[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #85 from Martin Renvoize --- Please fix the bug title if there is now [part 2] bug reported or in the works. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Martin Renvoize changed: What|Removed |Added Keywords||release-notes-needed -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #84 from Martin Renvoize --- Nice work everyone! Pushed to master for 20.05 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Martin Renvoize changed: What|Removed |Added Status|Passed QA |Pushed to master Version(s)||20.05.00 released in|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #83 from Marcel de Rooy --- Thanks Vitor and Jonathan for further follow-up -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #79 from Jonathan Druart --- Created attachment 102499 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102499=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #80 from Jonathan Druart --- Created attachment 102500 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102500=edit Bug 21190: Allow browsing the system logs for AUTH events Trivial change, adding AUTH to viewlog template only. Test plan: Look for the Authentication log lines in viewlog.pl (intranet tools). Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #78 from Jonathan Druart --- Created attachment 102498 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102498=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #82 from Jonathan Druart --- Created attachment 102502 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102502=edit Bug 21190: (follow-up) Save patron id in failure when available The wrong password might belong to an existing user. If that is the case, we have a $patron. Note that logaction will save the object info but has no user in the context environment for a failure. Test plan: Login with good user, bad pw and bad user, bad pw. Check logviewer. Signed-off-by: Marcel de Rooy Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #81 from Jonathan Druart --- Created attachment 102501 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102501=edit Bug 21190: Add tests for authentication success and failure Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Jonathan Druart changed: What|Removed |Added Attachment #101971|0 |1 is obsolete|| Attachment #101972|0 |1 is obsolete|| Attachment #101973|0 |1 is obsolete|| Attachment #101974|0 |1 is obsolete|| Attachment #101975|0 |1 is obsolete|| Attachment #101976|0 |1 is obsolete|| Attachment #101977|0 |1 is obsolete|| Attachment #101978|0 |1 is obsolete|| Attachment #101979|0 |1 is obsolete|| --- Comment #74 from Jonathan Druart --- Created attachment 102493 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102493=edit Bug 21190: Prepare Log.t for further changes This patch only makes cosmetic changes: [1] It moves the existing tests at 'root level' inside a new subtest. [2] It obviously adds indentation for step 1. [3] It fixes some whitespace (tabs, space before newline) Test plan: Run t/db../Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #76 from Jonathan Druart --- Created attachment 102496 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102496=edit Bug 21190: Add interfaces parameter to POD in C4::Logs Just fixing documentation along the way. No test plan, just read the patch. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #77 from Jonathan Druart --- Created attachment 102497 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102497=edit Bug 21190: Remove t/Log.t Since we have t/db../Log.t and t/Log.t simply does nothing, we would better remove it. No test plan either :) Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #75 from Jonathan Druart --- Created attachment 102494 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102494=edit Bug 21190: Add subtest to Log.t for GDPR logging Apart from a new subtest, doing some more cleanup: [1] Copyright statement [2] Removing the (unneeded) flush [3] Removing C4::Log from the BEGIN block; we seem to skip that nowadays. [4] $succes goes to the subtest, $schema and $dbh are global our vars. Not required but just what we should do if it would run under Plack. Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Jonathan Druart changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #73 from Vitor Fernandes --- Hi Jonathan, I'll try to explain what the portuguese legislation says about this case. (In reply to Jonathan Druart from comment #72) > To me, the relevant part of the document > (https://dre.pt/application/conteudo/114937034) is page 1429: > > """ > Capacidade de monitorização, registo e análise de toda a atividade de > acessos de modo a procurar ameaças prováveis. > > > Deve ser guardado registo de atividade (log) de todas as ações que um > utiliza-dor efetue sobre dados pessoais, independentemente do seu perfil e > função.Obrigatório. > > [1] Todos os registos de atividade (log) devem ser armazenados apenas em > modo de leitura, devendo, com uma periodicidade máxima de 1 mês, ser > englo-bados num único bloco de registos e assinado digitalmente > (garantia de integridade).Obrigatório. > > [2] Deve ser guardado registo de atividade (log) de todos os acessos e > tentativas falhadas de acesso, obedecendo aos requisitos > anteriores.Obrigatório. > > Garantir que os registos de atividade provenientes dos diversos subsistemas > (Sistemas Operativos, aplicações, browsers, Sistema de Gestão de Base de > Dados — SGBD, etc.) são inequivocamente associados à sua origem.Obrigatório. > > Os registos de atividade (log) devem conter, no mínimo, o endereço de acesso > (IP e Porto), Host, HASH da conta