[Bug 29925] New: Add a 'set new password' page for patron's with expired passwords
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Bug ID: 29925 Summary: Add a 'set new password' page for patron's with expired passwords Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: nick@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Add a new page that will accept: 1 - Current password 2 - New password/confirmation 3 - Compare old and new password and confirm they are distinct, do not submit otherwise 4 - Save/update patron's password upon submission 5 - Update patron's password expiration -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |29924 Assignee|koha-bugs@lists.koha-commun |nick@bywatersolutions.com |ity.org | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29924 [Bug 29924] Introduce password expiration to patron categories -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=29926 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #1 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 129877 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129877&action=edit Bug 29925: Add a password reset page for expired passwords This patch adds a new page opac-reset-password where a user cna enter their login (userid or carndumber), current password, and new password. If the user has a password expiration date and the current password is correct and the new passwords match and meet requirements their password will be updated and the expiration date reset A patron whose password does not expire will be reidrected to login to change their password To test: 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset 2 - Set 'Password expiration' for a patron category Home->Administration->Patron categories->Edit 3 - Create a new patron in this category with a userid/password set, and an email 4 - Update the patron with an expiration to be expired UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51; 5 - Give the borrower catalogue permission 6 - Attempt to log in to Straff interface 7 - Confirm you are signed out and notified that password must be reset 8 - Click 'Reset your password' link 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password 10 - enter invalid/incomplete credentials 11 - Confirm you are notified of invlaid credentials 12 - Fill in all fields, but enter current password as new password 13 - Confirm you are notified of no change 14 - Set minimum password length / strong password requirement for category 15 - Confirm you receive error if new password too short or not secure 16 - Enter a valid new password and submit and confirm update is successful 17 - Confirm you have buttons to go to OPAC or Staff and that both work 18 - Confirm you cna log in (i.e. expiration has been reset) 19 - Expire the users password 20 - Remove catalogue permission 21 - Reset password again and confirm only OPAC link -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129877|0 |1 is obsolete| | --- Comment #2 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 129958 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=129958&action=edit Bug 29925: Add a password reset page for expired passwords This patch adds a new page opac-reset-password where a user cna enter their login (userid or carndumber), current password, and new password. If the user has a password expiration date and the current password is correct and the new passwords match and meet requirements their password will be updated and the expiration date reset A patron whose password does not expire will be reidrected to login to change their password To test: 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset 2 - Set 'Password expiration' for a patron category Home->Administration->Patron categories->Edit 3 - Create a new patron in this category with a userid/password set, and an email 4 - Update the patron with an expiration to be expired UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51; 5 - Give the borrower catalogue permission 6 - Attempt to log in to Straff interface 7 - Confirm you are signed out and notified that password must be reset 8 - Click 'Reset your password' link 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password 10 - enter invalid/incomplete credentials 11 - Confirm you are notified of invlaid credentials 12 - Fill in all fields, but enter current password as new password 13 - Confirm you are notified of no change 14 - Set minimum password length / strong password requirement for category 15 - Confirm you receive error if new password too short or not secure 16 - Enter a valid new password and submit and confirm update is successful 17 - Confirm you have buttons to go to OPAC or Staff and that both work 18 - Confirm you cna log in (i.e. expiration has been reset) 19 - Expire the users password 20 - Remove catalogue permission 21 - Reset password again and confirm only OPAC link -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #129958|0 |1 is obsolete| | --- Comment #3 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 130357 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130357&action=edit Bug 29925: Add a password reset page for expired passwords This patch adds a new page opac-reset-password where a user cna enter their login (userid or carndumber), current password, and new password. If the user has a password expiration date and the current password is correct and the new passwords match and meet requirements their password will be updated and the expiration date reset A patron whose password does not expire will be reidrected to login to change their password To test: 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset 2 - Set 'Password expiration' for a patron category Home->Administration->Patron categories->Edit 3 - Create a new patron in this category with a userid/password set, and an email 4 - Update the patron with an expiration to be expired UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51; 5 - Give the borrower catalogue permission 6 - Attempt to log in to Straff interface 7 - Confirm you are signed out and notified that password must be reset 8 - Click 'Reset your password' link 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password 10 - enter invalid/incomplete credentials 11 - Confirm you are notified of invlaid credentials 12 - Fill in all fields, but enter current password as new password 13 - Confirm you are notified of no change 14 - Set minimum password length / strong password requirement for category 15 - Confirm you receive error if new password too short or not secure 16 - Enter a valid new password and submit and confirm update is successful 17 - Confirm you have buttons to go to OPAC or Staff and that both work 18 - Confirm you cna log in (i.e. expiration has been reset) 19 - Expire the users password 20 - Remove catalogue permission 21 - Reset password again and confirm only OPAC link -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andrew@bywatersolutions.com --- Comment #4 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- There's a typo in the new syspref description. It says "If not enable patrons must either use the 'Forgot your password' feature or have staff reset their password." That should be "If not enabled." -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #5 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 130443 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130443&action=edit Bug 29925: (follow-up) Allow password reset when OpacPublic not set -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #130357|0 |1 is obsolete| | --- Comment #6 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 130684 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130684&action=edit Bug 29925: Add a password reset page for expired passwords This patch adds a new page opac-reset-password where a user cna enter their login (userid or carndumber), current password, and new password. If the user has a password expiration date and the current password is correct and the new passwords match and meet requirements their password will be updated and the expiration date reset A patron whose password does not expire will be reidrected to login to change their password To test: 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset 2 - Set 'Password expiration' for a patron category