[Bug 18755] New: Allow empty password fields in Patron Info requests

classic Classic list List threaded Threaded
21 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] New: Allow empty password fields in Patron Info requests

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

            Bug ID: 18755
           Summary: Allow empty password fields in Patron Info requests
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: SIP2
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email]

Bug 16610 changed the behaviour of patron info requests and responses -
previously if the password field was empty in the request, we returned password
ok. Many sip clients assume that passing an empty pwd field means "I'm not
validating a password - I just want to know patron is valid" and are failing
because of the change in behaviour.

As both scenarios are valid I suggest adding a parameter to the sip config to
allow empty password fields to be treated as previously. To my knowledge this
is only an issue in the patron info response.

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Colin Campbell <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|enhancement                 |minor
  Text to go in the|                            |Some SIP devices expect an
      release notes|                            |empty password field in a
                   |                            |patron info request to be
                   |                            |accepted as OK by the
                   |                            |server. Since patch for bug
                   |                            |16610 was applied this is
                   |                            |not the case. This
                   |                            |reinstates the old
                   |                            |behaviour for sip logins
                   |                            |with the parameter
                   |                            |allow_empty_passwords="1"
   Patch complexity|---                         |Trivial patch

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Colin Campbell <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |Needs Signoff
           Assignee|[hidden email]-commun |colin.campbell@ptfs-europe.
                   |ity.org                     |com

--- Comment #1 from Colin Campbell <[hidden email]> ---
Created attachment 64101
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64101&action=edit
Patch enabling the option

To test send a patron info request with the patron password field (AD)
containing no characters. Default returns CQ = N and 'Invalid password' in the
screen message. Alter config file to add allow_empty_passwords="1" to the
appropriate login parameters in accounts. Restart the sipserver to reread the
config and repeat the request CQ is now returned as "Y" and the screen message
does not report the password as invalid

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

M. Tompsett <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #2 from M. Tompsett <[hidden email]> ---
I figured the test added should fail under master, so:
git bz apply 18755
git checkout origin/master -- C4/SIP/Sip/MsgType.pm
prove t/db_dependent/SIP/Message.t
-- fails as expected
git reset --hard origin/master
git bz apply 18755
prove t/db_dependent/SIP/Message.t
-- passes as expected.

This change is fully tested by the test that is added, so I'm going to sign
off.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

M. Tompsett <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Signed Off

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

M. Tompsett <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #64101|0                           |1
        is obsolete|                            |

--- Comment #3 from M. Tompsett <[hidden email]> ---
Created attachment 64762
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64762&action=edit
Bug 18755 Allow empty passwords in Patron Info to return OK

With this patch a parameter 'allow_empty_passwords="1" can be added to a
login in the SIP configuration file to allow the behaviour as was normal
before the patch for bug 16610 was applied. Some sip clients rely on
this behaviour sending an empty password field when they wish to
validate to user but do not have the password.
If a password is supplied it will be validated

A test has been added to Message.t to confirm this behaviour

Signed-off-by: Mark Tompsett <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugs.koha-community
                   |                            |.org/bugzilla3/show_bug.cgi
                   |                            |?id=16610

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

--- Comment #4 from Marcel de Rooy <[hidden email]> ---
Colin: What about Patron Status now?

If you provide no AD field, Patron Status responds with a CQN (without Invalid
password). Should it return a CQ?
Same for empty AD; receive CQN. Should the new option change behavior here?

Note:
Patron Info without AD does not return a CQ. (Should it?)
And an empty AD with allow_e_p returns a CQY.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

--- Comment #5 from Colin Campbell <[hidden email]> ---
(In reply to Marcel de Rooy from comment #4)

> Colin: What about Patron Status now?
>
> If you provide no AD field, Patron Status responds with a CQN (without
> Invalid
> password). Should it return a CQ?
> Same for empty AD; receive CQN. Should the new option change behavior here?
>
> Note:
> Patron Info without AD does not return a CQ. (Should it?)
> And an empty AD with allow_e_p returns a CQY.

