[Koha-bugs] [Bug 27812] Remove the ability to transmit a patron's plain text password over email

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Sat Feb 26 22:52:57 CET 2022 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27812

--- Comment #21 from Katrin Fischer <katrin.fischer at bsz-bw.de> ---
I'd really like to see this moving, trying to summarize:

1) Triggering the notice

(In reply to Martin Renvoize from comment #19)
> I actually liked that we triggered on password change.. 

I have had another look, I think the change is that now it will trigger when
the userid is changed:

Before:
if ( C4::Context->preference("AutoEmailOpacUser") == 1 && $newdata{'userid'} 
&& $newdata{'password'}) {

After:
if ( C4::Context->preference("AutoEmailOpacUser") == 1 && $newdata{'userid'}) {

This might be out of scope here, but it seems a little odd before and after the
patch. We might want to have a more solid way of triggering this. My suggestion
would be to match what we have 'on the tin' and what has been the source of a
lot of confusion over the years: 

"Send/Don't send an email to newly created patrons with their account details." 

* Email when a new user is added/saved. This would also resolve bug 18543 about
not being able to send the auto-generated userid.
* Email when a librarian triggers the notice. We could add a button to do that. 

This would also resolve bug 9097.


2) Updating existing notice templates

(In reply to Jonathan Druart from comment #18)
> Existing notice templates still need to be adjusted.
> If we cannot adjust them (because modified or translated) we should add a
> warning if "borrowers.password" or "patron.password" exists.

I think there are possibly too many variations in the templates to auto-update
them. Where should we add the warning? System information tab? The database
update?

3) Translated installers

> We won't remove all the translated installer files for 21.05, and this patch may be backported. We must fix all the .sql files.

True. I could provide a patch for this, but the others are a little too tricky
for me.

4) Move notices to message queue

This is a totally separate bug, but it will be so great: Once this is in we can
move to message_queue and we will exactly know when or when not a notice was
sent (bug 17648)

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list