[koha-commits] main Koha release repository branch 3.16.x updated. v3.16.00-40-gc9be46f
Git repo owner
gitmaster at git.koha-community.org
Tue Jun 24 17:06:46 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, 3.16.x has been updated
via c9be46f14726e962905263ad531fab1f0d73b1e8 (commit)
via ad0b6cbd3b6aec7bb7782a3f294c4b482dbca434 (commit)
from 7ef04729902ba7e1fb5e64367b1d473de41b7726 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c9be46f14726e962905263ad531fab1f0d73b1e8
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date: Mon Jun 16 13:42:26 2014 -0300
Bug 12226 - A user with the database username/userid can access staff with full permissions
This patch implements 2 suggestions on comment #3
- Prevents creation of a new user with same userid
of database user
- When checking password, if userid matches database user,
only check against pass on config file
To test:
1. Create a new user with same login as database user
any password different from real db user
2. Check that you can login on staff using this user/pass
and you are superlibrarian
3. Apply the patch
4. Login again using new pass, it must fail
5. Login again using db pass, you are now superuser,
but system does not warn you :( No problem, that's
for having one borrower with that login
6. Delete user with same login as db user
7. Try to create one again as in 1, system must return
an error of duplicate login!
8. Check for no regressions on user/pass authentication
Resubmited, has an error
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
Passes all tests and QA script.
This works nicely and as described.
Also editing the former 'superuser' will force you to
change the userid in order to save any other change.
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
commit ad0b6cbd3b6aec7bb7782a3f294c4b482dbca434
Author: Tomas Cohen Arazi <tomascohen at gmail.com>
Date: Fri Jun 20 21:06:08 2014 -0300
Bug 12226: (regression tests) Check_Userid should always consider the DB user not unique
Some improvements on t/db_dependent/Members.t and specifically regression
tests for bug 12226
Regards
To+
Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Auth.pm | 19 +++++++++------
C4/Members.pm | 3 ++-
t/db_dependent/Members.t | 61 ++++++++++++++++++++++++++++++++++++++++------
3 files changed, 67 insertions(+), 16 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list