[Bug 30588] New: Add the option to require 2FA setup on first login
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Bug ID: 30588 Summary: Add the option to require 2FA setup on first login Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: martin.renvoize@ptfs-europe.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org We should add the option to require 2FA configuration at first login for staff users when 2FA is enabled on the system. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |28786 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786 [Bug 28786] Two-factor authentication for staff client - TOTP -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |20476 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476 [Bug 20476] Two factor authentication for the staff client - omnibus -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Bug 30588 depends on bug 28786, which changed state. Bug 28786 Summary: Two-factor authentication for staff client - TOTP https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to master |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Add the option to require |Add the option to require |2FA setup on first login |2FA setup on first staff | |login -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Change sponsored?|--- |Sponsored Status|NEW |ASSIGNED CC| |jonathan.druart+koha@gmail. | |com Assignee|koha-bugs@lists.koha-commun |jonathan.druart+koha@gmail. |ity.org |com -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |31244, 28787 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787 [Bug 28787] Send a notice with the TOTP token https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31244 [Bug 31244] Logout when not logged in raise a 500 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #1 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138160 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138160&action=edit Bug 30588: Add 'enforced' option to TwoFactorAuthentication Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #2 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138161 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138161&action=edit Bug 30588: Adjust existing occurrences of TwoFactorAuthentication We need to replace 0 with 'disabled', and 1 with 'enabled' Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #3 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138162 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138162&action=edit Bug 30588: Add the option to require 2FA setup on first staff login Bug 28786 added the ability to turn on a two-factor authentication, using a One Time Password (OTP). Once enabled on the system, librarian had the choice to enable or disable it for themselves. For security reason an administrator could decide to force the librarians to use this second authentication step. This patch adds a third option to the existing syspref, 'Enforced', for that purpose. QA notes: the code we had in the members/two_factor_auth.pl controller has been moved to REST API controller methods (with their tests and swagger specs), for reusability reason. Code from template has been moved to an include file for the same reason. Test plan: A. Regression tests As we modified the code we need first to confirm the existing features are still working as expected. 1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to enable and access the second authentication step 2. Turn it on (enabled) and confirm that you are able to enable it in your account 3. Logout and confirm then that you are able to login into Koha B. The new option 1. Set the pref to "enforced" 2. You are not logged out, logged in users stay logged in 3. Pick a user that does not have 2FA setup, login 4. Notice the new screen (UI is a bit ugly, suggestions welcomed) 5. Try to access Koha without enabling 2FA, you shouldn't be able to access any pages 6. Setup 2FA and confirm that you are redirected to the login screen 7. Login, send the correct pin code => You are fully logged in! Note that at 6 we could redirect to the mainpage, without the need to login again, but I think it's preferable to reduce the change to C4::Auth. If it's considered mandatory by QA I could have a look on another bug report. Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #4 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138163 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138163&action=edit Bug 30588: Adjust existing selenium tests Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #5 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138164 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138164&action=edit Bug 30588: Add tests for the REST API routes Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #6 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138165 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138165&action=edit Bug 30588: Add selenium tests Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #7 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138166 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138166&action=edit Bug 30588: Add tests for C4::checkauth Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #8 from David Cook <dcook@prosentient.com.au> --- Ohh I'm curious about this one. I wonder if "Bug 28980 - Add temporary passwords which must be reset after first login" would be able to make use of any hooks from this. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #9 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138191 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138191&action=edit Bug 30588: Add missing atomic update -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #10 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138193 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138193&action=edit Bug 30588: Add missing include file -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Patch doesn't apply --- Comment #11 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Sorry Jonathan, I get sha1 missing of useless problems when trying to apply this patch series :(. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Patch doesn't apply |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138160|0 |1 is obsolete| | Attachment #138161|0 |1 is obsolete| | Attachment #138162|0 |1 is obsolete| | Attachment #138163|0 |1 is obsolete| | Attachment #138164|0 |1 is obsolete| | Attachment #138165|0 |1 is obsolete| | Attachment #138166|0 |1 is obsolete| | Attachment #138191|0 |1 is obsolete| | Attachment #138193|0 |1 is obsolete| | --- Comment #12 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138953 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138953&action=edit Bug 30588: Add 'enforced' option to TwoFactorAuthentication Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #13 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138954 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138954&action=edit Bug 30588: Adjust existing occurrences of TwoFactorAuthentication We need to replace 0 with 'disabled', and 1 with 'enabled' Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #14 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138955 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138955&action=edit Bug 30588: Add the option to require 2FA setup on first staff login Bug 28786 added the ability to turn on a two-factor authentication, using a One Time Password (OTP). Once enabled on the system, librarian had the choice to enable or disable it for themselves. For security reason an administrator could decide to force the librarians to use this second authentication step. This patch adds a third option to the existing syspref, 'Enforced', for that purpose. QA notes: the code we had in the members/two_factor_auth.pl controller has been moved to REST API controller methods (with their tests and swagger specs), for reusability reason. Code from template has been moved to an include file for the same reason. Test plan: A. Regression tests As we modified the code we need first to confirm the existing features are still working as expected. 1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to enable and access the second authentication step 2. Turn it on (enabled) and confirm that you are able to enable it in your account 3. Logout and confirm then that you are able to login into Koha B. The new option 1. Set the pref to "enforced" 2. You are not logged out, logged in users stay logged in 3. Pick a user that does not have 2FA setup, login 4. Notice the new screen (UI is a bit ugly, suggestions welcomed) 5. Try to access Koha without enabling 2FA, you shouldn't be able to access any pages 6. Setup 2FA and confirm that you are redirected to the login screen 7. Login, send the correct pin code => You are fully logged in! Note that at 6 we could redirect to the mainpage, without the need to login again, but I think it's preferable to reduce the change to C4::Auth. If it's considered mandatory by QA I could have a look on another bug report. Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #15 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138956 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138956&action=edit Bug 30588: Adjust existing selenium tests Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #16 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138957 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138957&action=edit Bug 30588: Add tests for the REST API routes Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #17 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138958 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138958&action=edit Bug 30588: Add selenium tests Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #18 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138959 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138959&action=edit Bug 30588: Add tests for C4::checkauth Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #19 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138960 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138960&action=edit Bug 30588: Add missing atomic update -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #20 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138961 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138961&action=edit Bug 30588: Add missing include file -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #21 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 138962 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=138962&action=edit Bug 30588: FIX serial claims filters -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138962|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #22 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140365 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140365&action=edit Bug 30588: (QA follow-up) Typos in sysprefs.sql The codebase uses disabled and enforced which is imo better too. So we need to fix this sql file. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #23 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140366 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140366&action=edit Bug 30588: (QA follow-up) Missing shebang in TwoFactorAuth.t Test plan: Try t/db_dependent/Koha/Auth/TwoFactorAuth.t on cmd line. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #24 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140367 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140367&action=edit Bug 30588: (QA follow-up) Remove erroneous FIXME Comment speaks for itself. Look at surrounding code. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #25 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140368 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140368&action=edit Bug 30588: (QA follow-up) Auth - remove two warns and second logout Resolves: Use of uninitialized value $request_method in string eq at /usr/share/koha/C4/Auth.pm line 1122. Use of uninitialized value $return in numeric gt (>) at /usr/share/koha/C4/Auth.pm line 1155. We also remove the double logout from Auth.t Test plan: Run t/db_dependent/Auth.t Check if you do not see the warns anymore. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #26 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140369 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140369&action=edit Bug 30588: (QA follow-up) Adjust flags for two_factor_auth.pl Anyone with staff access (catalogue) should be able to go to account and enable 2FA. Test plan: Have a staff user with minimum staff permission. Access account, manage 2FA. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #27 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Still testing actually. Having some issues when changing users in Enforced state. But not sure yet what's going on. If you wanna test too, please do ! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #28 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to Marcel de Rooy from comment #27)
