[Bug 40545] New: Add a way to manually reset 2FA settings for admins
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Bug ID: 40545 Summary: Add a way to manually reset 2FA settings for admins Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Command-line Utilities Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org CC: robin@catalyst.net.nz I propose we have an utility script for the task. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | CC| |tomascohen@gmail.com -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=30724 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |30724 See Also|https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=30724 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30724 [Bug 30724] Add ability for administrator to reset a users 2FA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #1 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184839 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184839&action=edit Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron This adds two new methods to Koha::Patron for managing two-factor authentication: * has_2fa_enabled() - Returns 1 if patron has 2FA enabled, 0 otherwise * reset_2fa() - Clears secret and sets auth_method to 'password' The reset_2fa method includes audit logging when BorrowersLog is enabled and returns the patron object for method chaining. To test: 1. Apply patch 2. Run: prove t/db_dependent/Koha/Patron.t => SUCCESS: Tests pass! 3. Sign off :-D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #2 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184840 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184840&action=edit Bug 40545: Add utility script for resetting 2FA settings This adds a command-line utility script that allows administrators to reset a patron's two-factor authentication settings when they lose access to their authenticator device. The script uses the new Koha::Patron methods and provides: * Parameter validation (mutually exclusive userid/cardnumber/patron_id) * User-friendly error messages and feedback * Verification that patron has 2FA enabled before attempting reset To test: 1. Enable TwoFactorAuthentication system preference 2. Set up 2FA for a test patron 3. Run: perl misc/admin/reset_2fa.pl --userid <userid> => SUCCESS: Script resets 2FA and shows confirmation message => FAIL: Script shows error or doesn't reset 2FA properly 4. Verify patron can log in with password only 5. Test error cases: - No parameters: shows usage message - Multiple parameters: shows mutual exclusivity error - Non-existent user: shows user not found error - User without 2FA: shows informational message -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #3 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184841 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184841&action=edit Bug 40545: Add to action logs -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #184839|0 |1 is obsolete| | Attachment #184840|0 |1 is obsolete| | Attachment #184841|0 |1 is obsolete| | --- Comment #4 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184842 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184842&action=edit Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron This adds two new methods to Koha::Patron for managing two-factor authentication: * has_2fa_enabled() - Returns 1 if patron has 2FA enabled, 0 otherwise * reset_2fa() - Clears secret and sets auth_method to 'password' The reset_2fa method includes audit logging when BorrowersLog is enabled and returns the patron object for method chaining. To test: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Patron.t => SUCCESS: Tests pass! 3. Sign off :-D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #5 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184843 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184843&action=edit Bug 40545: Add utility script for resetting 2FA settings This adds a command-line utility script that allows administrators to reset a patron's two-factor authentication settings when they lose access to their authenticator device. The script uses the new Koha::Patron methods and provides: * Parameter validation (mutually exclusive userid/cardnumber/patron_id) * User-friendly error messages and feedback * Verification that patron has 2FA enabled before attempting reset To test: 1. Enable TwoFactorAuthentication system preference 2. Set up 2FA for a test patron 3. Run: $ ktd --shell k$ perl misc/admin/reset_2fa.pl --userid <userid> => SUCCESS: Script resets 2FA and shows confirmation message 4. Verify patron can log in with password only 5. Test error cases: - No parameters: shows usage message - Multiple parameters: shows mutual exclusivity error - Non-existent user: shows user not found error - User without 2FA: shows informational message => SUCCESS: All scenarios work as expected 6. Sign off :-D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #6 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 184844 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184844&action=edit Bug 40545: Add to action logs -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #184842|0 |1 is obsolete| | --- Comment #7 from David Nind <david@davidnind.com> --- Created attachment 184850 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184850&action=edit Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron This adds two new methods to Koha::Patron for managing two-factor authentication: * has_2fa_enabled() - Returns 1 if patron has 2FA enabled, 0 otherwise * reset_2fa() - Clears secret and sets auth_method to 'password' The reset_2fa method includes audit logging when BorrowersLog is enabled and returns the patron object for method chaining. To test: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Patron.t => SUCCESS: Tests pass! 3. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #184843|0 |1 is obsolete| | --- Comment #8 from David Nind <david@davidnind.com> --- Created attachment 184851 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184851&action=edit Bug 40545: Add utility script for resetting 2FA settings This adds a command-line utility script that allows administrators to reset a patron's two-factor authentication settings when they lose access to their authenticator device. The script uses the new Koha::Patron methods and provides: * Parameter validation (mutually exclusive userid/cardnumber/patron_id) * User-friendly error messages and feedback * Verification that patron has 2FA enabled before attempting reset To test: 1. Enable TwoFactorAuthentication system preference 2. Set up 2FA for a test patron 3. Run: $ ktd --shell k$ perl misc/admin/reset_2fa.pl --userid <userid> => SUCCESS: Script resets 2FA and shows confirmation message 4. Verify patron can log in with password only 5. Test error cases: - No parameters: shows usage message - Multiple parameters: shows mutual exclusivity error - Non-existent user: shows user not found error - User without 2FA: shows informational message => SUCCESS: All scenarios work as expected 6. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #184844|0 |1 is obsolete| | --- Comment #9 from David Nind <david@davidnind.com> --- Created attachment 184852 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=184852&action=edit Bug 40545: Add to action logs Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@davidnind.com --- Comment #10 from David Nind <david@davidnind.com> --- Nice! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Add a way to manually reset |Add a CLI script to |2FA settings for admins |manually reset 2FA settings -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Patch doesn't apply --- Comment #11 from David Nind <david@davidnind.com> --- The patches currently don't apply: git bz apply 40545 Bug 40545 - Add a CLI script to manually reset 2FA settings 184850 - Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron 184851 - Bug 40545: Add utility script for resetting 2FA settings 184852 - Bug 40545: Add to action logs Apply? [(y)es, (n)o, (i)nteractive] y Applying: Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron Applying: Bug 40545: Add utility script for resetting 2FA settings Applying: Bug 40545: Add to action logs Using index info to reconstruct a base tree... M koha-tmpl/intranet-tmpl/prog/en/includes/action-logs.inc M koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt Falling back to patching base and 3-way merge... Auto-merging koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt CONFLICT (content): Merge conflict in koha-tmpl/intranet-tmpl/prog/en/modules/tools/viewlog.tt Auto-merging koha-tmpl/intranet-tmpl/prog/en/includes/action-logs.inc error: Failed to merge in the changes. Patch failed at 0001 Bug 40545: Add to action logs -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Small patch Status|Patch doesn't apply |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #184850|0 |1 is obsolete| | Attachment #184851|0 |1 is obsolete| | Attachment #184852|0 |1 is obsolete| | --- Comment #12 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 185849 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=185849&action=edit Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron This adds two new methods to Koha::Patron for managing two-factor authentication: * has_2fa_enabled() - Returns 1 if patron has 2FA enabled, 0 otherwise * reset_2fa() - Clears secret and sets auth_method to 'password' The reset_2fa method includes audit logging when BorrowersLog is enabled and returns the patron object for method chaining. To test: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Patron.t => SUCCESS: Tests pass! 3. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #13 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 185850 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=185850&action=edit Bug 40545: Add utility script for resetting 2FA settings This adds a command-line utility script that allows administrators to reset a patron's two-factor authentication settings when they lose access to their authenticator device. The script uses the new Koha::Patron methods and provides: * Parameter validation (mutually exclusive userid/cardnumber/patron_id) * User-friendly error messages and feedback * Verification that patron has 2FA enabled before attempting reset To test: 1. Enable TwoFactorAuthentication system preference 2. Set up 2FA for a test patron 3. Run: $ ktd --shell k$ perl misc/admin/reset_2fa.pl --userid <userid> => SUCCESS: Script resets 2FA and shows confirmation message 4. Verify patron can log in with password only 5. Test error cases: - No parameters: shows usage message - Multiple parameters: shows mutual exclusivity error - Non-existent user: shows user not found error - User without 2FA: shows informational message => SUCCESS: All scenarios work as expected 6. Sign off :-D Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #14 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 185851 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=185851&action=edit Bug 40545: Add to action logs Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |martin.renvoize@openfifth.c |y.org |o.uk -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |20476 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476 [Bug 20476] Two factor authentication for the staff client - omnibus -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #185849|0 |1 is obsolete| | --- Comment #15 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 186230 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186230&action=edit Bug 40545: Add has_2fa_enabled and reset_2fa methods to Koha::Patron This adds two new methods to Koha::Patron for managing two-factor authentication: * has_2fa_enabled() - Returns 1 if patron has 2FA enabled, 0 otherwise * reset_2fa() - Clears secret and sets auth_method to 'password' The reset_2fa method includes audit logging when BorrowersLog is enabled and returns the patron object for method chaining. To test: 1. Apply patch 2. Run: $ ktd --shell k$ prove t/db_dependent/Koha/Patron.t => SUCCESS: Tests pass! 3. Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #185850|0 |1 is obsolete| | --- Comment #16 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 186231 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186231&action=edit Bug 40545: Add utility script for resetting 2FA settings This adds a command-line utility script that allows administrators to reset a patron's two-factor authentication settings when they lose access to their authenticator device. The script uses the new Koha::Patron methods and provides: * Parameter validation (mutually exclusive userid/cardnumber/patron_id) * User-friendly error messages and feedback * Verification that patron has 2FA enabled before attempting reset To test: 1. Enable TwoFactorAuthentication system preference 2. Set up 2FA for a test patron 3. Run: $ ktd --shell k$ perl misc/admin/reset_2fa.pl --userid <userid> => SUCCESS: Script resets 2FA and shows confirmation message 4. Verify patron can log in with password only 5. Test error cases: - No parameters: shows usage message - Multiple parameters: shows mutual exclusivity error - Non-existent user: shows user not found error - User without 2FA: shows informational message => SUCCESS: All scenarios work as expected 6. Sign off :-D Sponsored-by: ByWater Solutions Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #185851|0 |1 is obsolete| | --- Comment #17 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Created attachment 186232 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186232&action=edit Bug 40545: Add to action logs Sponsored-by: ByWater Solutions Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@openfifth.co.uk> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA --- Comment #18 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- Awesome! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |release-notes-needed CC| |lucas@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #19 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Created attachment 187765 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=187765&action=edit Bug 40545: (follow-up) Correct GNU link -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |25.11.00 released in| | Status|Passed QA |Pushed to main -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 --- Comment #20 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Nice work everyone! Pushed to main for 25.11 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|release-notes-needed | Text to go in the| |This enhancement adds a new release notes| |command-line script | |(misc/admin/reset_2fa.pl) | |that allows administrators | |to reset a patron's | |two-factor authentication | |settings when they lose | |access to their | |authenticator device. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40545 Laura Escamilla <Laura.escamilla@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Laura.escamilla@bywatersolu | |tions.com Status|Pushed to main |Needs documenting --- Comment #21 from Laura Escamilla <Laura.escamilla@bywatersolutions.com> --- This is an enhancement and will not be backported to the 25.05.x branch. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org