[Bug 23816] New: Password Enhancements
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Bug ID: 23816 Summary: Password Enhancements Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Patrons Assignee: koha-bugs@lists.koha-community.org Reporter: joy@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com, kyle.m.hall@gmail.com Allow specified categories to be exempt from the system preferences of "Require Strong Password" and "Minimum Password Length". The goal is to force staff to have long complex passwords while simultaneously allowing patrons to have non-strong, shorter passwords if they wish. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Joy Nelson <joy@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |agustinmoyano@theke.io |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #1 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- If you make them exempt, they could get away with '1' character passwords. I'd like to suggest that we leave the preferences global, but allow an overwrite on patron category level (we have other examples for this). The default on patron category would be "inherit from pref", but allow to set or unset. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Password Enhancements |Allow to have different | |password strength and | |length settings for | |different patron categories -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |25086 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25086 [Bug 25086] OPAC Self Registration - Field 'changed_fields' doesn't have a default value -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Medium patch Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #2 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103099 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103099&action=edit Bug 23816: Update kohastructure and atomic update -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #3 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103100 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103100&action=edit Bug 23816: [DO NOT PUSH] Update category schema -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #4 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103101 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103101&action=edit Bug 23816: (follow-up) Define boolean column in shcema -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #5 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103102 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103102&action=edit Bug 23816: Add tests -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #6 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103103 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103103&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #7 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103104 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103104&action=edit Bug 23816: Fix other tests This patch fixes other tests broken by new password length and strength override To test: 1. prove t/db_dependent/Auth.t \ t/db_dependent/Koha/Patron.t \ t/db_dependent/Koha/Patrons.t \ t/db_dependent/Koha/Patrons/Import.t \ t/db_dependent/Koha/Plugins/Patron.t \ t/db_dependent/Search/History.t \ t/db_dependent/api/v1/auth_basic.t \ t/db_dependent/api/v1/checkouts.t \ t/db_dependent/api/v1/patrons_password.t \ t/db_dependent/selenium/authentication.t \ t/db_dependent/selenium/regressions.t 2. Sign off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103099|0 |1 is obsolete| | Attachment #103100|0 |1 is obsolete| | Attachment #103101|0 |1 is obsolete| | Attachment #103102|0 |1 is obsolete| | Attachment #103103|0 |1 is obsolete| | Attachment #103104|0 |1 is obsolete| | --- Comment #8 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103108 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103108&action=edit Bug 23816: Update kohastructure and atomic update Sponsored-by: Northeast Kansas Library - NEKLS -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #9 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103109 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103109&action=edit Bug 23816: [DO NOT PUSH] Update category schema Sponsored-by: Northeast Kansas Library - NEKLS -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #10 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103110 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103110&action=edit Bug 23816: (follow-up) Define boolean column in shcema Sponsored-by: Northeast Kansas Library - NEKLS -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #11 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103111 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103111&action=edit Bug 23816: Add tests Sponsored-by: Northeast Kansas Library - NEKLS -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #12 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103112 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103112&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off Sponsored-by: Northeast Kansas Library - NEKLS -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #13 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 103113 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103113&action=edit Bug 23816: Fix other tests This patch fixes other tests broken by new password length and strength override To test: 1. prove t/db_dependent/Auth.t \ t/db_dependent/Koha/Patron.t \ t/db_dependent/Koha/Patrons.t \ t/db_dependent/Koha/Patrons/Import.t \ t/db_dependent/Koha/Plugins/Patron.t \ t/db_dependent/Search/History.t \ t/db_dependent/api/v1/auth_basic.t \ t/db_dependent/api/v1/checkouts.t \ t/db_dependent/api/v1/patrons_password.t \ t/db_dependent/selenium/authentication.t \ t/db_dependent/selenium/regressions.t 2. Sign off Sponsored-by: Northeast Kansas Library - NEKLS -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103108|0 |1 is obsolete| | --- Comment #14 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 103805 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103805&action=edit Bug 23816: Update kohastructure and atomic update Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103109|0 |1 is obsolete| | --- Comment #15 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 103806 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103806&action=edit Bug 23816: [DO NOT PUSH] Update category schema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103110|0 |1 is obsolete| | --- Comment #16 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 103807 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103807&action=edit Bug 23816: (follow-up) Define boolean column in shcema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103111|0 |1 is obsolete| | --- Comment #17 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 103808 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103808&action=edit Bug 23816: Add tests Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103112|0 |1 is obsolete| | --- Comment #18 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 103809 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103809&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103113|0 |1 is obsolete| | --- Comment #19 from Andrew Fuerste-Henry <andrew@bywatersolutions.com> --- Created attachment 103810 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103810&action=edit Bug 23816: Fix other tests This patch fixes other tests broken by new password length and strength override To test: 1. prove t/db_dependent/Auth.t \ t/db_dependent/Koha/Patron.t \ t/db_dependent/Koha/Patrons.t \ t/db_dependent/Koha/Patrons/Import.t \ t/db_dependent/Koha/Plugins/Patron.t \ t/db_dependent/Search/History.t \ t/db_dependent/api/v1/auth_basic.t \ t/db_dependent/api/v1/checkouts.t \ t/db_dependent/api/v1/patrons_password.t \ t/db_dependent/selenium/authentication.t \ t/db_dependent/selenium/regressions.t 2. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Patch doesn't apply --- Comment #20 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Patch doesn't apply and I am not sure about the fix, can you please rebase? Apply? [(y)es, (n)o, (i)nteractive] y Applying: Bug 23816: Update kohastructure and atomic update Applying: Bug 23816: [DO NOT PUSH] Update category schema Applying: Bug 23816: (follow-up) Define boolean column in shcema Applying: Bug 23816: Add tests Applying: Bug 23816: Add minimum password length and require strong password overrides by category Using index info to reconstruct a base tree... M Koha/Patron.pm M koha-tmpl/intranet-tmpl/prog/en/includes/password_check.inc M koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt M koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt M koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt M koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt M koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt M members/memberentry.pl M opac/opac-memberentry.pl Falling back to patching base and 3-way merge... Auto-merging opac/opac-memberentry.pl Auto-merging members/memberentry.pl Auto-merging koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt Auto-merging koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt Auto-merging koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt Auto-merging koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt Auto-merging koha-tmpl/intranet-tmpl/prog/en/modules/admin/categories.tt Auto-merging koha-tmpl/intranet-tmpl/prog/en/includes/password_check.inc CONFLICT (content): Merge conflict in koha-tmpl/intranet-tmpl/prog/en/includes/password_check.inc Auto-merging Koha/Patron.pm error: Failed to merge in the changes. Patch failed at 0001 Bug 23816: Add minimum password length and require strong password overrides by category The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem run "git bz apply --continue". If you would prefer to skip this patch, instead run "git bz apply --skip". To restore the original branch and stop patching run "git bz apply --abort". Patch left in /tmp/Bug-23816-Add-minimum-password-length-and-require--PKRJhY.patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 koha-US bug tracker <bugzilla@koha-us.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla@koha-us.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=25934 CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #21 from David Cook <dcook@prosentient.com.au> --- Wow this is intimidating. I want to make the password policy much more complex via Bug 25934, but it looks like a lot of the password code needs refactoring. Kudos to you for doing all this work O_O. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=12617 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #22 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Another rebase request ;)... two QAers interested here.. grab them whilst it's hot ;) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103805|0 |1 is obsolete| | Attachment #103806|0 |1 is obsolete| | Attachment #103807|0 |1 is obsolete| | Attachment #103808|0 |1 is obsolete| | Attachment #103809|0 |1 is obsolete| | Attachment #103810|0 |1 is obsolete| | --- Comment #23 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 107158 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107158&action=edit Bug 23816: Update kohastructure and atomic update Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #24 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 107159 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107159&action=edit Bug 23816: [DO NOT PUSH] Update category schema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #25 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 107160 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107160&action=edit Bug 23816: (follow-up) Define boolean column in shcema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #26 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 107161 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107161&action=edit Bug 23816: Add tests Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #27 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 107162 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107162&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #28 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 107163 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107163&action=edit Bug 23816: Fix other tests This patch fixes other tests broken by new password length and strength override To test: 1. prove t/db_dependent/Auth.t \ t/db_dependent/Koha/Patron.t \ t/db_dependent/Koha/Patrons.t \ t/db_dependent/Koha/Patrons/Import.t \ t/db_dependent/Koha/Plugins/Patron.t \ t/db_dependent/Search/History.t \ t/db_dependent/api/v1/auth_basic.t \ t/db_dependent/api/v1/checkouts.t \ t/db_dependent/api/v1/patrons_password.t \ t/db_dependent/selenium/authentication.t \ t/db_dependent/selenium/regressions.t 2. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #29 from Agustín Moyano <agustinmoyano@theke.io> --- Patches rebased! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #30 from Agustín Moyano <agustinmoyano@theke.io> --- Please keep in mind that when test plan was written, default values for minPasswordLength and RequireStrongPassword preferences where 3 and 0 respectively. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA --- Comment #31 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- There is an error in the QA tools I haven't seen before - can you please check? FAIL koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt OK filters OK forbidden patterns OK git manipulation OK js_in_body OK spelling OK tt_valid FAIL valid_template The method Koha::Patron::Category->effective_min_password_length is not covered by tests! Trace begun at /home/vagrant/kohaclone/Koha/Object.pm line 780 Koha::Object::AUTOLOAD('Koha::Patron::Category=HASH(0x5577edf29f10)') called at /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt line 264 eval {...} at /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt line 264 eval {...} at /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt line 273 eval {...} at /home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt line 7 Template::Document::__ANON__('Template::Context=HASH(0x5577edf4e430)') called at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template/Document.pm line 163 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template/Document.pm line 161 Template::Document::process('Template::Document=HASH(0x5577edf45388)', 'Template::Context=HASH(0x5577edf4e430)') called at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template/Context.pm line 351 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template/Context.pm line 321 Template::Context::process('Template::Context=HASH(0x5577edf4e430)', 'Template::Document=HASH(0x5577edf45388)') called at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template/Service.pm line 94 eval {...} at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template/Service.pm line 91 Template::Service::process('Template::Service=HASH(0x5577edbc73e0)', '/home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt', 'HASH(0x5577eda95578)') called at /usr/lib/x86_64-linux-gnu/perl5/5.24/Template.pm line 66 Template::process('Template=HASH(0x5577edbe2820)', '/home/vagrant/kohaclone/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt', 'HASH(0x5577eda95578)', 'SCALAR(0x5577e509f0c0)') called at /home/vagrant/qa-test-tools/QohA/File/Template.pm line 94 QohA::File::Template::check_valid_template('QohA::File::Template=HASH(0x5577e51f9490)') called at /home/vagrant/qa-test-tools/QohA/File/Template.pm line 23 QohA::File::Template::run_checks('QohA::File::Template=HASH(0x5577e51f9490)', 6) called at /home/vagrant/qa-test-tools/koha-qa.pl line 98 eval {...} at /home/vagrant/qa-test-tools/koha-qa.pl line 63 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com Status|Failed QA |Signed Off --- Comment #32 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Katrin Fischer from comment #31)
There is an error in the QA tools I haven't seen before - can you please check?
FAIL koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt OK filters OK forbidden patterns OK git manipulation OK js_in_body OK spelling OK tt_valid FAIL valid_template The method Koha::Patron::Category->effective_min_password_length is not covered by tests!