Still testing actually. Having some issues when changing users in Enforced state. But not sure yet what's going on.
If you wanna test too, please do !
Found it. Adding a last follow-up. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off Patch complexity|--- |Medium patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138953|0 |1 is obsolete| | --- Comment #29 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140416 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140416&action=edit Bug 30588: Add 'enforced' option to TwoFactorAuthentication Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138954|0 |1 is obsolete| | --- Comment #30 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140417 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140417&action=edit Bug 30588: Adjust existing occurrences of TwoFactorAuthentication We need to replace 0 with 'disabled', and 1 with 'enabled' Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138955|0 |1 is obsolete| | --- Comment #31 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140418 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140418&action=edit Bug 30588: Add the option to require 2FA setup on first staff login Bug 28786 added the ability to turn on a two-factor authentication, using a One Time Password (OTP). Once enabled on the system, librarian had the choice to enable or disable it for themselves. For security reason an administrator could decide to force the librarians to use this second authentication step. This patch adds a third option to the existing syspref, 'Enforced', for that purpose. QA notes: the code we had in the members/two_factor_auth.pl controller has been moved to REST API controller methods (with their tests and swagger specs), for reusability reason. Code from template has been moved to an include file for the same reason. Test plan: A. Regression tests As we modified the code we need first to confirm the existing features are still working as expected. 1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to enable and access the second authentication step 2. Turn it on (enabled) and confirm that you are able to enable it in your account 3. Logout and confirm then that you are able to login into Koha B. The new option 1. Set the pref to "enforced" 2. You are not logged out, logged in users stay logged in 3. Pick a user that does not have 2FA setup, login 4. Notice the new screen (UI is a bit ugly, suggestions welcomed) 5. Try to access Koha without enabling 2FA, you shouldn't be able to access any pages 6. Setup 2FA and confirm that you are redirected to the login screen 7. Login, send the correct pin code => You are fully logged in! Note that at 6 we could redirect to the mainpage, without the need to login again, but I think it's preferable to reduce the change to C4::Auth. If it's considered mandatory by QA I could have a look on another bug report. Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138956|0 |1 is obsolete| | --- Comment #32 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140419 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140419&action=edit Bug 30588: Adjust existing selenium tests Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138957|0 |1 is obsolete| | --- Comment #33 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140420 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140420&action=edit Bug 30588: Add tests for the REST API routes Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138958|0 |1 is obsolete| | --- Comment #34 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140421 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140421&action=edit Bug 30588: Add selenium tests Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138959|0 |1 is obsolete| | --- Comment #35 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140422 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140422&action=edit Bug 30588: Add tests for C4::checkauth Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138960|0 |1 is obsolete| | --- Comment #36 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140423 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140423&action=edit Bug 30588: Add missing atomic update Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #138961|0 |1 is obsolete| | --- Comment #37 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140424 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140424&action=edit Bug 30588: Add missing include file Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #140365|0 |1 is obsolete| | --- Comment #38 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140425 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140425&action=edit Bug 30588: (QA follow-up) Typos in sysprefs.sql The codebase uses disabled and enforced which is imo better too. So we need to fix this sql file. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #140366|0 |1 is obsolete| | --- Comment #39 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140426 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140426&action=edit Bug 30588: (QA follow-up) Missing shebang in TwoFactorAuth.t Test plan: Try t/db_dependent/Koha/Auth/TwoFactorAuth.t on cmd line. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #140367|0 |1 is obsolete| | --- Comment #40 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140427 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140427&action=edit Bug 30588: (QA follow-up) Remove erroneous FIXME Comment speaks for itself. Look at surrounding code. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #140368|0 |1 is obsolete| | --- Comment #41 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140428 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140428&action=edit Bug 30588: (QA follow-up) Auth - remove two warns and second logout Resolves: Use of uninitialized value $request_method in string eq at /usr/share/koha/C4/Auth.pm line 1122. Use of uninitialized value $return in numeric gt (>) at /usr/share/koha/C4/Auth.pm line 1155. We also remove the double logout from Auth.t Test plan: Run t/db_dependent/Auth.t Check if you do not see the warns anymore. