https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39435
Marcel de Rooy <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #179750|0 |1 is obsolete| | --- Comment #15 from Marcel de Rooy <[email protected]> --- Created attachment 179974 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=179974&action=edit Bug 39435: Introduce Koha::BotChallenger Test plan: [1] Run t/Koha/BotChallenger.t [2] Clear the pref BotChallengePlugin. Verify that OPAC response time in your browser is not affected, comparing response times before this patch under the same circumstances. [3] Use one of the plugin examples or create one ;) See BZ. Fill the pref. Hit opac-bot-challenge.pl. Post the form. Check for the cookie BotChallenge in browser dev tools. Verify that with that cookie, hitting opac pages does not really affect response times. (The check should cost only 2 or 3ms.) Obviously, only compare the same pages with/without this patch. Delete the cookie. Verify that you get the challenge form again, but do not post a response. Add your IP address to env var BTCH_ALLOW_IP (via e.g. SetEnv in an Apache config file, via Docker env, etc.) Delete the cookie and verify that you are not redirected now to the challenge form when hitting another OPAC page. [EDIT] Adjusted for master: CSRF changes. Fixed referer encoding. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
