[Koha-bugs] [Bug 35067] Allow authorised value parent category so categories can be linked and shown together
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35067 Aleisha Amohia changed: What|Removed |Added Attachment #162355|0 |1 is obsolete|| --- Comment #10 from Aleisha Amohia --- Created attachment 162702 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162702&action=edit Bug 35067: Add authorised_value_categories.parent column -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35067] Allow authorised value parent category so categories can be linked and shown together
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35067 Aleisha Amohia changed: What|Removed |Added Attachment #162356|0 |1 is obsolete|| --- Comment #11 from Aleisha Amohia --- Created attachment 162703 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162703&action=edit Bug 35067: Schema updates -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35067] Allow authorised value parent category so categories can be linked and shown together
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35067 Aleisha Amohia changed: What|Removed |Added Attachment #162357|0 |1 is obsolete|| --- Comment #12 from Aleisha Amohia --- Created attachment 162704 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162704&action=edit Bug 35067: Save a parent category for authorised value category -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35067] Allow authorised value parent category so categories can be linked and shown together
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35067 Aleisha Amohia changed: What|Removed |Added Attachment #162358|0 |1 is obsolete|| --- Comment #13 from Aleisha Amohia --- Created attachment 162705 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162705&action=edit Bug 35067: Show parent authorised value options in biblio editor This enhancement adds the option to link a parent authorised value category to a new authorised value category. When the authorised value category is allocated to a biblio framework subfield, its values, plus it's parent's values, will show as possible options for that subfield in the cataloguing biblio editor. To test: 1) Install database updates and restart services. You may also need to rebuild schema files to capture the change to the database. 2) Go to Koha Administration -> Authorised Values. Notice the table listing authorised values now has a 'Parent category' column. 3) Click the button to add a New category. Notice there is a 'Parent category' dropdown available to set, containing all of the existing authorised value categories. Give your new category a name (for eg, CHILD), and choose any parent category (perhaps LANG). Save. 4) Add a value or set of values to your new category CHILD. 5) Once saved, go back to the main Authorised Values page and confirm your new category CHILD is showing with the correct parent category in the 'Parent category' column. 6) Go to Koha Administration -> MARC bibliographic frameworks. 7) Click the Actions dropdown for the Default framework and click on MARC structure. 8) Search for a tag and click the Actions dropdown, then choose Edit subfields. For example if testing with the LANG authorised value category, choose the 041 tag and Edit its subfields. 9) Go to the 'a' subfield tab. Go down to 'Other options (choose one)' and assign your new category CHILD to the Authorised value setting. Save. 10) Go to Cataloguing and add a new record using the default framework. 11) Go to the tag your just edited, i.e. the 041 tag. Click the dropdown to open it. 12) Confirm a heading for your new category CHILD shows with its authorised value(s) listed below it as selectable options. Confirm that the parent category i.e. LANG shows underneath, with its authorised value(s) listed below as selectable options. 13) Confirm you are able to choose a value from either list and save the record as normal. Sponsored-by: Education Services Australia SCIS -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35067] Allow authorised value parent category so categories can be linked and shown together
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35067 --- Comment #14 from Aleisha Amohia --- Created attachment 162706 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162706&action=edit Bug 35067: No parent category selected by default -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36076] paycollect.tt is missing permission checks for manual credit and invoice
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36076 Victor Grousset/tuxayo changed: What|Removed |Added Attachment #162252|0 |1 is obsolete|| --- Comment #4 from Victor Grousset/tuxayo --- Created attachment 162707 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162707&action=edit Bug 36076: paycollect.tt add permission checks for manual credit and invoice In members/pay.tt one can see permission checks for manual credit and invoice : CAN_user_updatecharges_manual_invoice CAN_user_updatecharges_manual_credit This is missing from members/paycollect.tt. HTML is also missing classes manualcredit and manualinvoice. Test plan : 1) Create a user with permissions to manage accounting (remaining_permissions under updatecharges) but without manual_invoice and manual_credit 2) Go to a patron account with an invoice 3) Click on "Make a payment", you dont see tabs manual credit/invoice 4) Click on "Pay" in "Actions" column => Without patch you see tabs manual credit/invoice => With patch you do not see them Signed-off-by: David Nind Signed-off-by: Victor Grousset/tuxayo -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36076] paycollect.tt is missing permission checks for manual credit and invoice
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36076 Victor Grousset/tuxayo changed: What|Removed |Added QA Contact|testo...@bugs.koha-communit |vic...@tuxayo.net |y.org | CC||vic...@tuxayo.net Status|Signed Off |Passed QA --- Comment #5 from Victor Grousset/tuxayo --- Works, makes sense, QA script happy, code looks good, passing QA :) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36076] paycollect.tt is missing permission checks for manual credit and invoice