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #140369|0 |1 is obsolete| | --- Comment #42 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140429 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140429&action=edit Bug 30588: (QA follow-up) Adjust flags for two_factor_auth.pl Anyone with staff access (catalogue) should be able to go to account and enable 2FA. Test plan: Have a staff user with minimum staff permission. Access account, manage 2FA. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #43 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Created attachment 140430 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=140430&action=edit Bug 30588: (QA follow-up) Clear waiting-for-2FA-setup in session If we do not clear this session, the first login directly after setup does not really enhances user experience ;) Test plan: Make sure 2FA is enforced. Test the above. Disable your 2FA, logout and login. Verify that you can access pages with this patch now. Without this patch you could not. Run these tests to provide more confidence: t/db_dependent/Auth.t t/db_dependent/api/v1/two_factor_auth.t t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Bug 30588 depends on bug 31244, which changed state. Bug 31244 Summary: Logout when not logged in raise a 500 https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31244 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to stable |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #140416|0 |1 is obsolete| | Attachment #140417|0 |1 is obsolete| | Attachment #140418|0 |1 is obsolete| | Attachment #140419|0 |1 is obsolete| | Attachment #140420|0 |1 is obsolete| | Attachment #140421|0 |1 is obsolete| | Attachment #140422|0 |1 is obsolete| | Attachment #140423|0 |1 is obsolete| | Attachment #140424|0 |1 is obsolete| | Attachment #140425|0 |1 is obsolete| | Attachment #140426|0 |1 is obsolete| | Attachment #140427|0 |1 is obsolete| | Attachment #140428|0 |1 is obsolete| | Attachment #140429|0 |1 is obsolete| | Attachment #140430|0 |1 is obsolete| | --- Comment #44 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141978 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141978&action=edit Bug 30588: Add 'enforced' option to TwoFactorAuthentication Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #45 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141979 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141979&action=edit Bug 30588: Adjust existing occurrences of TwoFactorAuthentication We need to replace 0 with 'disabled', and 1 with 'enabled' Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #46 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141980 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141980&action=edit Bug 30588: Add the option to require 2FA setup on first staff login Bug 28786 added the ability to turn on a two-factor authentication, using a One Time Password (OTP). Once enabled on the system, librarian had the choice to enable or disable it for themselves. For security reason an administrator could decide to force the librarians to use this second authentication step. This patch adds a third option to the existing syspref, 'Enforced', for that purpose. QA notes: the code we had in the members/two_factor_auth.pl controller has been moved to REST API controller methods (with their tests and swagger specs), for reusability reason. Code from template has been moved to an include file for the same reason. Test plan: A. Regression tests As we modified the code we need first to confirm the existing features are still working as expected. 1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to enable and access the second authentication step 2. Turn it on (enabled) and confirm that you are able to enable it in your account 3. Logout and confirm then that you are able to login into Koha B. The new option 1. Set the pref to "enforced" 2. You are not logged out, logged in users stay logged in 3. Pick a user that does not have 2FA setup, login 4. Notice the new screen (UI is a bit ugly, suggestions welcomed) 5. Try to access Koha without enabling 2FA, you shouldn't be able to access any pages 6. Setup 2FA and confirm that you are redirected to the login screen 7. Login, send the correct pin code => You are fully logged in! Note that at 6 we could redirect to the mainpage, without the need to login again, but I think it's preferable to reduce the change to C4::Auth. If it's considered mandatory by QA I could have a look on another bug report. Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #47 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141981 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141981&action=edit Bug 30588: Adjust existing selenium tests Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #48 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141982 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141982&action=edit Bug 30588: Add tests for the REST API routes Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #49 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141983 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141983&action=edit Bug 30588: Add selenium tests Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #50 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141984 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141984&action=edit Bug 30588: Add tests for C4::checkauth Sponsored-by: Rijksmuseum, Netherlands -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #51 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141985 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141985&action=edit Bug 30588: Add missing atomic update -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #52 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141986 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141986&action=edit Bug 30588: Add missing include file -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #53 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141987 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141987&action=edit Bug 30588: (QA follow-up) Typos in sysprefs.sql The codebase uses disabled and enforced which is imo better too. So we need to fix this sql file. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #54 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141988 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141988&action=edit Bug 30588: (QA follow-up) Missing shebang in TwoFactorAuth.t Test plan: Try t/db_dependent/Koha/Auth/TwoFactorAuth.t on cmd line. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #55 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141989 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141989&action=edit Bug 30588: (QA follow-up) Remove erroneous FIXME Comment speaks for itself. Look at surrounding code. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #56 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141990 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141990&action=edit Bug 30588: (QA follow-up) Auth - remove two warns and second logout Resolves: Use of uninitialized value $request_method in string eq at /usr/share/koha/C4/Auth.pm line 1122. Use of uninitialized value $return in numeric gt (>) at /usr/share/koha/C4/Auth.pm line 1155. We also remove the double logout from Auth.t Test plan: Run t/db_dependent/Auth.t Check if you do not see the warns anymore. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #57 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141991 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141991&action=edit Bug 30588: (QA follow-up) Adjust flags for two_factor_auth.pl Anyone with staff access (catalogue) should be able to go to account and enable 2FA. Test plan: Have a staff user with minimum staff permission. Access account, manage 2FA. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #58 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Created attachment 141992 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=141992&action=edit Bug 30588: (QA follow-up) Clear waiting-for-2FA-setup in session If we do not clear this session, the first login directly after setup does not really enhances user experience ;) Test plan: Make sure 2FA is enforced. Test the above. Disable your 2FA, logout and login. Verify that you can access pages with this patch now. Without this patch you could not. Run these tests to provide more confidence: t/db_dependent/Auth.t t/db_dependent/api/v1/two_factor_auth.t t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #59 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- Just a rebase. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141978|0 |1 is obsolete| | --- Comment #60 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142344 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142344&action=edit Bug 30588: Add 'enforced' option to TwoFactorAuthentication Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141979|0 |1 is obsolete| | --- Comment #61 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142345 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142345&action=edit Bug 30588: Adjust existing occurrences of TwoFactorAuthentication We need to replace 0 with 'disabled', and 1 with 'enabled' Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141980|0 |1 is obsolete| | --- Comment #62 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142346 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142346&action=edit Bug 30588: Add the option to require 2FA setup on first staff login Bug 28786 added the ability to turn on a two-factor authentication, using a One Time Password (OTP). Once enabled on the system, librarian had the choice to enable or disable it for themselves. For security reason an administrator could decide to force the librarians to use this second authentication step. This patch adds a third option to the existing syspref, 'Enforced', for that purpose. QA notes: the code we had in the members/two_factor_auth.pl controller has been moved to REST API controller methods (with their tests and swagger specs), for reusability reason. Code from template has been moved to an include file for the same reason. Test plan: A. Regression tests As we modified the code we need first to confirm the existing features are still working as expected. 1. Turn off TwoFactorAuthentication (disabled) and confirm that you are not able to enable and access the second authentication step 2. Turn it on (enabled) and confirm that you are able to enable it in your account 3. Logout and confirm then that you are able to login into Koha B. The new option 1. Set the pref to "enforced" 2. You are not logged out, logged in users stay logged in 3. Pick a user that does not have 2FA setup, login 4. Notice the new screen (UI is a bit ugly, suggestions welcomed) 5. Try to access Koha without enabling 2FA, you shouldn't be able to access any pages 6. Setup 2FA and confirm that you are redirected to the login screen 7. Login, send the correct pin code => You are fully logged in! Note that at 6 we could redirect to the mainpage, without the need to login again, but I think it's preferable to reduce the change to C4::Auth. If it's considered mandatory by QA I could have a look on another bug report. Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141981|0 |1 is obsolete| | --- Comment #63 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142347 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142347&action=edit Bug 30588: Adjust existing selenium tests Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141982|0 |1 is obsolete| | --- Comment #64 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142348 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142348&action=edit Bug 30588: Add tests for the REST API routes Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141983|0 |1 is obsolete| | --- Comment #65 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142349 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142349&action=edit Bug 30588: Add selenium tests Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141984|0 |1 is obsolete| | --- Comment #66 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142350 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142350&action=edit Bug 30588: Add tests for C4::checkauth Sponsored-by: Rijksmuseum, Netherlands Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141985|0 |1 is obsolete| | --- Comment #67 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142351 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142351&action=edit Bug 30588: Add missing atomic update Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141986|0 |1 is obsolete| | --- Comment #68 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142352 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142352&action=edit Bug 30588: Add missing include file Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141987|0 |1 is obsolete| | --- Comment #69 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142353 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142353&action=edit Bug 30588: (QA follow-up) Typos in sysprefs.sql The codebase uses disabled and enforced which is imo better too. So we need to fix this sql file. