[Bug 23733] New: Passwort import explodes when password is to 'weak'
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Bug ID: 23733 Summary: Passwort import explodes when password is to 'weak' Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Tools Assignee: koha-bugs@lists.koha-community.org Reporter: katrin.fischer@bsz-bw.de QA Contact: testopia@bugs.koha-community.org This appears to be a recent change - the patron import explodes on a password too weak, even as it's not set to overwrite them. [Password is too weak] at /usr/share/perl5/Exception/Class/Base.pm line 88 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Passwort import explodes |Passwort import explodes |when password is to 'weak' |when password is too 'weak' -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |major Summary|Passwort import explodes |Passwort import explodes |when password is too 'weak' |when password is too 'weak' | |and doesn't allow empty | |passwords anymore --- Comment #1 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Addition: I turned off RequireStrongPassword and tried importing an empty password and it also explodes: Password length (0) is shorter than required (3) at /usr/share/perl5/Exception/Class/Base.pm line 88 There is a use case for importing patrons without a password. Instead of setting some potentially unsafe or unknown default password, you can then have them set their own in the opac using the password reset feature. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@bugs.koha-c | |ommunity.org --- Comment #2 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Should we turn off the password restriction when importing patrons then? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 --- Comment #3 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- I do not create, could you post a example file to test? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 --- Comment #4 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- I do not recreate, could you post a example file to test? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 --- Comment #5 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I think the real problem is: - Don't check the password if there is a matching patron and system is set to 'don't overwrite' (but that's kind of a strange edge case) - Allow empty passwords We allow empty (no login possible) when adding patrons manually, so this should work for import as well. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 --- Comment #6 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Sorry, missed the second comment. It appeared when I was testing lately, will check if I still have the file. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com --- Comment #7 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Isn't this a duplicate of bug 23473 ? -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #8 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- *** This bug has been marked as a duplicate of bug 23473 *** -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|DUPLICATE |--- Status|RESOLVED |REOPENED --- Comment #9 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- No, it's not a duplicate. This is about initial import and a regression, the other is a completely new behaviour. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEW -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #10 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- I've retested and it seems better now: Initial import (new patrons) cardnumber,surname,userid,categorycode,branchcode,password test1,Mcknight,test1,YA,SPL,'' test2,Edwards,test2,PT,MPL, Patrons are imported, only thing I wonder about: password, userid ! test2 $2a$08$.28krH.OYaHspkZ98mTew.MBDYc4ggbgaxslZgBtmlewQ58Xoip.W test3 What password has been set for the second patron? Overwriting them matching on cardnumber also works as expected. Maybe I was not testing in a clean installation - closing this for now. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23733 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Passwort import explodes |Password import explodes |when password is too 'weak' |when password is too 'weak' |and doesn't allow empty |and doesn't allow empty |passwords anymore |passwords anymore -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org