[Bug 19845] New: Patron password is ignored during self-registration if PatronSelfRegistrationVerifyByEmail is enabled
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Bug ID: 19845 Summary: Patron password is ignored during self-registration if PatronSelfRegistrationVerifyByEmail is enabled Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: OPAC Assignee: oleonard@myacpl.org Reporter: library@sll.texas.gov QA Contact: testopia@bugs.koha-community.org Bug 15343 allows patrons to choose their own passwords during self-registration. But this does not work if the PatronSelfRegistrationVerifyByEmail preference is set to "Require." If e-mail verification is required, whatever password the patron supplied in the form is ignored, and they are given a randomly generated password once they click on the verification link. To test this behavior: 1. Make sure there is a valid e-mail stored in the KohaAdminEmailAddress preference. 2. Set PatronSelfRegistration to Allow. 3. Set PatronSelfRegistrationVerifyByEmail to Require. 3. Be sure "password" is listed in PatronSelfRegistrationBorrowerMandatoryField and NOT listed in PatronSelfRegistrationBorrowerUnwantedField. 4. Be sure there is a valid patron category in PatronSelfRegistrationDefaultCategory. 5. Set PatronSelfRegistrationPrefillForm to "Display and prefill" so that you can see the generated password. Then fill out the self-registration form, include a valid e-mail address, and select a password. Wait for the verification e-mail. Click on the link and you'll see that the password you entered in the form is not used. Instead, Koha will have generated a random password for the account. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Arturo <library@sll.texas.gov> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |library@sll.texas.gov -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|oleonard@myacpl.org |jonathan.druart@bugs.koha-c | |ommunity.org Depends on| |15343 CC| |jonathan.druart@bugs.koha-c | |ommunity.org Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15343 [Bug 15343] Allow patrons to choose their own password on self registration. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 --- Comment #1 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 69950 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=69950&action=edit Bug 19845: Do not generate a password if one is filled on selfreg Bug 15343 allows patrons to choose their own passwords during self-registration. But this does not work if the PatronSelfRegistrationVerifyByEmail preference is set to "Require." If e-mail verification is required, whatever password the patron supplied in the form is ignored, and they are given a randomly generated password once they click on the verification link. Test plan: 1. Make sure there is a valid e-mail stored in the KohaAdminEmailAddress preference. 2. Set PatronSelfRegistration to Allow. 3. Set PatronSelfRegistrationVerifyByEmail to Require. 3. Be sure "password" is listed in PatronSelfRegistrationBorrowerMandatoryField and NOT listed in PatronSelfRegistrationBorrowerUnwantedField. 4. Be sure there is a valid patron category in PatronSelfRegistrationDefaultCategory. 5. Set PatronSelfRegistrationPrefillForm to "Display and prefill" so that you can see the generated password. Then fill out the self-registration form, include a valid e-mail address, and select a password. Wait for the verification e-mail. Click on the link and you'll see that the password you entered in the form is used. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 sandboxes@biblibre.com <sandboxes@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sandboxes@biblibre.com Status|Needs Signoff |Signed Off --- Comment #2 from sandboxes@biblibre.com <sandboxes@biblibre.com> --- Patch tested with a sandbox, by Arturo <alongoria@sll.texas.gov> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 sandboxes@biblibre.com <sandboxes@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #69950|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 --- Comment #3 from sandboxes@biblibre.com <sandboxes@biblibre.com> --- Created attachment 69969 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=69969&action=edit Bug 19845: Do not generate a password if one is filled on selfreg Bug 15343 allows patrons to choose their own passwords during self-registration. But this does not work if the PatronSelfRegistrationVerifyByEmail preference is set to "Require." If e-mail verification is required, whatever password the patron supplied in the form is ignored, and they are given a randomly generated password once they click on the verification link. Test plan: 1. Make sure there is a valid e-mail stored in the KohaAdminEmailAddress preference. 2. Set PatronSelfRegistration to Allow. 3. Set PatronSelfRegistrationVerifyByEmail to Require. 3. Be sure "password" is listed in PatronSelfRegistrationBorrowerMandatoryField and NOT listed in PatronSelfRegistrationBorrowerUnwantedField. 