Home->Administration->Patron categories->Edit 3 - Create a new patron in this category with a userid/password set, and an email 4 - Update the patron with an expiration to be expired UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51; 5 - Give the borrower catalogue permission 6 - Attempt to log in to Straff interface 7 - Confirm you are signed out and notified that password must be reset 8 - Click 'Reset your password' link 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password 10 - enter invalid/incomplete credentials 11 - Confirm you are notified of invlaid credentials 12 - Fill in all fields, but enter current password as new password 13 - Confirm you are notified of no change 14 - Set minimum password length / strong password requirement for category 15 - Confirm you receive error if new password too short or not secure 16 - Enter a valid new password and submit and confirm update is successful 17 - Confirm you have buttons to go to OPAC or Staff and that both work 18 - Confirm you cna log in (i.e. expiration has been reset) 19 - Expire the users password 20 - Remove catalogue permission 21 - Reset password again and confirm only OPAC link Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #130443|0 |1 is obsolete| | --- Comment #7 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 130685 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130685&action=edit Bug 29925: (follow-up) Allow password reset when OpacPublic not set Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 koha-US bug tracker <bugzilla@koha-us.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla@koha-us.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl --- Comment #8 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- diff --git a/opac/opac-reset-password.pl b/opac/opac-reset-password.pl new file mode 100755 index 0000000000..c871cd534a --- /dev/null +++ b/opac/opac-reset-password.pl @@ -0,0 +1,110 @@ +#!/usr/bin/perl +# This script lets the users change the passwords by themselves. +# +# (c) 2005 Universidad ORT Uruguay. Hmm New file from 2005 ? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #9 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- + if ( $newpassword ne $confirmpassword ) { + $template->param( 'error' => 'passwords_mismatch' ); If my password was 123Jim+1, and I just change to 123Jim+2, or change 3Jim@abc to 4Jim@abc, could we refuse such changes? Look for some 'large enough' string that they have in common or so? Or compare the number of positions where they are different? Since this could well be considered scope creep, we could open a new report? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #10 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #9)
+ if ( $newpassword ne $confirmpassword ) { + $template->param( 'error' => 'passwords_mismatch' );
If my password was 123Jim+1, and I just change to 123Jim+2, or change 3Jim@abc to 4Jim@abc, could we refuse such changes? Look for some 'large enough' string that they have in common or so? Or compare the number of positions where they are different?
Since this could well be considered scope creep, we could open a new report?
We needed these lines in code obviously: + elsif ( $currentpassword eq $newpassword ) { + $template->param( 'error' => 'no_change' ); -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Medium patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #11 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 133749 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133749&action=edit Bug 29925: (follow-up) Fix copyright statement -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #12 from Nick Clemens <nick@bywatersolutions.com> --- (In reply to Marcel de Rooy from comment #9)
If my password was 123Jim+1, and I just change to 123Jim+2, or change 3Jim@abc to 4Jim@abc, could we refuse such changes? Look for some 'large enough' string that they have in common or so? Or compare the number of positions where they are different?
Since this could well be considered scope creep, we could open a new report?
Yes, please -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=30605 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=30611 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #130684|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #130685|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #133749|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #13 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 134474 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134474&action=edit Bug 29925: Add a password reset page for expired passwords This patch adds a new page opac-reset-password where a user cna enter their login (userid or carndumber), current password, and new password. If the user has a password expiration date and the current password is correct and the new passwords match and meet requirements their password will be updated and the expiration date reset A patron whose password does not expire will be reidrected to login to change their password To test: 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset 2 - Set 'Password expiration' for a patron category Home->Administration->Patron categories->Edit 3 - Create a new patron in this category with a userid/password set, and an email 4 - Update the patron with an expiration to be expired UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51; 5 - Give the borrower catalogue permission 6 - Attempt to log in to Straff interface 7 - Confirm you are signed out and notified that password must be reset 8 - Click 'Reset your password' link 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password 10 - enter invalid/incomplete credentials 11 - Confirm you are notified of invlaid credentials 12 - Fill in all fields, but enter current password as new password 13 - Confirm you are notified of no change 14 - Set minimum password length / strong password requirement for category 15 - Confirm you receive error if new password too short or not secure 16 - Enter a valid new password and submit and confirm update is successful 17 - Confirm you have buttons to go to OPAC or Staff and that both work 18 - Confirm you cna log in (i.e. expiration has been reset) 19 - Expire the users password 20 - Remove catalogue permission 21 - Reset password again and confirm only OPAC link Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #14 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 134475 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134475&action=edit Bug 29925: (follow-up) Allow password reset when OpacPublic not set Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #15 from Tomás Cohen Arazi <tomascohen@gmail.com> --- I've fixed further license text issues and squashed those. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #16 from Fridolin Somers <fridolin.somers@biblibre.com> --- (In reply to Tomás Cohen Arazi from comment #14)
Created attachment 134475 [details] [review] Bug 29925: (follow-up) Allow password reset when OpacPublic not set
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
OK so we can ignore the QA tools alert : FAIL opac/opac-reset-password.pl FAIL forbidden patterns forbidden pattern: Script permissions is authnotrequired => 1, it is correct for an OPAC script, not intranet (bug 24663) (line 36) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #17 from Fridolin Somers <fridolin.somers@biblibre.com> --- Created attachment 134759 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=134759&action=edit Bug 29925: (follow-up) Add new pref in sysprefs.sql -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |22.05.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 --- Comment #18 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to master for 22.05, thanks to everybody involved 🦄 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |30761 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30761 [Bug 30761] Typo: PLease -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Change sponsored?|--- |Sponsored -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29925 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |31489 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31489 [Bug 31489] Typo in EnableExpiredPasswordReset description -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org