From 492645a9d2a193672072a69a097d7f837dd0c718 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Thu, 23 May 2024 12:30:46 +0000 Subject: [PATCH] Bug 36941: Limit login branch list when IP restriction enabled This patch adds a new 'ip_limit' option to Koha::Template:Plugin::Branches To test: 1 - Set some branches in the system to have random IPs 2 - Set one branch to have your IP To find the IP in KTD I: Enabled ILS-DI Set ILS-DI:AuthorizedIPs to 1.1.1.1 Visit: http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=GetAvailability&id=248&id_type=biblio And note the unauthorized IP listed 3 - Log out, confirm all branches are listed 4 - Log in, enable StaffLoginRestrictLibraryByIP 5 - Log out, confirm branches with IPs are removed 6 - Confirm branch matching your IP is listed 7 - Choose any of the branches and login 8 - Confirm login works Signed-off-by: David Nind Signed-off-by: Martin Renvoize Signed-off-by: Katrin Fischer --- Koha/Template/Plugin/Branches.pm | 50 +++++++---- .../intranet-tmpl/prog/en/modules/auth.tt | 2 +- .../Koha/Template/Plugin/Branches.t | 83 +++++++++++++++++++ 3 files changed, 117 insertions(+), 18 deletions(-) create mode 100755 t/db_dependent/Koha/Template/Plugin/Branches.t diff --git a/Koha/Template/Plugin/Branches.pm b/Koha/Template/Plugin/Branches.pm index 7090530f38..72870b8b69 100644 --- a/Koha/Template/Plugin/Branches.pm +++ b/Koha/Template/Plugin/Branches.pm @@ -69,36 +69,52 @@ sub GetURL { sub all { my ( $self, $params ) = @_; - my $selected = $params->{selected} // (); - my $unfiltered = $params->{unfiltered} || 0; - my $search_params = $params->{search_params} || {}; - my $do_not_select_my_library = $params->{do_not_select_my_library} || 0; # By default we select the library of the logged in user if no selected passed + my $selected = $params->{selected} // (); + my $unfiltered = $params->{unfiltered} || 0; + my $ip_limit = $params->{ip_limit} && C4::Context->preference('StaffLoginRestrictLibraryByIP') || 0; + my $search_params = $params->{search_params} || {}; + my $do_not_select_my_library = $params->{do_not_select_my_library} + || 0; # By default we select the library of the logged in user if no selected passed if ( !$unfiltered ) { $search_params->{only_from_group} = $params->{only_from_group} || 0; } my @selected = - ref $selected eq 'Koha::Libraries' - ? $selected->get_column('branchcode') - : ( $selected // () ); - - my $libraries = $unfiltered - ? Koha::Libraries->search( $search_params, { order_by => ['branchname'] } )->unblessed - : Koha::Libraries->search_filtered( $search_params, { order_by => ['branchname'] } )->unblessed; + ref $selected eq 'Koha::Libraries' + ? $selected->get_column('branchcode') + : ( $selected // () ); + + my $libraries = + $unfiltered + ? Koha::Libraries->search( $search_params, { order_by => ['branchname'] } )->unblessed + : Koha::Libraries->search_filtered( $search_params, { order_by => ['branchname'] } )->unblessed; + + if ($ip_limit) { + my $ip = $ENV{'REMOTE_ADDR'}; + my @ip_libraries = (); + for my $l (@$libraries) { + my $domain = $l->{branchip} // ''; + $domain =~ s|\.\*||g; + $domain =~ s/\s+//g; + unless ( $domain && $ip !~ /^$domain/ ) { + push @ip_libraries, $l; + } + } + $libraries = \@ip_libraries; + } for my $l (@$libraries) { if ( grep { $l->{branchcode} eq $_ } @selected - or not @selected - and not $do_not_select_my_library - and C4::Context->userenv - and $l->{branchcode} eq ( C4::Context->userenv->{branch} // q{} ) ) + or not @selected + and not $do_not_select_my_library + and C4::Context->userenv + and $l->{branchcode} eq ( C4::Context->userenv->{branch} // q{} ) ) { - $l->{selected} = 1; + $l->{selected} = 1; } } - return $libraries; } diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt index 6d1062e084..386baa3628 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt @@ -151,7 +151,7 @@ diff --git a/t/db_dependent/Koha/Template/Plugin/Branches.t b/t/db_dependent/Koha/Template/Plugin/Branches.t new file mode 100755 index 0000000000..3a7cad98ec --- /dev/null +++ b/t/db_dependent/Koha/Template/Plugin/Branches.t @@ -0,0 +1,83 @@ +#!/usr/bin/perl + +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, see . + +use Modern::Perl; + +use Test::More tests => 2; + +use t::lib::Mocks; +use t::lib::TestBuilder; + +BEGIN { + use_ok('Koha::Template::Plugin::Branches'); +} + +my $schema = Koha::Database->schema; +my $builder = t::lib::TestBuilder->new; + +subtest 'all' => sub { + plan tests => 2; + + $schema->storage->txn_begin; + + my $plugin = Koha::Template::Plugin::Branches->new(); + subtest 'when given no parameters' => sub { + plan tests => 1; + my $libraries = $plugin->all(); + my $library_count = Koha::Libraries->search()->count(); + + is( scalar @$libraries, $library_count, 'We get all the branches' ); + }; + + subtest 'when given parameter "ip_limit"' => sub { + plan tests => 4; + t::lib::Mocks::mock_preference( 'StaffLoginRestrictLibraryByIP', '' ); + $ENV{REMOTE_ADDR} = '127.0.0.1'; + my $library = $builder->build_object( { class => 'Koha::Libraries', value => { branchip => '127.0.0.2' } } ); + my $libraries = $plugin->all( { ip_limit => 1 } ); + my $library_count = Koha::Libraries->search()->count(); + + is( + scalar @$libraries, $library_count, + 'We get all the libraries when ip_limit passed but StaffLoginRestrictLibraryIP not enabled' + ); + + t::lib::Mocks::mock_preference( 'StaffLoginRestrictLibraryByIP', '1' ); + $library_count = Koha::Libraries->search( { branchip => [ undef, '127.0.0.1' ] } )->count(); + $libraries = $plugin->all( { ip_limit => 1 } ); + is( + scalar @$libraries, $library_count, + 'We remove non-matching libraries when ip_limit passed and StaffLoginRestrictLibraryIP enabled' + ); + + $ENV{REMOTE_ADDR} = '127.0.0.2'; + $libraries = $plugin->all( { ip_limit => 1 } ); + $library_count = Koha::Libraries->search( { branchip => [ undef, '127.0.0.2' ] } )->count(); + is( + scalar @$libraries, $library_count, + 'We get all the expected libraries when ip_limit passed and StaffLoginRestrictLibraryIP and IP matches' + ); + + $library->branchip("127.0.*.*"); + $library_count = Koha::Libraries->search( { branchip => [ undef, '127.0.0.2', '127.0.*.*' ] } )->count(); + is( + scalar @$libraries, $library_count, + 'We get all the expected libraries when ip_limit passed and StaffLoginRestrictLibraryIP and IP matches patternwise' + ); + }; + + $schema->storage->txn_rollback; +}; -- 2.39.5