This is probably some false positive, as the method exists and is broadly used. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #107158|0 |1 is obsolete| | --- Comment #33 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 108554 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108554&action=edit Bug 23816: Update kohastructure and atomic update Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #107159|0 |1 is obsolete| | --- Comment #34 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 108555 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108555&action=edit Bug 23816: [DO NOT PUSH] Update category schema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #107160|0 |1 is obsolete| | --- Comment #35 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 108556 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108556&action=edit Bug 23816: (follow-up) Define boolean column in shcema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #107161|0 |1 is obsolete| | --- Comment #36 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 108557 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108557&action=edit Bug 23816: Add tests Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #107162|0 |1 is obsolete| | --- Comment #37 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 108558 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108558&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #107163|0 |1 is obsolete| | --- Comment #38 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 108559 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108559&action=edit Bug 23816: Fix other tests This patch fixes other tests broken by new password length and strength override To test: 1. prove t/db_dependent/Auth.t \ t/db_dependent/Koha/Patron.t \ t/db_dependent/Koha/Patrons.t \ t/db_dependent/Koha/Patrons/Import.t \ t/db_dependent/Koha/Plugins/Patron.t \ t/db_dependent/Search/History.t \ t/db_dependent/api/v1/auth_basic.t \ t/db_dependent/api/v1/checkouts.t \ t/db_dependent/api/v1/patrons_password.t \ t/db_dependent/selenium/authentication.t \ t/db_dependent/selenium/regressions.t 2. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108559|0 |1 is obsolete| | --- Comment #39 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 108571 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108571&action=edit Bug 23816: Set default value in tests We tell TestBuilder to generate the categories with NULL (and rely on the sysprefs) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #40 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 108572 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=108572&action=edit Bug 23816: trivial code simplification Ease readability -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Failed QA CC| |jonathan.druart@bugs.koha-c | |ommunity.org --- Comment #41 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Hola Agustin, 1. The first patch ("Set default value in tests") is dealing with default values we want to apply for all tests. It replaces your last patch. It's the way to go when you face such situations, easier than update all test scripts ;) 2. I am not sure we should modify misc/admin/set_password.pl It's an sysop script, and sysops (are supposed to) know what they are doing. It's a behaviour change that is not advertised. (for discussion) 3. It seems that we need make categorycode param mandatory. The only call to adjust is from the onboarding tool 4. I don't think we need a new test file, t/AuthUtils.t can be reused easily. The only thing you need is to mock the categories table (search for 'fixtures_ok' in t) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #42 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Jonathan Druart from comment #41)
2. I am not sure we should modify misc/admin/set_password.pl It's an sysop script, and sysops (are supposed to) know what they are doing. It's a behaviour change that is not advertised. (for discussion)
Sorry, I misread. That is for password generation, if none provided. Where is this '6' coming from? :) -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=21976 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |12617 See Also|https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=12617 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617 [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #43 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- 5. Also input type="number" should not be used https://technology.blog.gov.uk/2020/02/24/why-the-gov-uk-design-system-team-... http://irc.koha-community.org/koha/2020-01-24#i_2212331 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #44 from Agustín Moyano <agustinmoyano@theke.io> --- (In reply to Jonathan Druart from comment #42)
(In reply to Jonathan Druart from comment #41)
2. I am not sure we should modify misc/admin/set_password.pl It's an sysop script, and sysops (are supposed to) know what they are doing. It's a behaviour change that is not advertised. (for discussion)
Sorry, I misread. That is for password generation, if none provided.
