main Koha release repository branch master updated. v17.05.00-839-g9416fdc

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

main Koha release repository branch master updated. v17.05.00-839-g9416fdc

Git repo owner
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "main Koha release repository".

The branch, master has been updated
       via  9416fdca36f98860fca285dcb77835a0d702f401 (commit)
       via  9136c3dbf89aa824dcc7e848dcf2c7aeb41235f8 (commit)
       via  3f9da34683d7f87570e73b5c401a1a0e4a8604ac (commit)
       via  f2a1b215dd27c6cb9ed1b45a0613886843c6ba7d (commit)
       via  ec4e666bc52b20089f3720d2e2d523fbdcfcf2eb (commit)
       via  ac50959dcf99739007907e8549ca22cdd0b97532 (commit)
       via  7cc65af6ffdabbabe7ae3463f51096de375216ad (commit)
       via  558a809144560198c7febac4998f49c56c45c844 (commit)
       via  a93fef4c71d405fb7548e7d2601320ed0512d27c (commit)
       via  e7a805691fdae884e6782c29e096ba2d476ef688 (commit)
      from  a82d54d4b4f5eb7aa7d45afc13dac0a80c86f9ce (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 9416fdca36f98860fca285dcb77835a0d702f401
Author: Jonathan Druart <[hidden email]>
Date:   Mon Oct 16 09:57:26 2017 -0300

    Bug 18298: DBRev 17.06.00.016
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit 9136c3dbf89aa824dcc7e848dcf2c7aeb41235f8
Author: Tomas Cohen Arazi <[hidden email]>
Date:   Fri Oct 13 16:42:03 2017 -0300

    Bug 18298: (QA followup) Use Koha.Preference on the template
   
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit 3f9da34683d7f87570e73b5c401a1a0e4a8604ac
Author: Jonathan Druart <[hidden email]>
Date:   Thu Mar 16 23:03:20 2017 -0300

    Bug 18298: Add server-side checks and refactor stuffs
   
    Now that we have a check client-side, nothing prevents us from a smart guy to
    bypass it and force an invalid password.
    This patch adds two new subroutines to Koha::AuthUtils to check the
    validity of passwords and generate a password server-side. It is used
    only once (self-registration) but could be useful later.
   
    Moreover the 3 different cases of password rejection (too leak, too
    short, contains leading or trailing whitespaces) were not tested
    everywhere. Now they are!
   
    This patch makes things consistent everywhere and clean up some code.
   
    Signed-off-by: Marc Véron <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit f2a1b215dd27c6cb9ed1b45a0613886843c6ba7d
Author: Jonathan Druart <[hidden email]>
Date:   Thu Mar 16 23:02:13 2017 -0300

    Bug 18298: minPasswordLength should not be used as the default password length
   
    The length of the passwords generated for a patron should not be as long
    as the value of minPasswordLength.
    It is the minimum required size of a password, not the maximum!
    So let's fix it to 8 if the minPasswordLength if < 8, that sounds
    reasonable and less risky for patrons.
   
    Signed-off-by: Marc Véron <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit ec4e666bc52b20089f3720d2e2d523fbdcfcf2eb
Author: Jonathan Druart <[hidden email]>
Date:   Thu Mar 16 23:01:34 2017 -0300

    Bug 18298: minPaswordLength should not be < 3
   
    Indeed if RequireStrongPassword is set we need at least 3 characters to
    match 1 upper, 1 lower and 1 digit.
    We could make things more complicated to allow minPasswordLength < 3
    but, really, 3 is already too low...
   
    Signed-off-by: Marc Véron <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit ac50959dcf99739007907e8549ca22cdd0b97532
Author: Jonathan Druart <[hidden email]>
Date:   Thu Mar 16 23:00:28 2017 -0300

    Bug 18298: Move password generation to template side
   
    This patch removes a really ugly way to generate a password: the whole
    template was sent and parsed to retrieve the "#defaultnewpassfield" node.
    To avoid the password to be sent plain text it is certainly better to
    generate it client-side.
    The same kind of passwords will be generated: 0-9a-zA-Z
    The while loop prevents to get an invalid generated password.
   
