[koha-commits] main Koha release repository branch master updated. v3.12.00-beta1-1210-gbdec967
Git repo owner
gitmaster at git.koha-community.org
Fri Oct 4 02:03:54 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via bdec9673bf2cafcbdd8a6edcef4f085fcdd68071 (commit)
via d17bdf26dda4aaa7cbde2951fc373df871ac74a8 (commit)
via 419af5db00c31eb93f915b9cebdd06e5ca4775ca (commit)
via e23e8166f19128e8cfe16a631ddee6ea0c59187c (commit)
via 4159e55a1a01bb1407a9dc3220676021f24eda67 (commit)
via 12643aa745e3d7a49c4a42e3e5fed4e6910e12a2 (commit)
via 328a285575e0c6069665439cd7ab16142984fac6 (commit)
via 7d5cf5b7e925a1e376d530f86a79673d892ac7df (commit)
via 4be177c1aebe852a77efff451875c083092312c8 (commit)
via 2e390f09f7960040f080645183630c3c99c5c564 (commit)
via f2162a86b06c3338cde69b5a8ccf393c724c1e78 (commit)
from 88936cb5245b854d5396d5bca0a9719a9a9bd1cc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bdec9673bf2cafcbdd8a6edcef4f085fcdd68071
Author: Galen Charlton <gmc at esilibrary.com>
Date: Thu Oct 3 23:41:17 2013 +0000
Bug 9611: (follow-up) add libcrypt-eksblowfish-perl to debian/control
(Not strictly necessary, but since we haven't removed
debian/control yet...)
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit d17bdf26dda4aaa7cbde2951fc373df871ac74a8
Author: Galen Charlton <gmc at esilibrary.com>
Date: Thu Oct 3 22:31:45 2013 +0000
Bug 9611: DBRev 3.13.00.023
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 419af5db00c31eb93f915b9cebdd06e5ca4775ca
Author: Galen Charlton <gmc at esilibrary.com>
Date: Thu Oct 3 22:24:04 2013 +0000
bug 9611: (follow-up) add reference to Crypt::Eksblowfish::Bcrypt in POD
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit e23e8166f19128e8cfe16a631ddee6ea0c59187c
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date: Sat Sep 28 20:45:04 2013 -0300
Bug 9611: (follow-up) fix POD
Small patch to make koha-qa happy.
Fixes small POD error
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 4159e55a1a01bb1407a9dc3220676021f24eda67
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date: Sun Feb 17 08:22:07 2013 +1300
Bug 9611: Database update, changing password from varchar(30) to varchar(60)
This is necessary because Bcrypt hashes are longer than MD5 hashes.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Mason James <mtj at kohaaloha.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 12643aa745e3d7a49c4a42e3e5fed4e6910e12a2
Author: Srdjan <srdjan at catalyst.net.nz>
Date: Mon Aug 26 17:01:20 2013 +1200
bug 9611: use checkpw_hash() instead of md5 hash for SIP2 logins
Test:
* SIP: Have an old user and create a new user
- use either tenet sip test or
C4/SIP/interactive_patron_check_password.pl to check old
userid/password
- do the same for the new user
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Work as described
Test
1) using perl C4/SIP/interactive_patron_check_password.pl
can check current (short) and new (long) passwords
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 328a285575e0c6069665439cd7ab16142984fac6
Author: Srdjan <srdjan at catalyst.net.nz>
Date: Fri Aug 23 20:02:53 2013 +1200
bug 9611: use hash_password() and checkpw_* for LDAP logins instead of md5 hash
Test:
* LDAP:
- Turn on LDAP auth in koha-config.xml. Set "update" in your server config to 1
- Change user's password on LDAP
- Login to Koha using LDAP - Koha password should be updated, to check
- Turn off LDAP auth in koha-config.xml
- You should be ble to log in with the new password
I do not have a LDAP facility, so I cheated. I ran
perl -e 'use C4::Auth_with_ldap; C4::Auth_with_ldap::_do_changepassword("srdjan", 1000022259, "srdjan");'
and was able to change the password.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Work as described.
Test
1) change <useldapserver> to 1
2) copy/paste sample <ldapserver> config from perldoc C4/Auth_with_ldap
3) using sample script was able to change password,
use (userid, borrowernumber, newpass) as arguments
4) checked with OPAC and in database
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 7d5cf5b7e925a1e376d530f86a79673d892ac7df
Author: Srdjan <srdjan at catalyst.net.nz>
Date: Mon Aug 26 17:05:07 2013 +1200
bug 9611: (follow-up) remove md5_base64 from imports - not used
RM note: Digest::MD5 is used in C4::ImportExportFramework as part
of an unnecessary reimplementation of functionality supplied by
File::Temp. See bug 10991 for a proposal to remove it.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 4be177c1aebe852a77efff451875c083092312c8
Author: Srdjan <srdjan at catalyst.net.nz>
Date: Mon Aug 26 16:29:10 2013 +1200
bug 9611: Extract checkpw_internal() and checkpw_hash() from checkpw()
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit 2e390f09f7960040f080645183630c3c99c5c564
Author: Chris Cormack <chris at bigballofwax.co.nz>
Date: Sun Feb 17 08:32:46 2013 +1300
Bug 9611: add Crypt::Eksblowfish::Bcrypt to list of Perl dependencies
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Mason James <mtj at kohaaloha.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit f2162a86b06c3338cde69b5a8ccf393c724c1e78
Author: Srikanth Dhondi <srikanth at catalyst.net.nz>
Date: Wed Feb 13 14:40:02 2013 +1300
Bug 9611: Change the password hashing algorithm from MD5 to Bcrypt
What this patch aims to accomplish?
* All new passwords are stored as Bcrypt-hashes
* For password verification:
- If the user was created before this patch was applied then use
MD5 to hash the entered password <-- backwards compatibility
- If the user was created after this patch was applied then use
Bcrypt to hash the entered password
* Any password change made via the staff interface or the OPAC will
be automatically Bcrypt-hashed; this applies to old users whose
passwords were stored as MD5 hashes previously
Test plan:
1) Add new users and check whether their passwords are stored as
Bcrypt hashes or not.
2) To test that authentication works for both old as well as new
users:
a) Login as an existing user whose password is stored as a
MD5 hash
b) Login as an existing user whose password is stored as a
Bcrypt hash
3) In the staff interface, change the password of an existing user
whose password is stored as an MD5 hash
a) Check the new password is stored as a Bcrypt-hash in the database
b) Try to login with the new password
4) In the OPAC, verify that
a) Old user with old pass can change password, new format
b) New user with new pass can change password
c) Old and new user with self-updated pass can login
Whitespace cleanup was contributed by Bernardo Gonzalez Kriegel.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Signed-off-by: Mason James <mtj at kohaaloha.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Auth.pm | 132 +++++++++++++++++++++++++++++---
C4/Auth_with_ldap.pm | 64 ++++++++--------
C4/ImportExportFramework.pm | 2 +-
C4/Installer/PerlDependencies.pm | 5 ++
C4/Members.pm | 35 ++-------
C4/SIP/ILS/Patron.pm | 14 ++--
debian/control | 1 +
installer/data/mysql/kohastructure.sql | 2 +-
installer/data/mysql/updatedatabase.pl | 7 ++
kohaversion.pl | 2 +-
members/member-password.pl | 2 +-
opac/opac-passwd.pl | 13 +++-
12 files changed, 195 insertions(+), 84 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list