Where is this '6' coming from? :)
That 6 comes from here $generator->randregex('[A-Za-z][A-Za-z0-9_]{6}.[A-Za-z][A-Za-z0-9_]{6}\d'); ^ The last 6 in the regex means the length it will generate, and in my script I replaced that part with: '[A-Za-z][A-Za-z0-9_]{6}.[A-Za-z][A-Za-z0-9_]{'.$n.'}\d' where $n was the minimum password length for the user's category -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Emmi Takkinen <emmi.takkinen@outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emmi.takkinen@outlook.com --- Comment #45 from Emmi Takkinen <emmi.takkinen@outlook.com> --- There's a typo on last patch: syntax error at /var/Koha/Koha/Patron/Category.pm line 238, near "->reset_password ) " -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Agustín Moyano <agustinmoyano@theke.io> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108571|0 |1 is obsolete| | Attachment #108572|0 |1 is obsolete| | --- Comment #46 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 109243 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109243&action=edit Bug 23816: Set default value in tests We tell TestBuilder to generate the categories with NULL (and rely on the sysprefs) Signed-off-by: Agustin Moyano <agustinmoyano@theke.io> https://bugs.koha-community.org/show_bug.cgi?id=23826 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #47 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 109244 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109244&action=edit Bug 23816: trivial code simplification Ease readability Signed-off-by: Agustin Moyano <agustinmoyano@theke.io> https://bugs.koha-community.org/show_bug.cgi?id=23826 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #48 from Agustín Moyano <agustinmoyano@theke.io> --- Created attachment 109245 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109245&action=edit Bug 23816: (follow-up) Fix many things This patch: * reverts changes on misc/admin/set_password.pl * makes category param mandatory for AuthUtils::is_valid_password and AuthUtils::generate_password * changes onboarding.pl to set category param in AuthUtils::is_valid_password * Completes t/db_dependent/AuthUtils.t and drops t/AuthUtils.t * Removes offending <input type="number"/> and replaces it by <input type="text" inputmode="numeric" pattern="[0-9]*"/> https://bugs.koha-community.org/show_bug.cgi?id=23826 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #49 from Agustín Moyano <agustinmoyano@theke.io> --- (In reply to Emmi Takkinen from comment #45)
There's a typo on last patch:
syntax error at /var/Koha/Koha/Patron/Category.pm line 238, near "->reset_password ) "
Thanks Emmi for catching this up -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #50 from Agustín Moyano <agustinmoyano@theke.io> --- When I execute qa of this patchset, I get FAIL koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt FAIL valid_template The method Koha::Patron::Category->effective_min_password_length is not covered by tests! This must be a qa script bug, because Koha::Patron::Category has the method effective_min_password_length, and it's covered by tests.. maybe it's checking in Schema class, instead of Koha::Object? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #51 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- (In reply to Agustín Moyano from comment #50)
When I execute qa of this patchset, I get
FAIL koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt FAIL valid_template The method Koha::Patron::Category->effective_min_password_length is not covered by tests!
This must be a qa script bug, because Koha::Patron::Category has the method effective_min_password_length, and it's covered by tests.. maybe it's checking in Schema class, instead of Koha::Object?
I don't see that fail when I run the QA tools on it. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #52 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- (In reply to Katrin Fischer from comment #51)
(In reply to Agustín Moyano from comment #50)
When I execute qa of this patchset, I get
FAIL koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt FAIL valid_template The method Koha::Patron::Category->effective_min_password_length is not covered by tests!
This must be a qa script bug, because Koha::Patron::Category has the method effective_min_password_length, and it's covered by tests.. maybe it's checking in Schema class, instead of Koha::Object?
I don't see that fail when I run the QA tools on it.
