[Bug 22253] New: Koha throws an exception when updating a borrower with an insecure password

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] New: Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

            Bug ID: 22253
           Summary: Koha throws an exception when updating a borrower with
                    an insecure password
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: Patrons
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email], [hidden email]
  Target Milestone: ---

To recreate:
1 - Set RequireStrongPassword to 'Don't require'
2 - Have or set a patron with a simple password like 'oops'
3 - Set RequireStrongPassword to 'Require'
4 - Attempt to edit another part of that patron's record (from the full edit
page)
5 - Koha throws an exception

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Nick Clemens <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|[hidden email]-commun |[hidden email]
                   |ity.org                     |

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Tomás Cohen Arazi <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |Needs Signoff
   Patch complexity|---                         |Trivial patch

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

--- Comment #1 from Tomás Cohen Arazi <[hidden email]> ---
Created attachment 84594
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84594&action=edit
Bug 22253: Check we actually need to update the password

This patch makes memberentry.pl check if password needs to be updated
before attempting to call set_password. Above this there's a check that
won't raise any errors if no password is passed, or the default string (****)
is received.

So we could reach that line of code with no password, but the code
wouldn't check that.

To test:
- In master, edit any patron without changing the password
=> FAIL: It raises an exception
- Apply this patch
- Edit the patron withtout changing the password
=> SUCCESS: Edit successful
- Edit the patron, changing the password
- Try to login with the new password
=> SUCCESS: The password got changed correctly
- Sigh off :-D

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Tomás Cohen Arazi <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email],
                   |                            |[hidden email],
                   |                            |martin.renvoize@ptfs-europe
                   |                            |.com

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Tomás Cohen Arazi <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |19.05

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Owen Leonard <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Signed Off

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Owen Leonard <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #84594|0                           |1
        is obsolete|                            |

--- Comment #2 from Owen Leonard <[hidden email]> ---
Created attachment 84640
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84640&action=edit
Bug 22253: Check we actually need to update the password

This patch makes memberentry.pl check if password needs to be updated
before attempting to call set_password. Above this there's a check that
won't raise any errors if no password is passed, or the default string (****)
is received.

So we could reach that line of code with no password, but the code
wouldn't check that.

To test:
- In master, edit any patron without changing the password
=> FAIL: It raises an exception
- Apply this patch
- Edit the patron withtout changing the password
=> SUCCESS: Edit successful
- Edit the patron, changing the password
- Try to login with the new password
=> SUCCESS: The password got changed correctly
- Sigh off :-D

Signed-off-by: Owen Leonard <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Josef Moravec <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Signed Off                  |Passed QA

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Josef Moravec <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #84640|0                           |1
        is obsolete|                            |

--- Comment #3 from Josef Moravec <[hidden email]> ---
Created attachment 84657
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=84657&action=edit
Bug 22253: Check we actually need to update the password

This patch makes memberentry.pl check if password needs to be updated
before attempting to call set_password. Above this there's a check that
won't raise any errors if no password is passed, or the default string (****)
is received.

So we could reach that line of code with no password, but the code
wouldn't check that.

To test:
- In master, edit any patron without changing the password
=> FAIL: It raises an exception
- Apply this patch
- Edit the patron withtout changing the password
=> SUCCESS: Edit successful
- Edit the patron, changing the password
- Try to login with the new password
=> SUCCESS: The password got changed correctly
- Sigh off :-D

Signed-off-by: Owen Leonard <[hidden email]>

Signed-off-by: Josef Moravec <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Josef Moravec <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         QA Contact|[hidden email]-communit |[hidden email]
                   |y.org                       |

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Nick Clemens <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Passed QA                   |Pushed to Master

--- Comment #4 from Nick Clemens <[hidden email]> ---
Awesome work all!

Pushed to master for 19.05

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 22253] Koha throws an exception when updating a borrower with an insecure password

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22253

Martin Renvoize <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Pushed to Master            |RESOLVED
         Resolution|---                         |FIXED

--- Comment #5 from Martin Renvoize <[hidden email]> ---
Bug not in 18.11.x series.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/