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141988|0 |1 is obsolete| | --- Comment #70 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142354 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142354&action=edit Bug 30588: (QA follow-up) Missing shebang in TwoFactorAuth.t Test plan: Try t/db_dependent/Koha/Auth/TwoFactorAuth.t on cmd line. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141989|0 |1 is obsolete| | --- Comment #71 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142355 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142355&action=edit Bug 30588: (QA follow-up) Remove erroneous FIXME Comment speaks for itself. Look at surrounding code. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141990|0 |1 is obsolete| | --- Comment #72 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142356 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142356&action=edit Bug 30588: (QA follow-up) Auth - remove two warns and second logout Resolves: Use of uninitialized value $request_method in string eq at /usr/share/koha/C4/Auth.pm line 1122. Use of uninitialized value $return in numeric gt (>) at /usr/share/koha/C4/Auth.pm line 1155. We also remove the double logout from Auth.t Test plan: Run t/db_dependent/Auth.t Check if you do not see the warns anymore. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141991|0 |1 is obsolete| | --- Comment #73 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142357 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142357&action=edit Bug 30588: (QA follow-up) Adjust flags for two_factor_auth.pl Anyone with staff access (catalogue) should be able to go to account and enable 2FA. Test plan: Have a staff user with minimum staff permission. Access account, manage 2FA. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #141992|0 |1 is obsolete| | --- Comment #74 from Nick Clemens <nick@bywatersolutions.com> --- Created attachment 142358 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=142358&action=edit Bug 30588: (QA follow-up) Clear waiting-for-2FA-setup in session If we do not clear this session, the first login directly after setup does not really enhances user experience ;) Test plan: Make sure 2FA is enforced. Test the above. Disable your 2FA, logout and login. Verify that you can access pages with this patch now. Without this patch you could not. Run these tests to provide more confidence: t/db_dependent/Auth.t t/db_dependent/api/v1/two_factor_auth.t t/db_dependent/Koha/Auth/TwoFactorAuth.t Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nick@bywatersolutions.com --- Comment #75 from Nick Clemens <nick@bywatersolutions.com> --- This all works nicely, minor requests: When a user is configuring 2FA and it is enforced, it would be nice to have a message telling them they must set this up - yes, it doesn't let you in without, but still nice to say so I wondered at first why a user can disable 2FA when it is enforced, but I suppose it is so they can setup a new authentication method? It should also state when enforced on this page, so the user knows they cannot truly disable Neither blockers, moving forward for RM review -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |nick@bywatersolutions.com |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |31912 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31912 [Bug 31912] When enforcing 2FA we should alert the user -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |22.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 --- Comment #76 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Pushed to master for 22.11. Nice work everyone, thanks! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |new feature -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |release-notes-needed -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |32010 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32010 [Bug 32010] selenium/authentication_2fa.t is failing randomly -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |32066 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32066 [Bug 32066] User can get stuck on login screen -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Text to go in the| |This adds a third option release notes| |'enforce' to the | |TwoFactorAuthentication | |system preference. If | |chosen, staff will no | |longer be able to log into | |the staff client without | |setting up and using | |2-factor authentication. Keywords|release-notes-needed | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Jonathan Druart <jonathan.druart+koha@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |32376 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32376 [Bug 32376] selenium/authentication_2fa.t produces artefact -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Nick Clemens <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kelly@bywatersolutions.com --- Comment #77 from Nick Clemens <nick@bywatersolutions.com> --- *** Bug 32404 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Lucas Gass <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lucas@bywatersolutions.com Resolution|--- |FIXED Status|Pushed to master |RESOLVED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Bug 30588 depends on bug 31244, which changed state. Bug 31244 Summary: Logout when not logged in raise a 500 https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=31244 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30588 Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |caroline.cyr-la-rose@inlibr | |o.com Documentation| |Caroline Cyr La Rose contact| | Documentation| |https://gitlab.com/koha-com submission| |munity/koha-manual/-/merge_ | |requests/667 -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org