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36076 Victor Grousset/tuxayo changed: What|Removed |Added Severity|major |normal --- Comment #6 from Victor Grousset/tuxayo --- (In reply to Fridolin Somers from comment #2) > I set major because it is a permission leak It's just displaying links which don't work because the server checks the permission before sending the page. And even if it did work, the post request for invoices and credit are also protected server side. (checked by loading the form, removing the permission and trying to make a manual invoice/credit) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 --- Comment #22 from David Cook --- (In reply to Olivier Hubert from comment #21) > Following a discussion on IRC with Jonathan, I waited until the commits for > 34478 were pushed to master. I then updated everything on my KTD and made > sure the commits were there before I started testing. > > When using SSO to login, I now get the "wrong_csrf_token" error message all > the time. This happens using both the OPAC and Intranet. Thanks for testing, Olivier. I'll take a look at this a little bit later today. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36192] [OMNIBUS] CSRF Protection for Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36203] Authorised value's descriptions should not be NULL
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36203 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36193] CSRF - Code review missed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36193 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36195] CSRF - testing reports
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36195 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36217] Jobs page include last hour filter does not work
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36217 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36214] plugin install/update/removal should be logged
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36214 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au --- Comment #1 from David Cook --- (In reply to Evelyn Hartline from comment #0) > Plugin installation/updates/removal should be action logged. User, > time/date, and what was changed should at least be included in the logs. Sounds like a good idea. We'd want some sort of default user or placeholder for when it's initiated by the CLI script. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35565] Authority Linker not properly including subfields
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35565 Phil Ringnalda changed: What|Removed |Added CC||p...@chetcolibrary.org --- Comment #2 from Phil Ringnalda --- (In reply to Esther Melander from comment #0) > LinkerOptions: broader_headings That's precisely what broader_headings does: if there's no match for a heading with more than one subfield, it removes the last one until it finds a match or runs out of subfields to remove. As the manual says, "This feature is experimental and shouldn’t be used in a production environment until further expanded upon." The feature has been untouched since it landed in 2012. It would be possible to fix this particular problem by teaching it to not remove subfields in the name portion and name-title portion of https://www.loc.gov/marc/authority/adx00.html but then doing the same for x10 and x11 will be complicated by the way that you can actually have more than one $d or $n, where one is part of the name and one is part of the title in a name-title heading. Perhaps a config file for what subfields may be removed from each bib field (since it would be reasonable to have different choices for 100/600/700/800)? Or, in far fewer lines of code, remove the feature which has been experimental and non-production and untouched for over 13 years. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35067] Allow authorised value parent category so categories can be linked and shown together
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35067 Aleisha Amohia changed: What|Removed |Added Attachment #162706|0 |1 is obsolete|| --- Comment #15 from Aleisha Amohia --- Created attachment 162708 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162708&action=edit Bug 35067: Fix for AV categories with no parent, and special AVs Test that item type, classification sources, and standard authorised values like YES_NO still work as normal. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 --- Comment #23 from David Cook --- (In reply to Olivier Hubert from comment #21) > Following a discussion on IRC with Jonathan, I waited until the commits for > 34478 were pushed to master. I then updated everything on my KTD and made > sure the commits were there before I started testing. > > When using SSO to login, I now get the "wrong_csrf_token" error message all > the time. This happens using both the OPAC and Intranet. It looks like 34478 accidentally breaks the generation of the state parameter. I am going to fix that in a different bug report I think, so that we can keep this one for the userenv related issue. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36219] New: State parameter broken for OIDC/Oauth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 Bug ID: 36219 Summary: State parameter broken for OIDC/Oauth Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: blocker Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: dc...@prosentient.com.au QA Contact: testo...@bugs.koha-community.org CC: dpav...@rot13.org Bug 34478 accidentally removed the csrf token that functions as the state parameter in Koha/REST/V1/OAuth/Client.pm, which has broken the OIDC/Oauth SSO. Easy fix though, and should only be relevant for master at this point. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36192] [OMNIBUS] CSRF Protection for Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 David Cook changed: What|Removed |Added Depends on||36219 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 [Bug 36219] State parameter broken for OIDC/Oauth -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36219] State parameter broken for OIDC/Oauth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 David Cook changed: What|Removed |Added Blocks||36192 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 [Bug 36192] [OMNIBUS] CSRF Protection for Koha -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 David Cook changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=36219 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36219] State parameter broken for OIDC/Oauth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 David Cook changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=34755 -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36219] State parameter broken for OIDC/Oauth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 David Cook changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |dc...@prosentient.com.au |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36219] State parameter broken for OIDC/Oauth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 David Cook changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36219] State parameter broken for OIDC/Oauth
