
1. Set syspref "item-level_itypes" to "specific item"
2. Create a hold on a record with one item
3. Change the document type of the item
4. Check that the item edition page and the record page show 2 different
types.
5. Go to /cgi-bin/koha/circ/pendingreserves.pl
6. Check that the displayed type is the item one
7. Set syspref "item-level_itypes" to "biblio record"
8. Go to /cgi-bin/koha/circ/pendingreserves.pl
9. See that the displayed type is the item one. When the sysopref says
"record"
This is the bug.
10. Apply this patch
11. Go to /cgi-bin/koha/circ/pendingreserves.pl
12. See that the displayed type now follows the syspref
13. Set syspref "item-level_itypes" to "specific item"
14. Go to /cgi-bin/koha/circ/pendingreserves.pl
15. See that the displayed type still follows the syspref
Signed-off-by: Lucie Gay <lucie.gay@ens-paris-saclay.fr> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>