[koha-commits] main Koha release repository branch 3.16.x updated. v3.16.00-40-gc9be46f

Git repo owner gitmaster at git.koha-community.org
Tue Jun 24 17:06:46 CEST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, 3.16.x has been updated
       via  c9be46f14726e962905263ad531fab1f0d73b1e8 (commit)
       via  ad0b6cbd3b6aec7bb7782a3f294c4b482dbca434 (commit)
      from  7ef04729902ba7e1fb5e64367b1d473de41b7726 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c9be46f14726e962905263ad531fab1f0d73b1e8
Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com>
Date:   Mon Jun 16 13:42:26 2014 -0300

    Bug 12226 - A user with the database username/userid can access staff with full permissions
    
    This patch implements 2 suggestions on comment #3
    
    - Prevents creation of a new user with same userid
    of database user
    
    - When checking password, if userid matches database user,
    only check against pass on config file
    
    To test:
    1. Create a new user with same login as database user
    any password different from real db user
    2. Check that you can login on staff using this user/pass
    and you are superlibrarian
    
    3. Apply the patch
    
    4. Login again using new pass, it must fail
    5. Login again using db pass, you are now superuser,
    but system does not warn you :( No problem, that's
    for having one borrower with that login
    6. Delete user with same login as db user
    7. Try to create one again as in 1, system must return
    an error of duplicate login!
    
    8. Check for no regressions on user/pass authentication
    
    Resubmited, has an error
    
    Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
    Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de>
    Passes all tests and QA script.
    This works nicely and as described.
    Also editing the former 'superuser' will force you to
    change the userid in order to save any other change.
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

commit ad0b6cbd3b6aec7bb7782a3f294c4b482dbca434
Author: Tomas Cohen Arazi <tomascohen at gmail.com>
Date:   Fri Jun 20 21:06:08 2014 -0300

    Bug 12226: (regression tests) Check_Userid should always consider the DB user not unique
    
    Some improvements on t/db_dependent/Members.t and specifically regression
    tests for bug 12226
    
    Regards
    To+
    
    Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com>
    Signed-off-by: Galen Charlton <gmc at esilibrary.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm               |   19 +++++++++------
 C4/Members.pm            |    3 ++-
 t/db_dependent/Members.t |   61 ++++++++++++++++++++++++++++++++++++++++------
 3 files changed, 67 insertions(+), 16 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list