... I was looking in the wrong spot - It does fail... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108554|0 |1 is obsolete| | --- Comment #53 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109249 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109249&action=edit Bug 23816: Update kohastructure and atomic update Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108555|0 |1 is obsolete| | --- Comment #54 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109250 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109250&action=edit Bug 23816: [DO NOT PUSH] Update category schema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108556|0 |1 is obsolete| | --- Comment #55 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109251 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109251&action=edit Bug 23816: (follow-up) Define boolean column in shcema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108557|0 |1 is obsolete| | --- Comment #56 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109252 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109252&action=edit Bug 23816: Add tests Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #108558|0 |1 is obsolete| | --- Comment #57 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109253 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109253&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109243|0 |1 is obsolete| | --- Comment #58 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109254 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109254&action=edit Bug 23816: Set default value in tests We tell TestBuilder to generate the categories with NULL (and rely on the sysprefs) Signed-off-by: Agustin Moyano <agustinmoyano@theke.io> https://bugs.koha-community.org/show_bug.cgi?id=23826 Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109244|0 |1 is obsolete| | --- Comment #59 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109255 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109255&action=edit Bug 23816: trivial code simplification Ease readability Signed-off-by: Agustin Moyano <agustinmoyano@theke.io> https://bugs.koha-community.org/show_bug.cgi?id=23826 Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109245|0 |1 is obsolete| | --- Comment #60 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109256 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109256&action=edit Bug 23816: (follow-up) Fix many things This patch: * reverts changes on misc/admin/set_password.pl * makes category param mandatory for AuthUtils::is_valid_password and AuthUtils::generate_password * changes onboarding.pl to set category param in AuthUtils::is_valid_password * Completes t/db_dependent/AuthUtils.t and drops t/AuthUtils.t * Removes offending <input type="number"/> and replaces it by <input type="text" inputmode="numeric" pattern="[0-9]*"/> https://bugs.koha-community.org/show_bug.cgi?id=23826 Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #61 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 109257 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109257&action=edit Bug 23816: (QA follow-up) Use existing form validation to validate min password length The pattern check didn't work for me, but I figured we might want to use the same validation as for the other numeric fields on the form instead (upper age limit, etc.) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #62 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Agustín Moyano from comment #50)
When I execute qa of this patchset, I get
FAIL koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt FAIL valid_template The method Koha::Patron::Category->effective_min_password_length is not covered by tests!
This must be a qa script bug, because Koha::Patron::Category has the method effective_min_password_length, and it's covered by tests.. maybe it's checking in Schema class, instead of Koha::Object?
This is a bug in the QA script, I opened an issue and submitted a merge request. https://gitlab.com/koha-community/qa-test-tools/-/issues/37 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Patch doesn't apply --- Comment #63 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Please rebase (conflict with bug 19889). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109249|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109250|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109251|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109252|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109253|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109254|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109255|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109256|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #109257|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #64 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109520 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109520&action=edit Bug 23816: Update kohastructure and atomic update Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #65 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109521 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109521&action=edit Bug 23816: [DO NOT PUSH] Update category schema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #66 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109522 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109522&action=edit Bug 23816: (follow-up) Define boolean column in shcema Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #67 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109523 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109523&action=edit Bug 23816: Add tests Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #68 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109524 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109524&action=edit Bug 23816: Add minimum password length and require strong password overrides by category This patch adds the capability to override minPasswordLenth and RequireStrongPassword settings by category To test: 1. koha-shell kohadev 2. koha-mysql kohadev 3. drop database koha_kohadev; 4. create database koha_kohadev; 5. go to admin page and start webinstaller. There continue the steps until onboarding. 6. reach step 3 of onboarding and create a new administrator patron CHECH => Password control woks as normal (Minimum length 3 and strong required) 7. finish Koha installation and enter admin with your new administrator 8. set minPasswordLength to 3 and RequireStrongPassword to “Don’t require” 9. Create a new category (CAT2 from now on.. CAT1 is the category you made in onboarding process) and set minimum password length to 8 and require strong password 10. Create two new patrons, one with CAT1(patron1) and one with CAT2 (patron2) CHECK => In both cases, try different combinations of length and strength. For patron1 the only requirement is to have 3 letters, but for patron2 the minimum length will be 8 and will require strong password. CHECK => Try changing patron category before saving. Password requirements will change with category change. 