[Bug 16610] New: Regression in SIP2 user password handling
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Bug ID: 16610 Summary: Regression in SIP2 user password handling Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: major Priority: P5 - low Component: SIP2 Assignee: koha-bugs@lists.koha-community.org Reporter: kyle@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: colin.campbell@ptfs-europe.com Previous to bug 14507, SIP2 only did internal authentication. A change to the way we check empty passwords has caused any empty password to send back a CQ of Y. Previous to that patch set, a CQ of Y would only be sent back of the patron password column was NULL. Now, an empty AD field *always* returns a CQ of Y. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |kyle@bywatersolutions.com |ity.org | Depends on| |14507 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14507 [Bug 14507] SIP Authentication broken when LDAP Auth Enabled -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #1 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 51879 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=51879&action=edit Bug 16610 - Regression in SIP2 user password handling Previous to bug 14507, SIP2 only did internal authentication. A change to the way we check empty passwords has caused any empty password to send back a CQ of Y. Previous to that patch set, a CQ of Y would only be sent back of the patron password column was NULL. Now, an empty AD field *always* returns a CQ of Y. Test Plan: 1) Send a patron information request with an empty AD field Note: You must send the AD field or you won't get back a CQ field 2) Note you get back a CQ of Y 3) Apply this patch 4) Repeat step 1 5) Note you now get back a CQ of N -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #2 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 51881 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=51881&action=edit [SIGNED-OFF] Bug 16610 - Regression in SIP2 user password handling Previous to bug 14507, SIP2 only did internal authentication. A change to the way we check empty passwords has caused any empty password to send back a CQ of Y. Previous to that patch set, a CQ of Y would only be sent back of the patron password column was NULL. Now, an empty AD field *always* returns a CQ of Y. Test Plan: 1) Send a patron information request with an empty AD field Note: You must send the AD field or you won't get back a CQ field 2) Note you get back a CQ of Y 3) Apply this patch 4) Repeat step 1 5) Note you now get back a CQ of N Signed-off-by: Trent Roby <troby@bclib.info> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl Attachment #51879|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA Patch complexity|Trivial patch |Small patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #3 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 51946 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=51946&action=edit Bug 16610: [QA Follow-up] Add a test To verify the original patch, this test shows that before applying it the Patron Info request did not return CQ==N for an empty password. Note that the Patron Status did btw. After applying the original patch, the test passes for patron info as well as status. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #4 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 51947 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=51947&action=edit Bug 16610 - Regression in SIP2 user password handling Previous to bug 14507, SIP2 only did internal authentication. A change to the way we check empty passwords has caused any empty password to send back a CQ of Y. Previous to that patch set, a CQ of Y would only be sent back of the patron password column was NULL. Now, an empty AD field *always* returns a CQ of Y. Test Plan: 1) Send a patron information request with an empty AD field Note: You must send the AD field or you won't get back a CQ field 2) Note you get back a CQ of Y 3) Apply this patch 4) Repeat step 1 5) Note you now get back a CQ of N Signed-off-by: Trent Roby <troby@bclib.info> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |m.de.rooy@rijksmuseum.nl |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #51881|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Brendan Gallagher <brendan@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |brendan@bywatersolutions.co | |m Status|Passed QA |Pushed to Master --- Comment #5 from Brendan Gallagher <brendan@bywatersolutions.com> --- Pushed to Master - Should be in the November 2016 release. Thanks! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Frédéric Demians <frederic@tamil.fr> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |frederic@tamil.fr --- Comment #6 from Frédéric Demians <frederic@tamil.fr> --- Pushed in 16.05. Will be in 16.05.01. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |Pushed to Stable CC| |julian.maurice@biblibre.com --- Comment #7 from Julian Maurice <julian.maurice@biblibre.com> --- Patch pushed to 3.22.x, will be in 3.22.8 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Stefan Berndtsson <stefan.berndtsson@ub.gu.se> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stefan.berndtsson@ub.gu.se --- Comment #8 from Stefan Berndtsson <stefan.berndtsson@ub.gu.se> ---
Previous to bug 14507, SIP2 only did internal authentication. A change to the way we check empty passwords has caused any empty password to send back a CQ of Y. Previous to that patch set, a CQ of Y would only be sent back of the patron password column was NULL. Now, an empty AD field *always* returns a CQ of Y.
We recently began testing our selfcheck terminals with Koha. This causes an issue with our setup. The machines we use (Tor3 from Bibliotheca) has an option for disabling pincode/password entry (which is the situation we want). However, this does not remove the AD fields from the transaction, just sends an empty AD. I have no idea how common this behaviour is, but it seems to be similar to the issue mentioned in bug 15124. We also need the users to have a password field for web access, so we cannot leave that field empty. The combined consequence of this is that getting a CQN back makes it impossible to use the selfcheck system. Changing the way the selfcheck system creator implements their things is not really something we can do. This whole thing could be made into a syspref, allowing for empty AD fields. I'm not sure how to proceed with this, since this is a resolved bug. Should adding a syspref for this be done using a new bug entry? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #9 from Colin Campbell <colin.campbell@ptfs-europe.com> --- Large numbers of units send empty password fields if they do not want the password to be checked. This patch causes them to fail -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #10 from Colin Campbell <colin.campbell@ptfs-europe.com> --- As this changes how the sipserver has worked in the past and in a way incompatible with many clients it should really be governed by a config optin in the sip configuration file. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 --- Comment #11 from Colin Campbell <colin.campbell@ptfs-europe.com> --- I have added a bug 18755 to allow the old behaviour on setting an option in the config of the associated sip account -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16610 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=18755 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org