[Bug 18755] New: Allow empty password fields in Patron Info requests
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Bug ID: 18755 Summary: Allow empty password fields in Patron Info requests Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: SIP2 Assignee: koha-bugs@lists.koha-community.org Reporter: colin.campbell@ptfs-europe.com QA Contact: testopia@bugs.koha-community.org CC: colin.campbell@ptfs-europe.com Bug 16610 changed the behaviour of patron info requests and responses - previously if the password field was empty in the request, we returned password ok. Many sip clients assume that passing an empty pwd field means "I'm not validating a password - I just want to know patron is valid" and are failing because of the change in behaviour. As both scenarios are valid I suggest adding a parameter to the sip config to allow empty password fields to be treated as previously. To my knowledge this is only an issue in the patron info response. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Colin Campbell <colin.campbell@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |minor Text to go in the| |Some SIP devices expect an release notes| |empty password field in a | |patron info request to be | |accepted as OK by the | |server. Since patch for bug | |16610 was applied this is | |not the case. This | |reinstates the old | |behaviour for sip logins | |with the parameter | |allow_empty_passwords="1" Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Colin Campbell <colin.campbell@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff Assignee|koha-bugs@lists.koha-commun |colin.campbell@ptfs-europe. |ity.org |com --- Comment #1 from Colin Campbell <colin.campbell@ptfs-europe.com> --- Created attachment 64101 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64101&action=edit Patch enabling the option To test send a patron info request with the patron password field (AD) containing no characters. Default returns CQ = N and 'Invalid password' in the screen message. Alter config file to add allow_empty_passwords="1" to the appropriate login parameters in accounts. Restart the sipserver to reread the config and repeat the request CQ is now returned as "Y" and the screen message does not report the password as invalid -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtompset@hotmail.com --- Comment #2 from M. Tompsett <mtompset@hotmail.com> --- I figured the test added should fail under master, so: git bz apply 18755 git checkout origin/master -- C4/SIP/Sip/MsgType.pm prove t/db_dependent/SIP/Message.t -- fails as expected git reset --hard origin/master git bz apply 18755 prove t/db_dependent/SIP/Message.t -- passes as expected. This change is fully tested by the test that is added, so I'm going to sign off. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 M. Tompsett <mtompset@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #64101|0 |1 is obsolete| | --- Comment #3 from M. Tompsett <mtompset@hotmail.com> --- Created attachment 64762 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64762&action=edit Bug 18755 Allow empty passwords in Patron Info to return OK With this patch a parameter 'allow_empty_passwords="1" can be added to a login in the SIP configuration file to allow the behaviour as was normal before the patch for bug 16610 was applied. Some sip clients rely on this behaviour sending an empty password field when they wish to validate to user but do not have the password. If a password is supplied it will be validated A test has been added to Message.t to confirm this behaviour Signed-off-by: Mark Tompsett <mtompset@hotmail.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=16610 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 --- Comment #4 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Colin: What about Patron Status now? If you provide no AD field, Patron Status responds with a CQN (without Invalid password). Should it return a CQ? Same for empty AD; receive CQN. Should the new option change behavior here? Note: Patron Info without AD does not return a CQ. (Should it?) And an empty AD with allow_e_p returns a CQY. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 --- Comment #5 from Colin Campbell <colin.campbell@ptfs-europe.com> --- (In reply to Marcel de Rooy from comment #4)
Colin: What about Patron Status now?
If you provide no AD field, Patron Status responds with a CQN (without Invalid password). Should it return a CQ? Same for empty AD; receive CQN. Should the new option change behavior here?
Note: Patron Info without AD does not return a CQ. (Should it?) And an empty AD with allow_e_p returns a CQY.
Patron status is a bit odd the CQ is like patron info in being an optional field, but unlike patron info the AD password field is a required field so I assume that a missing AD should provoke an invalid password in return. basically the behaviour has remained unchanged. In practice I cant recall seeing any kind of unit that uses patron status, I think when sip 2 was released patron info effectively superceded it. So I think we should leave functionality as is, just in case anything relies on the current behaviour. ( I tested on a very old sip software before any of the patches affecting patron info to confirm that behaviour hadnt been inadvertantly changed by other patches) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #64762|0 |1 is obsolete| | --- Comment #6 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 64797 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64797&action=edit Bug 18755: Allow empty passwords in Patron Info to return OK With this patch a parameter 'allow_empty_passwords="1" can be added to a login in the SIP configuration file to allow the behaviour as was normal before the patch for bug 16610 was applied. Some sip clients rely on this behaviour sending an empty password field when they wish to validate to user but do not have the password. If a password is supplied it will be validated A test has been added to Message.t to confirm this behaviour Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |m.de.rooy@rijksmuseum.nl |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 --- Comment #7 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Colin Campbell from comment #5)
(In reply to Marcel de Rooy from comment #4) Patron status is a bit odd the CQ is like patron info in being an optional field, but unlike patron info the AD password field is a required field so I assume that a missing AD should provoke an invalid password in return. basically the behaviour has remained unchanged. In practice I cant recall seeing any kind of unit that uses patron status, I think when sip 2 was released patron info effectively superceded it. So I think we should leave functionality as is, just in case anything relies on the current behaviour. ( I tested on a very old sip software before any of the patches affecting patron info to confirm that behaviour hadnt been inadvertantly changed by other patches)
Clear enough. Thanks. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #8 from Katrin Fischer <katrin.fischer@bsz-bw.de> ---
With this patch a parameter 'allow_empty_passwords="1" can be added...
Can we document these kinds of parameters somewhere? Maybe in the example file? I am worried that these kind of features will remain mostly unknown if there are not more clues. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 --- Comment #9 from Colin Campbell <colin.campbell@ptfs-europe.com> --- (In reply to Katrin Fischer from comment #8)
With this patch a parameter 'allow_empty_passwords="1" can be added...
Can we document these kinds of parameters somewhere? Maybe in the example file? I am worried that these kind of features will remain mostly unknown if there are not more clues.
I wonder if we need to rethink the way SIP configuration is held. I'm not sure that adding options to an xml file is very accessible to many users. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 --- Comment #10 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I agree, but that's probably a bigger issue. I am not sure how granular it is, but I think possibly it should be as granular as per 'sip2 using unit'? Having a commented example file might be quicker to achieve for now and helpful for moving things later. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master --- Comment #11 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 17.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m Status|Pushed to Master |Pushed to Stable --- Comment #12 from Fridolin SOMERS <fridolin.somers@biblibre.com> --- Pushed to 17.05.x, will be in 17.05.02 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |18943 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18943 [Bug 18943] Add documentation of new SIP configuration parameter -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 --- Comment #13 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I've filed bug 18943 about the missing documentation. This patch has been pushed to 16.11.x and will be in 16.11.10. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Mason James <mtj@kohaaloha.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtj@kohaaloha.com --- Comment #14 from Mason James <mtj@kohaaloha.com> --- Pushed to 16.05.x, for 16.05.15 release -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |23722 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23722 [Bug 23722] Document allow_empty_passwords in the example SIP config file -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=27600 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org