[Bug 29894] New: Trying to still improve Koha/Auth/TwoFactorAuth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Bug ID: 29894 Summary: Trying to still improve Koha/Auth/TwoFactorAuth Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: m.de.rooy@rijksmuseum.nl QA Contact: testopia@bugs.koha-community.org Follow-up report on bug 28786 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart+koha@gmail. | |com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #1 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- I was thinking about if we should pass in the patron's secret and not make it an automatic default. But decided to leave it as-is now. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #2 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- I do like to have only a secret parameter and handle the secret/secret32 stuff inside the module only. Expirementing a bit now. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #3 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Throw some exceptions on missing parameters. Trivial edits. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #4 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Still thinking about what we do now in registering: create secret, pass it out, get it back, etc. Easy way to build the qr but not pass the secret in that process? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #5 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #4)
Still thinking about what we do now in registering: create secret, pass it out, get it back, etc. Easy way to build the qr but not pass the secret in that process?
Obviously the secret is in the qr code. I know.. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #6 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Add some additional tests -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #7 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129538 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129538&action=edit Bug 29894: Module changes (preliminary) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |m.de.rooy@rijksmuseum.nl |ity.org | Status|NEW |ASSIGNED -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #8 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129539 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129539&action=edit Bug 29894: First draft for testing -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |29873 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29873 [Bug 29873] 2FA: Generate QR code without exposing secret via HTTP GET -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #9 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #2)
I do like to have only a secret parameter and handle the secret/secret32 stuff inside the module only. Expirementing a bit now.
I am skipping this. Too much shuffling. But will improve validation. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #10 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #4)
Still thinking about what we do now in registering: create secret, pass it out, get it back, etc. Easy way to build the qr but not pass the secret in that process?
The CSRF token protects the secret. Fine enough probably. Especially if we would send a notice when we register or deregister 2FA to inform the user about such a change. That notice might be a simple pragmatic additional precaution. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #11 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129669 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129669&action=edit Bug 29894: Add some exceptions to TwoFactorAuth module Test updated accordingly. Adding utf8 flag to CGI in staff script. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #12 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129670 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129670&action=edit Bug 29894: Clear secret when disabling 2FA Test plan: Deregister 2FA for patron. Check if secret is empty in borrowers.secret. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Trying to still improve |2FA: Add few validations, |Koha/Auth/TwoFactorAuth |clear secret, send register | |notice -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129538|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129539|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Small patch Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129669|0 |1 is obsolete| | --- Comment #13 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129689 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129689&action=edit Bug 29894: Add some exceptions to TwoFactorAuth module Test updated accordingly. Adding utf8 flag to CGI in staff script. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129670|0 |1 is obsolete| | --- Comment #14 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129690 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129690&action=edit Bug 29894: Clear secret when disabling 2FA Test plan: Deregister 2FA for patron. Check if secret is empty in borrowers.secret. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #15 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129691 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129691&action=edit Bug 29894: Db rev for adding notices This dbrev adds two notices: 2FA_REGISTER and 2FA_DEREGISTER Test plan: Run the dbrev. Check if you see them on Tools/Notices. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #16 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 129692 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129692&action=edit Bug 29894: Send a confirmation notice When registering or deregistering, send a confirmation. Test plan: Register or deregister with patron having email address. Verify that you got a confirmation mail. Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #17 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- FAIL Koha/Auth/TwoFactorAuth.pm FAIL valid Constant subroutine Koha::Auth::TwoFactorAuth::CONFIRM_NOTICE_REG redefined Constant subroutine Koha::Auth::TwoFactorAuth::CONFIRM_NOTICE_DEREG redefined Dont let this bother you. No problem with these constants. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20476 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476 [Bug 20476] Two factor authentication for the staff client - omnibus -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129689|0 |1 is obsolete| | --- Comment #18 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 133286 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133286&action=edit Bug 29894: Add some exceptions to TwoFactorAuth module Test updated accordingly. Adding utf8 flag to CGI in staff script. Test plan: Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129690|0 |1 is obsolete| | --- Comment #19 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 133287 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133287&action=edit Bug 29894: Clear secret when disabling 2FA Test plan: Deregister 2FA for patron. Check if secret is empty in borrowers.secret. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129691|0 |1 is obsolete| | --- Comment #20 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 133288 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133288&action=edit Bug 29894: Db rev for adding notices This dbrev adds two notices: 2FA_REGISTER and 2FA_DEREGISTER Test plan: Run the dbrev. Check if you see them on Tools/Notices. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129692|0 |1 is obsolete| | --- Comment #21 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 133289 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133289&action=edit Bug 29894: Send a confirmation notice When registering or deregistering, send a confirmation. Test plan: Register or deregister with patron having email address. Verify that you got a confirmation mail. Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #22 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Rebased -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |28998 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28998 [Bug 28998] Encrypt borrowers.secret -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133286|0 |1 is obsolete| | --- Comment #23 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 133562 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133562&action=edit Bug 29894: Add some exceptions to TwoFactorAuth module Test updated accordingly. Adding utf8 flag to CGI in staff script. Test plan: Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133287|0 |1 is obsolete| | --- Comment #24 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 133563 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133563&action=edit Bug 29894: Clear secret when disabling 2FA Test plan: Deregister 2FA for patron. Check if secret is empty in borrowers.secret. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133288|0 |1 is obsolete| | --- Comment #25 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 133564 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133564&action=edit Bug 29894: Db rev for adding notices This dbrev adds two notices: 2FA_REGISTER and 2FA_DEREGISTER Test plan: Run the dbrev. Check if you see them on Tools/Notices. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133289|0 |1 is obsolete| | --- Comment #26 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 133565 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133565&action=edit Bug 29894: Send a confirmation notice When registering or deregistering, send a confirmation. Test plan: Register or deregister with patron having email address. Verify that you got a confirmation mail. Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #27 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 133566 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133566&action=edit Bug 29894: (follow-up) Update notice terms Register and Derigister didn't sound right, in reality we we enabling and disabling 2FA for the user so I think those terms are more understandable. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off CC| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #28 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- All works well so signing off.. I added a follow-up to use what I feel are clearer terms in the notices. My one caveat is something doesn't feel quite right about the introduction of 'send_confirm_notice' as a method in Koha::Auth::TwoFactorAuth, but I can see why you do it so it's testable.. I'll leave that query to QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #29 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- (In reply to Martin Renvoize from comment #28)
My one caveat is something doesn't feel quite right about the introduction of 'send_confirm_notice' as a method in Koha::Auth::TwoFactorAuth, but I can see why you do it so it's testable.. I'll leave that query to QA
That's something I noticed as well, it feels misplaced. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #30 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Jonathan Druart from comment #29)
(In reply to Martin Renvoize from comment #28)
My one caveat is something doesn't feel quite right about the introduction of 'send_confirm_notice' as a method in Koha::Auth::TwoFactorAuth, but I can see why you do it so it's testable.. I'll leave that query to QA
That's something I noticed as well, it feels misplaced.
Yeah. This was kind of expected. Will try to find another home for him. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |BLOCKED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|BLOCKED |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #31 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 133618 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133618&action=edit Bug 29894: (QA follow-up) Get rid of send_confirm_notice Chose here to fall back to $patron->queue_notice. Which is tested already, so removing the additional test code. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #32 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Martin Renvoize from comment #28)
All works well so signing off.. I added a follow-up to use what I feel are clearer terms in the notices.
My one caveat is something doesn't feel quite right about the introduction of 'send_confirm_notice' as a method in Koha::Auth::TwoFactorAuth, but I can see why you do it so it's testable.. I'll leave that query to QA
Thanks, Martin. Addressed the misplaced method now. Joubu, go ahead! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |jonathan.druart+koha@gmail. |y.org |com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133562|0 |1 is obsolete| | Attachment #133563|0 |1 is obsolete| | Attachment #133564|0 |1 is obsolete| | Attachment #133565|0 |1 is obsolete| | Attachment #133566|0 |1 is obsolete| | Attachment #133618|0 |1 is obsolete| | --- Comment #33 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133661 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133661&action=edit Bug 29894: Add some exceptions to TwoFactorAuth module Test updated accordingly. Adding utf8 flag to CGI in staff script. Test plan: Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #34 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133662 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133662&action=edit Bug 29894: Clear secret when disabling 2FA Test plan: Deregister 2FA for patron. Check if secret is empty in borrowers.secret. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #35 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133663 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133663&action=edit Bug 29894: Db rev for adding notices This dbrev adds two notices: 2FA_REGISTER and 2FA_DEREGISTER Test plan: Run the dbrev. Check if you see them on Tools/Notices. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #36 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133664 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133664&action=edit Bug 29894: Send a confirmation notice When registering or deregistering, send a confirmation. Test plan: Register or deregister with patron having email address. Verify that you got a confirmation mail. Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #37 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133665 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133665&action=edit Bug 29894: (follow-up) Update notice terms Register and Derigister didn't sound right, in reality we we enabling and disabling 2FA for the user so I think those terms are more understandable. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #38 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133666 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133666&action=edit Bug 29894: (QA follow-up) Get rid of send_confirm_notice Chose here to fall back to $patron->queue_notice. Which is tested already, so removing the additional test code. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #39 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 133667 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133667&action=edit Bug 29894: Add Selenium tests for disable 2FA Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |22.05.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 --- Comment #40 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to master for 22.05, thanks to everybody involved 🦄 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Bug 29894 depends on bug 29873, which changed state. Bug 29873 Summary: 2FA: Generate QR code without exposing secret via HTTP GET https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29873 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kyle@bywatersolutions.com Status|Pushed to master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org