[Bug 41812] New: xt/find-missing-csrf.t failing when JS contains csrf_token hidden input
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Bug ID: 41812 Summary: xt/find-missing-csrf.t failing when JS contains csrf_token hidden input Initiative type: --- Sponsorship --- status: Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Test Suite Assignee: jonathan.druart@gmail.com Reporter: jonathan.druart@gmail.com QA Contact: testopia@bugs.koha-community.org Depends on: 41565 commit 7a80a9be011071d504b7ed2aa2190433aed772a5 Bug 41565: Tidy kohaTable - bookings/list.tt + const csrf_token = $('meta[name="csrf-token"]').attr("content"); result += ` <form name="checkout-transform" method="post" action="/cgi-bin/koha/circ/circulation.pl?borrowernumber=%s"> - [% INCLUDE 'csrf-token.inc' %] + <input type="hidden" name="csrf_token" value="${csrf_token}" /> <input type="hidden" name="op" value="cud-checkout"/> <input type="hidden" name="borrowernumber" value="%s"/> <input type="hidden" name="barcode" value="%s"/> This code injected the csrf token using the TT include file, that made pass xt/find-missing-csrf.t This bug removed the TT tags from the script tags, and we now need to use a JS variable and retrieve the csrf token from the meta tag. The test needs to be adjusted. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41565 [Bug 41565] Tidy kohaTable block - bookings -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 --- Comment #1 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 192944 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192944&action=edit Bug 41812: Adjust find-missing-csrf.t test to ignore csrf input from JS This code injected the csrf token using the TT include file, that made pass xt/find-missing-csrf.t This bug removed the TT tags from the script tags, and we now need to use a JS variable and retrieve the csrf token from the meta tag. This patch suggests to adjust the script to ignore this case. We could also rewrite the whole JS code and use built the HTML elements using vanilla JS but that's for another day... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |RM_priority -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 --- Comment #2 from Jonathan Druart <jonathan.druart@gmail.com> --- The regex is very specific on purpose, to not ignore positives. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #192944|0 |1 is obsolete| | --- Comment #3 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Created attachment 192945 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192945&action=edit Bug 41812: Adjust find-missing-csrf.t test to ignore csrf input from JS This code injected the csrf token using the TT include file, that made pass xt/find-missing-csrf.t This bug removed the TT tags from the script tags, and we now need to use a JS variable and retrieve the csrf token from the meta tag. This patch suggests to adjust the script to ignore this case. We could also rewrite the whole JS code and use built the HTML elements using vanilla JS but that's for another day... Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Nick Clemens (kidclamp) <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Nick Clemens (kidclamp) <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #192945|0 |1 is obsolete| | --- Comment #4 from Nick Clemens (kidclamp) <nick@bywatersolutions.com> --- Created attachment 192946 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=192946&action=edit Bug 41812: Adjust find-missing-csrf.t test to ignore csrf input from JS This code injected the csrf token using the TT include file, that made pass xt/find-missing-csrf.t This bug removed the TT tags from the script tags, and we now need to use a JS variable and retrieve the csrf token from the meta tag. This patch suggests to adjust the script to ignore this case. We could also rewrite the whole JS code and use built the HTML elements using vanilla JS but that's for another day... Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com Status|Passed QA |Pushed to main Version(s)| |26.05.00 released in| | --- Comment #5 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Pushed to main for 26.05.00. Thanks all! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |nick@bywatersolutions.com |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|RM_priority | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Jacob O'Mara <jacob.omara@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to main |Needs documenting --- Comment #6 from Jacob O'Mara <jacob.omara@openfifth.co.uk> --- This will not be backported to 25.11.x due to it being deemed an enhancement or a dependancy not being met -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@davidnind.com Status|Needs documenting |RESOLVED Resolution|--- |FIXED --- Comment #7 from David Nind <david@davidnind.com> --- Test suite related, no changes to the manual required. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org