[koha-commits] main Koha release repository branch master updated. v16.11.00-1082-gb8b5989
Git repo owner
gitmaster at git.koha-community.org
Fri May 12 17:00:36 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".
The branch, master has been updated
via b8b59892920935adb817167bc49631bcdcc3c023 (commit)
via 1f77e2aa35a9e865840da090291214b5dc08340a (commit)
via 70dac3513698aaa7ff20f2ba121a9f650045b171 (commit)
via a5e84d45c07a62d682c25251d2f3fcc9577c6d97 (commit)
via f4dd6fb0a239e13b35d3af03473b05766f2b96f4 (commit)
via 4ce41be3dfc303a999ab28e10b1e051aa36fc0e4 (commit)
via cfc484b173120dfe14616424c1ec279bb74cf2a9 (commit)
via 1e9f3e721d839270a682fdc842f9d3f217200e60 (commit)
from e7a197a5e80af89f01fbfd15f8daeb8fa2fd7e03 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b8b59892920935adb817167bc49631bcdcc3c023
Author: Kyle M Hall <kyle at bywatersolutions.com>
Date: Tue May 9 21:25:46 2017 +0000
Bug 18314 - DBRev 16.12.00.037
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 1f77e2aa35a9e865840da090291214b5dc08340a
Author: Nick Clemens <nick at bywatersolutions.com>
Date: Fri Apr 28 16:48:30 2017 -0400
Bug 18314 (QA Followup) Use OpacBaseURL for password reset link
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 70dac3513698aaa7ff20f2ba121a9f650045b171
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Apr 28 17:15:40 2017 -0300
Bug 18314: Add link to 'reset your password' from staff
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit a5e84d45c07a62d682c25251d2f3fcc9577c6d97
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Fri Apr 28 17:14:53 2017 -0300
Bug 18314: Fix reset number of login attempts on login success
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit f4dd6fb0a239e13b35d3af03473b05766f2b96f4
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Mar 21 21:18:17 2017 -0300
Bug 18314: Add tests
Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 4ce41be3dfc303a999ab28e10b1e051aa36fc0e4
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Mar 21 21:18:10 2017 -0300
Bug 18314: Resetting the password removes the lock
When a password is changed (updated by a staff member or using the
"recover password via email" feature, the counter/flag needs to be
reset.
Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit cfc484b173120dfe14616424c1ec279bb74cf2a9
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Mar 21 18:48:41 2017 -0300
Bug 18314: Account lockout
To prevent brute force attacks on Koha accounts, staff and opac, we need to
implement an account lockout process to Koha.
After a number of failed login attempts a users account would become locked.
The user would then need to use the reset password functionality to send a reset
token to their email account. After a successful password reset the lockout flag
would be removed.
The number of failed login attempts before lockout is configurable using a new
system preference 'FailedLoginAttempts'.
How does it work?
When a patron enter an invalid password, the borrowers.login_attempts value
for this patron is incremented. When this value reach the value of the
pref FailedLoginAttempts, the password comparison is not done and the
authentication is rejected.
This login_attempts field is reset when a patron correctly logs in. When
the account is locked the patron has to reset his/her password using
the OpacResetPassword feature or ask a staff member to generate a new
password.
If the pref is not set (0, or '') the feature is considered as disabled,
but the failed login attempts are stored anyway.
Test plan:
0/ Apply patch and execute the update DB entry
1/ Switch on the feature by setting FailedLoginAttempts to 3
2/ Use an invalid password to login at the staff or OPAC interface
3/ After the third consecutive failures, you will be asked to reset your
password if OpacResetPassword is set, or contact a staff member
4/ Switch on OpacResetPassword and reset your password
5/ Confirm that you are able to login
6/ Play with the different combinations
QA details: The trick happens in C4::Auth::checkpw, to make things clear
I had to create a return value (note the awesome name: @return) and
replace the 3 successives if statements with elsif. Indeed if one of
the condition is reached, it will return inside the given block.
Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
commit 1e9f3e721d839270a682fdc842f9d3f217200e60
Author: Jonathan Druart <jonathan.druart at bugs.koha-community.org>
Date: Tue Mar 21 17:20:00 2017 -0300
Bug 18314: Add pref FailedLoginAttempts and columns borrowers.login_attempts
And of course deletedborrowers.login_attempts
Signed-off-by: Jonathan Field <jonathan.field at ptfs-europe.com>
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com>
-----------------------------------------------------------------------
Summary of changes:
C4/Auth.pm | 50 +++++++++++++++-----
Koha.pm | 2 +-
Koha/Patron.pm | 25 +++++++++-
Koha/Schema/Result/Borrower.pm | 12 ++++-
Koha/Schema/Result/Deletedborrower.pm | 12 ++++-
installer/data/mysql/kohastructure.sql | 2 +
installer/data/mysql/sysprefs.sql | 1 +
installer/data/mysql/updatedatabase.pl | 20 ++++++++
.../prog/en/modules/admin/preferences/patrons.pref | 5 ++
koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt | 11 ++++-
.../opac-tmpl/bootstrap/en/modules/opac-auth.tt | 12 ++++-
t/db_dependent/Koha/Patrons.t | 22 ++++++++-
12 files changed, 153 insertions(+), 21 deletions(-)
hooks/post-receive
--
main Koha release repository
More information about the koha-commits
mailing list