[Bug 6854] New: import_borrowers.pl : Double password encryption on member update if there is no password in the csv and no default password value.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Bug #: 6854 Summary: import_borrowers.pl : Double password encryption on member update if there is no password in the csv and no default password value. Classification: Unclassified Change sponsored?: --- Product: Koha Version: rel_3_2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: Tools AssignedTo: gmcharlt@gmail.com ReportedBy: fcapovilla@live.ca QAContact: koha-bugs@lists.koha-community.org Created attachment 5344 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=5344 Correct a double password encryption problem in import_borrowers.pl In import_borrowers.pl, if no default password is specified and there is no password column in the imported CSV file, the borrowers that are modified get their password encrypted a second time. What happens : If we try to modify an existing user, the password from the BD is fetched and sent to ModMember, which then encrypts the already-encrypted password a second time. Patch attached to correct the problems. Patch created on Koha version 3.2.3 -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Frédérick Capovilla <fcapovilla@live.ca> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 |PATCH-Sent Status|NEW |ASSIGNED Patch Status|--- |Needs Signoff AssignedTo|gmcharlt@gmail.com |fcapovilla@live.ca -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Jane Wagner <jwagner@ptfs.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jwagner@ptfs.com --- Comment #1 from Jane Wagner <jwagner@ptfs.com> 2011-09-08 16:29:29 UTC --- I want to confirm that this is the same problem I'm seeing in multiple places (including current head). If I import a patron .csv file with a limited number of fields, like cardnumber,surname,branchcode,categorycode,dateexpiry where the goal is to update a specific field (like expiration date), it is screwing up the password even though the password field is not included in the .csv. Does that sound like the same problem? -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 --- Comment #2 from Frédérick Capovilla <fcapovilla@live.ca> 2011-09-08 16:34:04 UTC --- (In reply to comment #1)
I want to confirm that this is the same problem I'm seeing in multiple places (including current head). If I import a patron .csv file with a limited number of fields, like
cardnumber,surname,branchcode,categorycode,dateexpiry
where the goal is to update a specific field (like expiration date), it is screwing up the password even though the password field is not included in the .csv.
Does that sound like the same problem?
I confirm, it is the same problem. The already encrypted passwords get encrypted a second time, which makes them unusable. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
OPAC login works
OPAC login works
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #5344|0 |1 is obsolete| | --- Comment #3 from Katrin Fischer <katrin.fischer@bsz-bw.de> 2011-10-20 05:27:53 UTC --- Created attachment 6002 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6002 [SIGNED-OFF] Bug 6854: Correct a double password encryption problem in import_borrowers.pl When the CSV file has no password column and no default value was set for the password : If we try to modify an existing user, the password from the BD is sent to ModMember, which then encrypts the already-encrypted password a second time. http://bugs.koha-community.org/show_bug.cgi?id=6854 Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de> Confirmed bug on current master. 1) Import new patron with password provided 2) Overwrite patron record, password provided 3) Overwrite patron record, password not provided Before patch: OPAC login broken, password in database changed After patch: OPC login works with same password as before -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de Patch Status|Needs Signoff |Signed Off Severity|normal |critical -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 --- Comment #4 from Katrin Fischer <katrin.fischer@bsz-bw.de> 2011-10-20 05:29:44 UTC --- I have updated the severity - destroying existing patron passwords seems critical to me. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Ian Walls <ian.walls@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ian.walls@bywatersolutions. | |com Patch Status|Signed Off |Passed QA --- Comment #5 from Ian Walls <ian.walls@bywatersolutions.com> 2011-10-20 13:12:57 UTC --- Simple patch, well tested, fixes a critical login issue. Marking Passed QA. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Chris Cormack <chris@bigballofwax.co.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chris@bigballofwax.co.nz Patch Status|Passed QA |Patch Pushed --- Comment #6 from Chris Cormack <chris@bigballofwax.co.nz> 2011-10-20 15:48:59 UTC --- Pushed, please test -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 --- Comment #7 from Paul Poulain <paul.poulain@biblibre.com> 2011-10-26 15:49:44 UTC --- Created attachment 6064 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=6064 testing CSV file This CSV file is helpfull to test the bug is fixed -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6854 Paul Poulain <paul.poulain@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED CC| |paul.poulain@biblibre.com Resolution| |FIXED -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org