Patron status is a bit odd the CQ is like patron info in being an optional
field, but unlike patron info the AD password field is a required field so I
assume that a missing AD should provoke an invalid password in return.
basically the behaviour has remained unchanged. In practice I cant recall
seeing any kind of unit that uses patron status, I think when sip 2 was
released patron info effectively superceded it. So I think we should leave
functionality as is, just in case anything relies on the current behaviour. ( I
tested on a very old sip software before any of the patches affecting patron
info to confirm that behaviour hadnt been inadvertantly changed by other
patches)

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Signed Off                  |Passed QA

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #64762|0                           |1
        is obsolete|                            |

--- Comment #6 from Marcel de Rooy <[hidden email]> ---
Created attachment 64797
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=64797&action=edit
Bug 18755: Allow empty passwords in Patron Info to return OK

With this patch a parameter 'allow_empty_passwords="1" can be added to a
login in the SIP configuration file to allow the behaviour as was normal
before the patch for bug 16610 was applied. Some sip clients rely on
this behaviour sending an empty password field when they wish to
validate to user but do not have the password.
If a password is supplied it will be validated

A test has been added to Message.t to confirm this behaviour

Signed-off-by: Mark Tompsett <[hidden email]>
Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         QA Contact|[hidden email]-communit |[hidden email]
                   |y.org                       |

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

--- Comment #7 from Marcel de Rooy <[hidden email]> ---
(In reply to Colin Campbell from comment #5)

> (In reply to Marcel de Rooy from comment #4)
> Patron status is a bit odd the CQ is like patron info in being an optional
> field, but unlike patron info the AD password field is a required field so I
> assume that a missing AD should provoke an invalid password in return.
> basically the behaviour has remained unchanged. In practice I cant recall
> seeing any kind of unit that uses patron status, I think when sip 2 was
> released patron info effectively superceded it. So I think we should leave
> functionality as is, just in case anything relies on the current behaviour.
> ( I tested on a very old sip software before any of the patches affecting
> patron info to confirm that behaviour hadnt been inadvertantly changed by
> other patches)

Clear enough. Thanks.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Katrin Fischer <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #8 from Katrin Fischer <[hidden email]> ---
> With this patch a parameter 'allow_empty_passwords="1" can be added...

Can we document these kinds of parameters somewhere? Maybe in the example file?
I am worried that these kind of features will remain mostly unknown if there
are not more clues.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

--- Comment #9 from Colin Campbell <[hidden email]> ---
(In reply to Katrin Fischer from comment #8)
> > With this patch a parameter 'allow_empty_passwords="1" can be added...
>
> Can we document these kinds of parameters somewhere? Maybe in the example
> file? I am worried that these kind of features will remain mostly unknown if
> there are not more clues.

I wonder if we need to rethink the way SIP configuration is held. I'm not sure
that adding options to an xml file is very accessible to many users.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

--- Comment #10 from Katrin Fischer <[hidden email]> ---
I agree, but that's probably a bigger issue. I am not sure how granular it is,
but I think possibly it should be as granular as per 'sip2 using unit'?
Having a commented example file might be quicker to achieve for now and helpful
for moving things later.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Passed QA                   |Pushed to Master

--- Comment #11 from Jonathan Druart <[hidden email]> ---
Pushed to master for 17.11, thanks to everybody involved!

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Fridolin SOMERS <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]
                   |                            |m
             Status|Pushed to Master            |Pushed to Stable

--- Comment #12 from Fridolin SOMERS <[hidden email]> ---
Pushed to 17.05.x, will be in 17.05.02

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

Katrin Fischer <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |18943


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18943
[Bug 18943] Add documentation of new SIP configuration parameter
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18755] Allow empty password fields in Patron Info requests

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18755

--- Comment #13 from Katrin Fischer <[hidden email]> ---
I've filed bug 18943 about the missing documentation.

This patch has been pushed to 16.11.x and will be in 16.11.10.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Loading...