11. Edit CAT1 and set minimum password length to 5 12. Go to patron1 details page, and change password. CHECH => Now password minimum length is 5, but still it doesn’t require strong password 13. Edit CAT1, leave blank minimum password length and set require strong password to yes. 14. Go to patron1 details page, and change password. CHECH => Password minimum length is back to 3, but now strong password is required 15. Set minimum password length in CAT2 to 12. 16. Go to patron2 details page, and click to fill a random generated password CHECK => generated password should be 12 characters length 17. Set PatronSelfRegistration to Allow in admin settings 18. Go to OPAC and fill self registration from. CHECK => Play with patron category. For each change in category, password requirements are modified. CHECK => Set CAT1 as patron category, set ‘aA1’ as password (or another valid password for CAT1) and before hitting submit button, change to CAT2. Form should enter invalid state, and CAT2 password requirements should be displayed as error in password input. 19. Create a patron for CAT1 and another for CAT2, leaving password blank CHECK => For CAT1’s patron, generated password length is 8 (minimum length for generated passwords), but for CAT2’s patron should be 12 20. In admin set PatronSelfRegistrationVerifyByEmail to require 21. Fill self registration form again with CAT2 as category CHECK => Password requirements works as previous case. 22. Leave password blank and click submit 23. select * from message_queue; 24. Copy the link in the message and paste it in OPAC CHECH => Generated password is 12 characters long. (Copy user id for next steps) 25. In admin set OpacResetPassword to Allow 26. Go back to OPAC, reload and click on “Forgot password?” link 27. Paste user id and click submit 28. Repeat steps 23 and 24 CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in warning. 29. Login OPAC with the last user and your newly created password 30. Go to “Change your password” option CHECK => Info message says “Your password must contain at least 12 characters, including UPPERCASE, lowercase and numbers.” CHECK => enter an invalid password and you’ll get the same message in below “New password” input. 31. prove t/db_dependent/AuthUtils.t t/db_dependent/Koha/Patron/Category.t 32. Sign off Sponsored-by: Northeast Kansas Library - NEKLS Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #69 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109525 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109525&action=edit Bug 23816: Set default value in tests We tell TestBuilder to generate the categories with NULL (and rely on the sysprefs) Signed-off-by: Agustin Moyano <agustinmoyano@theke.io> https://bugs.koha-community.org/show_bug.cgi?id=23826 Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #70 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109526 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109526&action=edit Bug 23816: trivial code simplification Ease readability Signed-off-by: Agustin Moyano <agustinmoyano@theke.io> https://bugs.koha-community.org/show_bug.cgi?id=23826 Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #71 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109527 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109527&action=edit Bug 23816: (follow-up) Fix many things This patch: * reverts changes on misc/admin/set_password.pl * makes category param mandatory for AuthUtils::is_valid_password and AuthUtils::generate_password * changes onboarding.pl to set category param in AuthUtils::is_valid_password * Completes t/db_dependent/AuthUtils.t and drops t/AuthUtils.t * Removes offending <input type="number"/> and replaces it by <input type="text" inputmode="numeric" pattern="[0-9]*"/> https://bugs.koha-community.org/show_bug.cgi?id=23826 Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #72 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 109528 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109528&action=edit Bug 23816: (QA follow-up) Use existing form validation to validate min password length The pattern check didn't work for me, but I figured we might want to use the same validation as for the other numeric fields on the form instead (upper age limit, etc.) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |20.11.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #73 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Pushed to master for 20.11, thanks to everybody involved! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #74 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 109833 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109833&action=edit Bug 23816: Fix patron edition The patron edition was broken, we always got the pattern alert Password: Password must contain at least 8 characters, including UPPERCASE, lowercase and numbers -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #75 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 109834 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109834&action=edit Bug 23816: Fix selenium tests -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #76 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Last 2 follow-ups pushed to master. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Lucas Gass <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com --- Comment #77 from Lucas Gass <lucas@bywatersolutions.com> --- enhancement will not be backported to 20.05.x series -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 koha-US bug tracker <bugzilla@koha-us.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|bugzilla@koha-us.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |release-notes-needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|release-notes-needed | --- Comment #78 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Removing the "release notes needed" keyword, as it's released now... Would have been good to have it in time. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 --- Comment #79 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- There is a critical bug for 20.11 caused by this patchset, see bug 27147. Please fix ASAP. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |27148 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27148 [Bug 27148] Internal Server Error during self registration 20.11 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816 Andrew Fuerste-Henry <andrew@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |27430 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27430 [Bug 27430] Use minimum length for patron category on password hint -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org