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219 --- Comment #1 from David Cook --- Created attachment 162709 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162709&action=edit Bug 36219: Re-add missing state param for Oauth/OIDC client This change restores the csrf token added as the state param for the OAuth/OIDC client. Test plan: 0. Apply the patch and restart Starman 1. Test the SSO using the wiki guide -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 --- Comment #24 from David Cook --- (In reply to Olivier Hubert from comment #21) > Following a discussion on IRC with Jonathan, I waited until the commits for > 34478 were pushed to master. I then updated everything on my KTD and made > sure the commits were there before I started testing. > > When using SSO to login, I now get the "wrong_csrf_token" error message all > the time. This happens using both the OPAC and Intranet. Ok, so I've fixed the breakage caused by 34478 with a patch on bug 36219. It's worth noting that bug 34478 + bug 36219 resolves the issue reported here in bug 34755, but only for the master branch. -- For stable branches like 23.05... we'll want to backport bug 36098 and bring over the changes from git hash d75f1df99d32ab615365ffb87b975d9a53c219f7 I'll look at that now... -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 David Cook changed: What|Removed |Added Assignee|maryse.sim...@inlibro.com |dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 David Cook changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 David Cook changed: What|Removed |Added Attachment #161783|0 |1 is obsolete|| Attachment #161784|0 |1 is obsolete|| --- Comment #25 from David Cook --- Created attachment 162710 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=162710&action=edit Bug 34755: Backport Koha::Token change from bug 34478 This change includes the Koha::Token changes which uses Koha::Session for generating and checking CSRF tokens. 0. Apply the patch and koha-plack --restart kohadev 1. Setup Keycloak OIDC SSO according to "Testing SSO" wiki guide 2. In a regular window go to http://localhost:8080 3. In a private window go to http://localhost:8080 and click the SSO "Log in with..." button, but don't log into Keycloak 4. In the regular window, login locally, and navigate to 5-6 pages 5. In the private window, log into Keycloak 6. Note that you are redirected back to Koha and logged in successfully (no wrong_csrf_token error). -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 34755] Error authenticating to external OpenID Connect (OIDC) identity provider : wrong_csrf_token
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34755 --- Comment #26 from David Cook --- I've just tested this on 23.11.03. Bug 36098 patches plus this patch should fix the problem. I'll comment on bug 36098 asking for folk to backport the Koha::Session change. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36098] Create Koha::Session module
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36098 David Cook changed: What|Removed |Added Severity|enhancement |normal --- Comment #18 from David Cook --- I'm actually changing this from "enhancement" to "normal" (although maybe it should be more severe), since it's needed to fix bug 34755 which is a bug that was reported around 6 months ago. (It took me a while to reproduce the problem and figure out the root cause, so here we are.) It would be great to get this backported to the stable branches. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36193] CSRF - Code review missed
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36193 --- Comment #2 from David Cook --- I'm not sure if I fully understand. It looks like bug 34478 accidentally broke the Oauth/OIDC SSO, so I've fixed it on bug 36219. Should I have added that patch here instead? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36206] Administrative plugins
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36206 --- Comment #7 from David Cook --- (In reply to Martin Renvoize from comment #6) > Currently this is easiest to test using the in-development crontab manager > plugin, admin_plugin branch: > https://github.com/PTFS-Europe/koha-plugin-crontab/tree/admin_plugin Can't locate Config/Crontab.pm in @INC (you may need to install the Config::Cron tab module) sudo apt-get install libconfig-crontab-perl sudo sh install_plugins.sh No crontab found, installing default at /var/lib/koha/kohadev/koha-plugin-crontab/Koha/Plugin/Com/PTFSEurope/Crontab.pm line 140. Writing crontab: # This crontab file is managed by the Koha Crontab manager plugin # BLOCKID: 0 PERL5LIB=/usr/share/koha/lib KOHA_CRON_PATH=/usr/share/koha/bin/cronjobs KOHA_CONF=/etc/koha/sites/kohadev/koha-conf.xml Installed Crontab version {VERSION} All plugins successfully re-initialised -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36206] Administrative plugins
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36206 David Cook changed: What|Removed |Added Status|Needs Signoff |Failed QA --- Comment #8 from David Cook --- Sorry, mate, but I couldn't get this to work. Might be that I wasn't testing it correctly. Can you add a rock-solid test plan for it? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36206] Administrative plugins
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36206 Magnus Enger changed: What|Removed |Added CC||mag...@libriotech.no -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/