[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon Oct 17 13:30:36 CEST 2016 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Magnus Enger <magnus at libriotech.no> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #56442|0                           |1
        is obsolete|                            |

--- Comment #7 from Magnus Enger <magnus at libriotech.no> ---
Created attachment 56579
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56579&action=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

Signed-off-by: Magnus Enger <magnus at libriotech.no>
Took me a while to remember I was on a gitified setup and needed to do
sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm
before I could test properly. Works as expected. I have a Swedish customer
running a similar hack in production, so looking forward to getting this
into Koha proper.

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list