    Signed-off-by: Marc Véron <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit 7cc65af6ffdabbabe7ae3463f51096de375216ad
Author: Jonathan Druart <[hidden email]>
Date:   Thu Mar 16 22:59:51 2017 -0300

    Bug 18298: Use the validate jQuery plugin
   
    To validate password fields we need to use the validate jQuery plugin.
    To make things reusable this patch adds a new include file
    'password_check.inc' at the intranet and opac sides, it creates 3 new
    validation methods:
    - password_strong => make sure the passwords are strong enough according
    to the values of the RequireStrongPassword and minPasswordLength prefs
    - password_no_spaces => prevent passwords to be entered with leading or
    trailing spaces
    - password_match => make sure both password fields match
   
    Signed-off-by: Marc Véron <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit 558a809144560198c7febac4998f49c56c45c844
Author: Jonathan Druart <[hidden email]>
Date:   Tue Mar 14 20:01:27 2017 -0300

    Bug 18298: Enforce password complexity
   
    This patchset prevents users to enter too leak password, controlled by
    a new syspref RequireStrongPassword. If set the staff and patrons will have
    to enter a strong password.
    The strongness cannot be modified, it has been arbitrarily set (by the
    author of this enhancement) to at least 1 lowercase, 1 uppercase and 1
    digit. This can be inforce by increasing the value of the existing
    minPasswordLength pref.
   
    I decided to turn this feature on, it cannot hurt! For existing installs
    it will have to be turned on manually.
   
    Writing these patches I found a lot of inconsistencies all around the
    password checks and decided to refactor everything to make things
    consistent and more robust.
    Now the password validity is check at only one place (subroutine
    covered by tests).
   
    Test plan:
    We have several places where a password can be change/created:
    a. Editing a patron (members/memberentry.pl)
    b. Changing the password of a patron (members/member-password.pl)
    c. Changing your own password at the opac (opac/opac-passwd.pl).
    OpacPasswordChange needs to be set
    d. Reseting your own password at the opac
    (opac/opac-password-recovery.pl). OpacResetPassword needs to be set,
    see "Forgot your password?" link when you are not logged in
    e. Self registration feature, PatronSelfRegistration needs to be set.
   
    You will also need to add 'password' to PatronSelfRegistrationBorrowerMandatoryField.
   
    Note that '****' is considered by Koha internally that the password is
    not changed (existing behavior).
   
    To fully test this patch you will need to test the different
    combinations of RequireStrongPassword and minPasswordLength.
   
    Signed-off-by: Marc Véron <[hidden email]>
    Signed-off-by: Tomas Cohen Arazi <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit a93fef4c71d405fb7548e7d2601320ed0512d27c
Author: Jonathan Druart <[hidden email]>
Date:   Wed Sep 27 13:55:30 2017 -0300

    Bug 19373: CAS logout - Redirect to the previous page (Intranet)
   
    Signed-off-by: Matthias Meusburger <[hidden email]>
   
    Signed-off-by: Marcel de Rooy <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

commit e7a805691fdae884e6782c29e096ba2d476ef688
Author: Jonathan Druart <[hidden email]>
Date:   Wed Oct 11 12:15:01 2017 -0300

    Bug 19373: Update tests
   
    Signed-off-by: Matthias Meusburger <[hidden email]>
   
    Signed-off-by: Marcel de Rooy <[hidden email]>
   
    Signed-off-by: Jonathan Druart <[hidden email]>

-----------------------------------------------------------------------

Summary of changes:
 C4/Auth.pm                                         |    3 +
 C4/Auth_with_cas.pm                                |    8 +-
 Koha.pm                                            |    2 +-
 Koha/AuthUtils.pm                                  |   48 +++++++++
 installer/data/mysql/sysprefs.sql                  |    1 +
 installer/data/mysql/updatedatabase.pl             |   11 +++
 .../prog/en/includes/password_check.inc            |   25 +++++
 .../prog/en/modules/admin/preferences/patrons.pref |    7 ++
 .../prog/en/modules/members/member-password.tt     |  104 ++++++++++++--------
 .../prog/en/modules/members/memberentrygen.tt      |   39 ++++++--
 koha-tmpl/intranet-tmpl/prog/js/members.js         |   14 ---
 .../bootstrap/en/includes/password_check.inc       |   25 +++++
 .../bootstrap/en/modules/opac-memberentry.tt       |   45 ++++++---
 .../opac-tmpl/bootstrap/en/modules/opac-passwd.tt  |   42 ++++++--
 .../bootstrap/en/modules/opac-password-recovery.tt |   11 ++-
 members/member-password.pl                         |   26 ++---
 members/memberentry.pl                             |   16 ++-
 opac/opac-memberentry.pl                           |   17 ++--
 opac/opac-passwd.pl                                |   59 ++++++-----
 opac/opac-password-recovery.pl                     |   58 +++++------
 t/AuthUtils.t                                      |   49 ++++++++-
 t/db_dependent/Auth_with_cas.t                     |    3 +-
 22 files changed, 428 insertions(+), 185 deletions(-)
 create mode 100644 koha-tmpl/intranet-tmpl/prog/en/includes/password_check.inc
 create mode 100644 koha-tmpl/opac-tmpl/bootstrap/en/includes/password_check.inc


hooks/post-receive
--
main Koha release repository
_______________________________________________
koha-commits mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-commits