[Koha-bugs] [Bug 27600] SIP2: renew_all shouldn't perform a password check
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 5 13:40:02 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27600
--- Comment #11 from Kyle M Hall <kyle at bywatersolutions.com> ---
(In reply to Nick Clemens from comment #9)
> Signed off following test plan, but I have two questions:
> 1 - add_hold and cancel_hold have the same check - is that also invalid?
> 2 - There is the config 'allow_empty_password' - should we not remove these
> checks, but support that config?
I've gone back and forth on this multiple times in while reading the SIP spec.
I think the key part is that yes, all 3 of these SIP messages have the patron
password as part of the spec, but for all of them it is *optional*. In
addition, the 3 messages we are looking at don't *do* anything with the patron
password. Only patron data and patron info return the "password valid" field.
As such my personal opinion the proper thing to do would be to just remove the
same checkes from Add Hold and Cancel Hold. Koha's current before is not
defined in the spec, not is *any* behavior defined in the spec of patron
passwords for these messages.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list