[Koha-bugs] [Bug 33462] Force password change for new patrons entered by staff

Wed Jul 19 22:07:50 CEST 2023

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33462

--- Comment #7 from Sam Lau <samalau at gmail.com> ---
Created attachment 153689
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=153689&action=edit
Bug 33462: Add ability to force password change for new patrons entered by
staff

This patch attempts to force a password change for new staff created patrons.
This is done by setting the password_expiration_date to an expired date when
adding a new patron. This patch adds a new system preference
'ForcePasswordResetWhenSetByStaff', a new column to the categories table
'force_password_reset_when_set_by_staff', and new columns to the borrowers,
borrower_modification, and deletedborrowers table 'needs_password_reset'

To test:
1) Apply patch, restart_all, updatedatabase, and also be sure to update schema.
2) Visit Administration->Sytem Preferences and search for
'EnableExpiredPasswordReset'. Make sure this is set to enable.
   Now search for  'ForcePasswordResetWhenSetByStaff'. This should be defaulted
to 'Don't force'.
3) Keep that tab open and visit Administration->Patron categories. Click on
edit on the Board category. Noitce that there is a now a 'Force new patron
password reset' section. Notice that the by default, this is set to follow the
ForcePasswordResetWhenSetByStaff system preference (currently set to don't
force). Click on the dropdown and change it to 'Force'. Save changes
4) Click on the Patrons tab to visit members-home.pl and then click 'New
Patron'. Select on Patron. Fill in the required information and also enter a
password.
5) Submit this form and notice that the patron's password expiration date is
set to never. This should be the case because the default for 'Force new patron
password reset' follows the sys. pref. which is still set to 'Don't force' (You
could have some expiry date in this step, but it should at least be set to a
date that is not expired. this depends on whether or not you have a defalut
password expiration date set in patron categories )
6) Log into the OPAC with this patron and notice it works as expected and log
in was successful.
7) Go back to the patron home page and click to add a new patron. This time
select 'Board'. Once again fill out the required info, enter a password, and
then save the form.
8) Notice that for this patron, the password expiration date is set for today's
date. This is because we changed the setting for the 'Board' patron category to
force.
9) Log into the OPAC with this patron. You should be redirected to a page with
an error that says: "It's your first login! You need to reset your password."
Click on the reset password link below this message.
10) You should be sent to a page where you can reset your password. Fill in the
form and click 'Update password'. Attempt to sign into the OPAC with this new
password. Everything works as expected.
11) Go back to the staff interface and view this patron's detail page. Notice
the password expiration date is now set to what the default is in the patron
category.
12) Edit this patrons information and set their password expiration date to
yesterday. Go back to the OPAC and try to sign in with this patron again. Note
that this time, you are also redirected but the message says "Error: Your
password has expired!"
13) Go back to the staff interface and visit the sys. pref tab we left open.
Set it to the 'Force' option and save changes.
14) Visit the patron home page and click add patron, now select the patron
category again. Fill in required info and enter password. Submit form and note
that the patron's password expiration date is set to today. Try to login to the
OPAC with this patron, you should be redirected to the page with the error that
says "Error: It's your first login! You need to reset your password."
15) Sign-off :)

-- 
You are receiving this mail because:
You are watching all bug changes.