[Bug 21178] New: Add Koha::Patron::set_password method
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Bug ID: 21178 Summary: Add Koha::Patron::set_password method Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org There should be a method for setting a patron's password without the need for it to also touch the userid. Also, it should rise exceptions we can trap on error conditions on the passed password. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #1 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77575 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77575&action=edit Bug 21178: Unit tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77576 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77576&action=edit Bug 21178: Add Koha::Patron::set_password method This patch adds the set_password method. This method implements the password validation done in Koha::AuthUtils and raises exceptions when the current password policy is not met. To test: - Apply this patch - Run: $ kshell k$ prove t/db_dependent/Koha/Patrons.t => SUCCESS: Tests pass! - Sign off! :-D Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #3 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77577 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77577&action=edit Bug 21178: (follow-up) Stringify exception correctly This patch adds code to stringify the Password::TooShort exception. To test: - Run: $ kshell k$ prove t/Koha/Exceptions.t => SUCCESS: Tests pass! Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77575|0 |1 is obsolete| | --- Comment #4 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77578 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77578&action=edit Bug 21178: Unit tests Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #5 from Tomás Cohen Arazi <tomascohen@gmail.com> --- I edited the tests to make them test the logaction() call. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |17006 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17006 [Bug 17006] Add route to change patron's password -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #6 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77632 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77632&action=edit Bug 21178: (QA follow-up) Rely on is_password_valid This patch makes set_password still rely on Koha::AuthUtils' is_password_valid method as the only source for truth regarding password validity. To test: - Run: $ kshell k$ prove t/db_dependent/Koha/Patrons.t => SUCCESS: Tests still pass! Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|17006 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17006 [Bug 17006] Add route to change patron's password -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |21233 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21233 [Bug 21233] Add Koha::Exceptions::Password class -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77576|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77577|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77578|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77632|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #7 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77885 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77885&action=edit Bug 21178: Unit tests -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #8 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 77886 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77886&action=edit Bug 21178: Add Koha::Patron::set_password This patch introduces the 'set_password' method for Koha::Patron objects. The main point is to make password changing atomic (update_password touches the userid on the DB, which should be done carefully with better error handling, and it is done there only for legacy backwards compatibility). A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required. To test: - Apply this patchset - Run: $ kshell k$ prove t/db_dependent/Koha/Patrons.t => SUCCESS: Tests pass! - Sign off! :-D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Josef Moravec <josef.moravec@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Josef Moravec <josef.moravec@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77885|0 |1 is obsolete| | Attachment #77886|0 |1 is obsolete| | --- Comment #9 from Josef Moravec <josef.moravec@gmail.com> --- Created attachment 77916 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77916&action=edit Bug 21178: Unit tests Signed-off-by: Josef Moravec <josef.moravec@gmail.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #10 from Josef Moravec <josef.moravec@gmail.com> --- Created attachment 77917 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77917&action=edit Bug 21178: Add Koha::Patron::set_password This patch introduces the 'set_password' method for Koha::Patron objects. The main point is to make password changing atomic (update_password touches the userid on the DB, which should be done carefully with better error handling, and it is done there only for legacy backwards compatibility). A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required. To test: - Apply this patchset - Run: $ kshell k$ prove t/db_dependent/Koha/Patrons.t => SUCCESS: Tests pass! - Sign off! :-D Signed-off-by: Josef Moravec <josef.moravec@gmail.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl --- Comment #11 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- tomas: whitespaces alarm :) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #12 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 78833 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78833&action=edit Bug 21178: (QA follow-up) whitespace characters fix Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Bug 21178 depends on bug 21233, which changed state. Bug 21233 Summary: Add Koha::Exceptions::Password class https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21233 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77916|0 |1 is obsolete| | --- Comment #13 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 80133 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80133&action=edit Bug 21178: Unit tests Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #77917|0 |1 is obsolete| | --- Comment #14 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 80134 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80134&action=edit Bug 21178: Add Koha::Patron::set_password This patch introduces the 'set_password' method for Koha::Patron objects. The main point is to make password changing atomic (update_password touches the userid on the DB, which should be done carefully with better error handling, and it is done there only for legacy backwards compatibility). A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required. To test: - Apply this patchset - Run: $ kshell k$ prove t/db_dependent/Koha/Patrons.t => SUCCESS: Tests pass! - Sign off! :-D Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #78833|0 |1 is obsolete| | --- Comment #15 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 80135 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80135&action=edit Bug 21178: (QA follow-up) whitespace characters fix Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #16 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 80136 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80136&action=edit Bug 21178: (QA follow-up) Add a test to verify that the hash is correct Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Julian Maurice <julian.maurice@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA CC| |julian.maurice@biblibre.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #17 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> ---
A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required.
Is it already written? I wrote a number of patches around lockout status now, and have some thoughts about setting login_attempts to 0 in set_password / update_password. (See 21336 and dependees) In my idea an administrative lockout (login_attempts<0) should not be reset from the opac scripts. So we should need some check or parameter in set_password. See also 21533. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |21547 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21547 [Bug 21547] Use update_password in opac-passwd and remove sub goodkey -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 --- Comment #18 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Marcel de Rooy from comment #17)
A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required.
Is it already written?
No, but I can do it
I wrote a number of patches around lockout status now, and have some thoughts about setting login_attempts to 0 in set_password / update_password. (See 21336 and dependees) In my idea an administrative lockout (login_attempts<0) should not be reset from the opac scripts. So we should need some check or parameter in set_password. See also 21533.
I'd say an administrative lockout should be identifiable as such, like staff_locked => true but I'll take a look at your bugs and see how can they coexist. The main thing here was decoupling password change from userid overwrite. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |21431 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21431 [Bug 21431] Create unique log key for password recovery different from password change -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master --- Comment #19 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Pushed for 18.11. Thanks all! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com Resolution|--- |FIXED Status|Pushed to Master |RESOLVED --- Comment #20 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Enhancement, will not be backported to 18.05.x series. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@bugs.koha-c | |ommunity.org --- Comment #21 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Tomás Cohen Arazi from comment #8)
A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required.
Where is this follow-up? (Yes I saw bug 21547) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |21992 --- Comment #22 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Jonathan Druart from comment #21)
(In reply to Tomás Cohen Arazi from comment #8)
A follow-up bug will make the codebase use this instead of update_password, and use a proper method for changing the userid if required.
Where is this follow-up? (Yes I saw bug 21547)
That'd be bug 21992 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21992 [Bug 21992] Remove Koha::Patron::update_password -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |22047 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22047 [Bug 22047] set_password should have an 'unsafe' param -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21178 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |22059 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22059 [Bug 22059] Wrong exception parameters in Koha::Patron->set_password -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org