[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon Jul 10 06:11:41 CEST 2023 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700

Aleisha Amohia <aleisha at catalyst.net.nz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #135173|0                           |1
        is obsolete|                            |

--- Comment #18 from Aleisha Amohia <aleisha at catalyst.net.nz> ---
Created attachment 153248
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153248&action=edit
Bug 30700: Allow staff users to change their password via staff client

Patrons who can log into the staff client (have the 'catalogue'
permission) should be able to change their own password.

To test:
0) Apply the patch, install database updates, restart services. Go to System
preferences and enable the StaffLoginResetPassword system preference.
1) Create a user with only 'catalogue' permissions (Patron A)
2) Log in to the staff client as Patron A
3) Click the menu with your username in the top-right of the window.
Click the 'your account' menu link.
4) Confirm you are forced to a login screen, so you cannot view your
account, which is where the 'change password' link is normally found.
5) Try to access the page to change your password directly
http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X
(swap Patron A's borrowernumber in). Confirm you are forced to a login
screen.
6) Apply this patch and restart services. Go back to the mainpage logged
in as Patron A.
7) Click the menu with your username in the top-right of the window.
Notice there is now a 'Change password' menu link. Go to 'change
password'.
8) Confirm you are now shown a page to change your password. Change your
password, and confirm you are redirect to the mainpage.
9) Try to access the page to change someone else's page directly
http://localhost:8081/cgi-bin/koha/members/member-password.pl?member=X
(swap some other borrowernumber in). Confirm you are redirected to a
404.
10) Log out and log back in as your original borrower. Confirm you are
able to change your password as normal.

Sponsored-by: Education Services Australia SCIS

Signed-off-by: David Nind <david at davidnind.com>

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list