4. Be sure there is a valid patron category in PatronSelfRegistrationDefaultCategory. 5. Set PatronSelfRegistrationPrefillForm to "Display and prefill" so that you can see the generated password. Then fill out the self-registration form, include a valid e-mail address, and select a password. Wait for the verification e-mail. Click on the link and you'll see that the password you entered in the form is used. Signed-off-by: Arturo <alongoria@sll.texas.gov> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 --- Comment #4 from Arturo <library@sll.texas.gov> --- Wow, thank you for submitting a patch so quickly, Jonathan! You are awesome. I just tested your patch and it worked like a charm. I tested it out with the following preference configurations and they all were successful: - Require e-mail verification and require user to select their own password -- after verification, the user-supplied password was displayed and I was able to log in with it - Require e-mail verification but do not allow user to select their own password -- after verification, a random password was generated and displayed and I was able to log in with it - Don't require e-mail verification and require user to select their own password -- the user-supplied password was displayed and I was able to log in with it - Don't require e-mail verification and do not allow user to select their own password -- a random password was generated and displayed and I was able to log in with it -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 --- Comment #5 from Arturo <library@sll.texas.gov> --- I also tested the scenario where a user can opt to select their own password but it is not a required field. Regardless of whether the e-mail verification preference is set to require, the expected behavior occurs. A random password is generated if the user leaves the fields blank. The user-supplied password is used if one is entered in the self-reg form. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kyle@bywatersolutions.com QA Contact|testopia@bugs.koha-communit |kyle@bywatersolutions.com |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #69969|0 |1 is obsolete| | --- Comment #6 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 70009 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=70009&action=edit Bug 19845: Do not generate a password if one is filled on selfreg Bug 15343 allows patrons to choose their own passwords during self-registration. But this does not work if the PatronSelfRegistrationVerifyByEmail preference is set to "Require." If e-mail verification is required, whatever password the patron supplied in the form is ignored, and they are given a randomly generated password once they click on the verification link. Test plan: 1. Make sure there is a valid e-mail stored in the KohaAdminEmailAddress preference. 2. Set PatronSelfRegistration to Allow. 3. Set PatronSelfRegistrationVerifyByEmail to Require. 3. Be sure "password" is listed in PatronSelfRegistrationBorrowerMandatoryField and NOT listed in PatronSelfRegistrationBorrowerUnwantedField. 4. Be sure there is a valid patron category in PatronSelfRegistrationDefaultCategory. 5. Set PatronSelfRegistrationPrefillForm to "Display and prefill" so that you can see the generated password. Then fill out the self-registration form, include a valid e-mail address, and select a password. Wait for the verification e-mail. Click on the link and you'll see that the password you entered in the form is used. Signed-off-by: Arturo <alongoria@sll.texas.gov> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to Master --- Comment #7 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 18.05, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to Master |Pushed to Stable CC| |nick@bywatersolutions.com --- Comment #8 from Nick Clemens <nick@bywatersolutions.com> --- Awesome work all! Pushed to stable for 17.11.02 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m --- Comment #9 from Fridolin SOMERS <fridolin.somers@biblibre.com> --- This line has been changed by Bug 18298: Add server-side checks and refactor stuffs Note sure it can be applied on 17.05.x -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 Fridolin SOMERS <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |18298 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298 [Bug 18298] Allow enforcing password complexity -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19845 --- Comment #10 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Fridolin SOMERS from comment #9)
This line has been changed by Bug 18298: Add server-side checks and refactor stuffs Note sure it can be applied on 17.05.x
yes the bug exists in 17.05.x The same fixes would be: - $borrower{password} = random_string(".........."); + $borrower{password} = random_string("..........") unless $borrower{password}; The problem is that we cannot force the user to choose a strong password (and default min password length is 3) -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org