[koha-commits] main Koha release repository branch master updated. v16.11.00-1082-gb8b5989

Git repo owner gitmaster at git.koha-community.org
Fri May 12 17:00:36 CEST 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  b8b59892920935adb817167bc49631bcdcc3c023 (commit)
       via  1f77e2aa35a9e865840da090291214b5dc08340a (commit)
       via  70dac3513698aaa7ff20f2ba121a9f650045b171 (commit)
       via  a5e84d45c07a62d682c25251d2f3fcc9577c6d97 (commit)
       via  f4dd6fb0a239e13b35d3af03473b05766f2b96f4 (commit)
       via  4ce41be3dfc303a999ab28e10b1e051aa36fc0e4 (commit)
       via  cfc484b173120dfe14616424c1ec279bb74cf2a9 (commit)
       via  1e9f3e721d839270a682fdc842f9d3f217200e60 (commit)
      from  e7a197a5e80af89f01fbfd15f8daeb8fa2fd7e03 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b8b59892920935adb817167bc49631bcdcc3c023
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date:   Tue May 9 21:25:46 2017 +0000

    Bug 18314 - DBRev 16.12.00.037
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 1f77e2aa35a9e865840da090291214b5dc08340a
Author: Nick Clemens <nick at bywatersolutions.com>
Date:   Fri Apr 28 16:48:30 2017 -0400

    Bug 18314 (QA Followup) Use OpacBaseURL for password reset link
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 70dac3513698aaa7ff20f2ba121a9f650045b171
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Apr 28 17:15:40 2017 -0300

    Bug 18314: Add link to 'reset your password' from staff
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit a5e84d45c07a62d682c25251d2f3fcc9577c6d97
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Fri Apr 28 17:14:53 2017 -0300

    Bug 18314: Fix reset number of login attempts on login success
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit f4dd6fb0a239e13b35d3af03473b05766f2b96f4
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 21 21:18:17 2017 -0300

    Bug 18314: Add tests
    
    Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 4ce41be3dfc303a999ab28e10b1e051aa36fc0e4
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 21 21:18:10 2017 -0300

    Bug 18314: Resetting the password removes the lock
    
    When a password is changed (updated by a staff member or using the
    "recover password via email" feature, the counter/flag needs to be
    reset.
    
    Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit cfc484b173120dfe14616424c1ec279bb74cf2a9
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 21 18:48:41 2017 -0300

    Bug 18314: Account lockout
    
    To prevent brute force attacks on Koha accounts, staff and opac, we need to
    implement an account lockout process to Koha.
    
    After a number of failed login attempts a users account would become locked.
    The user would then need to use the reset password functionality to send a reset
    token to their email account. After a successful password reset the lockout flag
    would be removed.
    
    The number of failed login attempts before lockout is configurable using a new
    system preference 'FailedLoginAttempts'.
    
    How does it work?
    When a patron enter an invalid password, the borrowers.login_attempts value
    for this patron is incremented. When this value reach the value of the
    pref FailedLoginAttempts, the password comparison is not done and the
    authentication is rejected.
    This login_attempts field is reset when a patron correctly logs in. When
    the account is locked the patron has to reset his/her password using
    the OpacResetPassword feature or ask a staff member to generate a new
    password.
    If the pref is not set (0, or '') the feature is considered as disabled,
    but the failed login attempts are stored anyway.
    
    Test plan:
    0/ Apply patch and execute the update DB entry
    1/ Switch on the feature by setting FailedLoginAttempts to 3
    2/ Use an invalid password to login at the staff or OPAC interface
    3/ After the third consecutive failures, you will be asked to reset your
    password if OpacResetPassword is set, or contact a staff member
    4/ Switch on OpacResetPassword and reset your password
    5/ Confirm that you are able to login
    6/ Play with the different combinations
    
    QA details: The trick happens in C4::Auth::checkpw, to make things clear
    I had to create a return value (note the awesome name: @return) and
    replace the 3 successives if statements with elsif. Indeed if one of
    the condition is reached, it will return inside the given block.
    
    Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

commit 1e9f3e721d839270a682fdc842f9d3f217200e60
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date:   Tue Mar 21 17:20:00 2017 -0300

    Bug 18314: Add pref FailedLoginAttempts and columns borrowers.login_attempts
    
    And of course deletedborrowers.login_attempts
    
    Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
    
    Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
    
    Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm                                         |   50 +++++++++++++++-----
 Koha.pm                                            |    2 +-
 Koha/Patron.pm                                     |   25 +++++++++-
 Koha/Schema/Result/Borrower.pm                     |   12 ++++-
 Koha/Schema/Result/Deletedborrower.pm              |   12 ++++-
 installer/data/mysql/kohastructure.sql             |    2 +
 installer/data/mysql/sysprefs.sql                  |    1 +
 installer/data/mysql/updatedatabase.pl             |   20 ++++++++
 .../prog/en/modules/admin/preferences/patrons.pref |    5 ++
 koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt    |   11 ++++-
 .../opac-tmpl/bootstrap/en/modules/opac-auth.tt    |   12 ++++-
 t/db_dependent/Koha/Patrons.t                      |   22 ++++++++-
 12 files changed, 153 insertions(+), 21 deletions(-)


hooks/post-receive
-- 
main Koha release repository

More information about the koha-commits mailing list