do utilizador que efetuou a ação, ação > efe-tuada (CRUD), Tipo de Dado Pessoal onde a ação foi efetuada, > data/hora/mi-nuto/segundo (TimeStamp) da ação, alteração efetuada sobre o > dado pessoal.Obrigatório. > """ > That's the correct points :) > Trying a translation of the block [1] that we need here: > """ > All logs should be stored in read-only mode and kept for a maximum of 1 > month. > """ > But I do not understand the second part (Vitor, could you help? "ser > englo-bados num único bloco de registos e assinado digitalmente") The second phrase says that we should do one of two things: 1) Dump the month entries to a file and sign the file digitally 2) Add a column in action_logs that saves the signature used for each authentication entry The first option is easy to implement using the atual BD and code of Koha. > > Block [2]: > """ > Must bbe kept all activity log of all accesses and failed access attempts > must be saved, in compliance with the previous requirements. > """ > > So I think we must comply with the "maximum of 1 month". What about having a > new switch to cleanup_database to get a module-name and action-name > parameter for --logs? Or maybe we already deal with this part on a separate > bug report? The legislation doesn't cleary say that authentications logs should be removed. It says that every month we should do one of the two options above. If the first option is implemented and if the file is backed up, then we can clean the authentication logs (because we have a backup of them). -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #72 from Jonathan Druart --- To me, the relevant part of the document (https://dre.pt/application/conteudo/114937034) is page 1429: """ Capacidade de monitorização, registo e análise de toda a atividade de acessos de modo a procurar ameaças prováveis. Deve ser guardado registo de atividade (log) de todas as ações que um utiliza-dor efetue sobre dados pessoais, independentemente do seu perfil e função.Obrigatório. [1] Todos os registos de atividade (log) devem ser armazenados apenas em modo de leitura, devendo, com uma periodicidade máxima de 1 mês, ser englo-bados num único bloco de registos e assinado digitalmente (garantia de integridade).Obrigatório. [2] Deve ser guardado registo de atividade (log) de todos os acessos e tentativas falhadas de acesso, obedecendo aos requisitos anteriores.Obrigatório. Garantir que os registos de atividade provenientes dos diversos subsistemas (Sistemas Operativos, aplicações, browsers, Sistema de Gestão de Base de Dados — SGBD, etc.) são inequivocamente associados à sua origem.Obrigatório. Os registos de atividade (log) devem conter, no mínimo, o endereço de acesso (IP e Porto), Host, HASH da conta do utilizador que efetuou a ação, ação efe-tuada (CRUD), Tipo de Dado Pessoal onde a ação foi efetuada, data/hora/mi-nuto/segundo (TimeStamp) da ação, alteração efetuada sobre o dado pessoal.Obrigatório. """ Trying a translation of the block [1] that we need here: """ All logs should be stored in read-only mode and kept for a maximum of 1 month. """ But I do not understand the second part (Vitor, could you help? "ser englo-bados num único bloco de registos e assinado digitalmente") Block [2]: """ Must bbe kept all activity log of all accesses and failed access attempts must be saved, in compliance with the previous requirements. """ So I think we must comply with the "maximum of 1 month". What about having a new switch to cleanup_database to get a module-name and action-name parameter for --logs? Or maybe we already deal with this part on a separate bug report? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Katrin Fischer changed: What|Removed |Added Blocks||22794 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22794 [Bug 22794] Omnibus: Improve and extend logging in Koha -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #71 from Katrin Fischer --- The problem is, that GDPR does not describe technical measures - so all we might have here is the Portugese guidelines. We can check if other jurisdictions have done similar, but we will probably not find something specific in the law itself. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #70 from Jonathan Druart --- (In reply to Marcel de Rooy from comment #69) > (In reply to Jonathan Druart from comment #68) > > Can we have a link to the European legislation? I would like to correctly > > understand the need we are trying to answer with this patch set. > > Comment1. Vitor ? > Note that it is preference controlled. Sorry, I do not read Portuguese. If we are going to implement/release a GDPR recommendation we should at least point to the legislation. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #69 from Marcel de Rooy --- (In reply to Jonathan Druart from comment #68) > Can we have a link to the European legislation? I would like to correctly > understand the need we are trying to answer with this patch set. Comment1. Vitor ? Note that it is preference controlled. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Jonathan Druart changed: What|Removed |Added QA Contact|testo...@bugs.koha-communit |jonathan.dru...@bugs.koha-c |y.org |ommunity.org -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org --- Comment #68 from Jonathan Druart --- Can we have a link to the European legislation? I would like to correctly understand the need we are trying to answer with this patch set. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #67 from Marcel de Rooy --- Rebased after last signoff on 30-01. Please QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98139|0 |1 is obsolete|| --- Comment #64 from Marcel de Rooy --- Created attachment 101977 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101977=edit Bug 21190: Allow browsing the system logs for AUTH events Trivial change, adding AUTH to viewlog template only. Test plan: Look for the Authentication log lines in viewlog.pl (intranet tools). Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98141|0 |1 is obsolete|| --- Comment #66 from Marcel de Rooy --- Created attachment 101979 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101979=edit Bug 21190: (follow-up) Save patron id in failure when available The wrong password might belong to an existing user. If that is the case, we have a $patron. Note that logaction will save the object info but has no user in the context environment for a failure. Test plan: Login with good user, bad pw and bad user, bad pw. Check logviewer. Signed-off-by: Marcel de Rooy Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98138|0 |1 is obsolete|| --- Comment #63 from Marcel de Rooy --- Created attachment 101976 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101976=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98140|0 |1 is obsolete|| --- Comment #65 from Marcel de Rooy --- Created attachment 101978 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101978=edit Bug 21190: Add tests for authentication success and failure Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98137|0 |1 is obsolete|| --- Comment #62 from Marcel de Rooy --- Created attachment 101975 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101975=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98134|0 |1 is obsolete|| --- Comment #59 from Marcel de Rooy --- Created attachment 101972 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101972=edit Bug 21190: Add subtest to Log.t for GDPR logging Apart from a new subtest, doing some more cleanup: [1] Copyright statement [2] Removing the (unneeded) flush [3] Removing C4::Log from the BEGIN block; we seem to skip that nowadays. [4] $succes goes to the subtest, $schema and $dbh are global our vars. Not required but just what we should do if it would run under Plack. Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98135|0 |1 is obsolete|| --- Comment #60 from Marcel de Rooy --- Created attachment 101973 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101973=edit Bug 21190: Add interfaces parameter to POD in C4::Logs Just fixing documentation along the way. No test plan, just read the patch. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98133|0 |1 is obsolete|| --- Comment #58 from Marcel de Rooy --- Created attachment 101971 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101971=edit Bug 21190: Prepare Log.t for further changes This patch only makes cosmetic changes: [1] It moves the existing tests at 'root level' inside a new subtest. [2] It obviously adds indentation for step 1. [3] It fixes some whitespace (tabs, space before newline) Test plan: Run t/db../Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #98136|0 |1 is obsolete|| --- Comment #61 from Marcel de Rooy --- Created attachment 101974 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=101974=edit Bug 21190: Remove t/Log.t Since we have t/db../Log.t and t/Log.t simply does nothing, we would better remove it. No test plan either :) Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Martin Renvoize changed: What|Removed |Added CC||martin.renvoize@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #57 from Magnus Enger --- (In reply to Marcel de Rooy from comment #46) > Created attachment 98125 [details] [review] > Bug 21190: (follow-up) Save patron id in failure when available > > The wrong password might belong to an existing user. If that is the case, > we have a $patron. > Note that logaction will save the object info but has no user in the > context environment for a failure. > > Test plan: > Login with good user, bad pw and bad user, bad pw. Check logviewer. Thanks, Marcel! Looks like people beat me to the signoff, though. :-) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #56 from Marcel de Rooy --- (In reply to Michal Denar from comment #55) > Signed-off-by: Michal Denar Thanks Michal too! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #54 from Michal Denar --- Created attachment 98140 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98140=edit Bug 21190: Add tests for authentication success and failure Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #55 from Michal Denar --- Created attachment 98141 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98141=edit Bug 21190: (follow-up) Save patron id in failure when available The wrong password might belong to an existing user. If that is the case, we have a $patron. Note that logaction will save the object info but has no user in the context environment for a failure. Test plan: Login with good user, bad pw and bad user, bad pw. Check logviewer. Signed-off-by: Marcel de Rooy Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #52 from Michal Denar --- Created attachment 98138 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98138=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #51 from Michal Denar --- Created attachment 98137 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98137=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #53 from Michal Denar --- Created attachment 98139 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98139=edit Bug 21190: Allow browsing the system logs for AUTH events Trivial change, adding AUTH to viewlog template only. Test plan: Look for the Authentication log lines in viewlog.pl (intranet tools). Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #49 from Michal Denar --- Created attachment 98135 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98135=edit Bug 21190: Add interfaces parameter to POD in C4::Logs Just fixing documentation along the way. No test plan, just read the patch. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #50 from Michal Denar --- Created attachment 98136 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98136=edit Bug 21190: Remove t/Log.t Since we have t/db../Log.t and t/Log.t simply does nothing, we would better remove it. No test plan either :) Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #48 from Michal Denar --- Created attachment 98134 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98134=edit Bug 21190: Add subtest to Log.t for GDPR logging Apart from a new subtest, doing some more cleanup: [1] Copyright statement [2] Removing the (unneeded) flush [3] Removing C4::Log from the BEGIN block; we seem to skip that nowadays. [4] $succes goes to the subtest, $schema and $dbh are global our vars. Not required but just what we should do if it would run under Plack. Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Michal Denar changed: What|Removed |Added Attachment #98110|0 |1 is obsolete|| Attachment #98111|0 |1 is obsolete|| Attachment #98112|0 |1 is obsolete|| Attachment #98113|0 |1 is obsolete|| Attachment #98114|0 |1 is obsolete|| Attachment #98115|0 |1 is obsolete|| Attachment #98116|0 |1 is obsolete|| Attachment #98117|0 |1 is obsolete|| Attachment #98125|0 |1 is obsolete|| --- Comment #47 from Michal Denar --- Created attachment 98133 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98133=edit Bug 21190: Prepare Log.t for further changes This patch only makes cosmetic changes: [1] It moves the existing tests at 'root level' inside a new subtest. [2] It obviously adds indentation for step 1. [3] It fixes some whitespace (tabs, space before newline) Test plan: Run t/db../Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight Signed-off-by: Michal Denar -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #46 from Marcel de Rooy --- Created attachment 98125 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98125=edit Bug 21190: (follow-up) Save patron id in failure when available The wrong password might belong to an existing user. If that is the case, we have a $patron. Note that logaction will save the object info but has no user in the context environment for a failure. Test plan: Login with good user, bad pw and bad user, bad pw. Check logviewer. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #45 from Marcel de Rooy --- (In reply to ByWater Sandboxes from comment #43) > Signed-off-by: Jon Knight Thanks Jon -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #44 from Marcel de Rooy --- (In reply to Magnus Enger from comment #35) > Tested this, and everything looks good. To me it makes perfect sense to have > two regular sysprefs, as Marcel says, some libraries might want to log only > success or failure. > > I have one question, though. After doing one failed login and some > successful ones I have this in the database: > > +---+-+--++-++--- > ---+---+ > | action_id | timestamp | user | module | action | object | info > | interface | > +---+-+--++-++--- > ---+---+ > | 1676 | 2020-01-29 22:17:06 | 51 | AUTH | SUCCESS | 51 | Valid > password for admin | intranet | > | 1678 | 2020-01-29 22:17:17 |0 | AUTH | FAILURE | 0 | Wrong > password for admin | intranet | > | 1680 | 2020-01-29 22:17:20 | 51 | AUTH | SUCCESS | 51 | Valid > password for admin | intranet | > | 1681 | 2020-01-29 22:18:11 | 51 | AUTH | SUCCESS | 51 | Valid > password for admin | intranet | > +---+-+--++-++--- > ---+---+ > > The successfull logins are tied to a user (51), but the failed one is not > (0). Couldn't the failed one also be tied to the user, as long as the > username provided is the username of an actual user in the db? Or is there > some reason for not doing this? > > Apart from this question I'm ready to sign off. Thanks, Magnus. I do not really remember a specific reason. I could register it if it is available. People could try to hack an existing and a not-existing account. So we might have a $patron, we might not. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Jacek Ablewicz changed: What|Removed |Added CC||a...@biblos.pk.edu.pl -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Jon Knight changed: What|Removed |Added CC||j.p.kni...@lboro.ac.uk Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98074|0 |1 is obsolete|| --- Comment #43 from ByWater Sandboxes --- Created attachment 98117 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98117=edit Bug 21190: Add tests for authentication success and failure Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98069|0 |1 is obsolete|| --- Comment #38 from ByWater Sandboxes --- Created attachment 98112 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98112=edit Bug 21190: Add interfaces parameter to POD in C4::Logs Just fixing documentation along the way. No test plan, just read the patch. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98072|0 |1 is obsolete|| --- Comment #41 from ByWater Sandboxes --- Created attachment 98115 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98115=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98070|0 |1 is obsolete|| --- Comment #39 from ByWater Sandboxes --- Created attachment 98113 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98113=edit Bug 21190: Remove t/Log.t Since we have t/db../Log.t and t/Log.t simply does nothing, we would better remove it. No test plan either :) Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98073|0 |1 is obsolete|| --- Comment #42 from ByWater Sandboxes --- Created attachment 98116 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98116=edit Bug 21190: Allow browsing the system logs for AUTH events Trivial change, adding AUTH to viewlog template only. Test plan: Look for the Authentication log lines in viewlog.pl (intranet tools). Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98071|0 |1 is obsolete|| --- Comment #40 from ByWater Sandboxes --- Created attachment 98114 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98114=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98067|0 |1 is obsolete|| --- Comment #36 from ByWater Sandboxes --- Created attachment 98110 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98110=edit Bug 21190: Prepare Log.t for further changes This patch only makes cosmetic changes: [1] It moves the existing tests at 'root level' inside a new subtest. [2] It obviously adds indentation for step 1. [3] It fixes some whitespace (tabs, space before newline) Test plan: Run t/db../Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 ByWater Sandboxes changed: What|Removed |Added Attachment #98068|0 |1 is obsolete|| --- Comment #37 from ByWater Sandboxes --- Created attachment 98111 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98111=edit Bug 21190: Add subtest to Log.t for GDPR logging Apart from a new subtest, doing some more cleanup: [1] Copyright statement [2] Removing the (unneeded) flush [3] Removing C4::Log from the BEGIN block; we seem to skip that nowadays. [4] $succes goes to the subtest, $schema and $dbh are global our vars. Not required but just what we should do if it would run under Plack. Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy Signed-off-by: Jon Knight -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #35 from Magnus Enger --- Tested this, and everything looks good. To me it makes perfect sense to have two regular sysprefs, as Marcel says, some libraries might want to log only success or failure. I have one question, though. After doing one failed login and some successful ones I have this in the database: +---+-+--++-++--+---+ | action_id | timestamp | user | module | action | object | info | interface | +---+-+--++-++--+---+ | 1676 | 2020-01-29 22:17:06 | 51 | AUTH | SUCCESS | 51 | Valid password for admin | intranet | | 1678 | 2020-01-29 22:17:17 |0 | AUTH | FAILURE | 0 | Wrong password for admin | intranet | | 1680 | 2020-01-29 22:17:20 | 51 | AUTH | SUCCESS | 51 | Valid password for admin | intranet | | 1681 | 2020-01-29 22:18:11 | 51 | AUTH | SUCCESS | 51 | Valid password for admin | intranet | +---+-+--++-++--+---+ The successfull logins are tied to a user (51), but the failed one is not (0). Couldn't the failed one also be tied to the user, as long as the username provided is the username of an actual user in the db? Or is there some reason for not doing this? Apart from this question I'm ready to sign off. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Josef Moravec changed: What|Removed |Added CC||blac...@gmail.com, ||josef.mora...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #34 from Agnes Rivers-Moore --- I added comments as an end-user, my way of supporting work on this - will be sad to see it die. I appreciate the work done. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #33 from Marcel de Rooy --- Last action before I obsolete this report. If you ask for a change, please be ready to support its development by testing it too. Sending a signoff request to the mailing list. No response means closing this report and wasted time! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94735|0 |1 is obsolete|| --- Comment #30 from Marcel de Rooy --- Created attachment 98072 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98072=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94805|0 |1 is obsolete|| --- Comment #32 from Marcel de Rooy --- Created attachment 98074 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98074=edit Bug 21190: Add tests for authentication success and failure Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94736|0 |1 is obsolete|| --- Comment #31 from Marcel de Rooy --- Created attachment 98073 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98073=edit Bug 21190: Allow browsing the system logs for AUTH events Trivial change, adding AUTH to viewlog template only. Test plan: Look for the Authentication log lines in viewlog.pl (intranet tools). Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94734|0 |1 is obsolete|| --- Comment #29 from Marcel de Rooy --- Created attachment 98071 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98071=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94717|0 |1 is obsolete|| --- Comment #28 from Marcel de Rooy --- Created attachment 98070 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98070=edit Bug 21190: Remove t/Log.t Since we have t/db../Log.t and t/Log.t simply does nothing, we would better remove it. No test plan either :) Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94715|0 |1 is obsolete|| --- Comment #27 from Marcel de Rooy --- Created attachment 98069 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98069=edit Bug 21190: Add interfaces parameter to POD in C4::Logs Just fixing documentation along the way. No test plan, just read the patch. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94714|0 |1 is obsolete|| --- Comment #26 from Marcel de Rooy --- Created attachment 98068 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98068=edit Bug 21190: Add subtest to Log.t for GDPR logging Apart from a new subtest, doing some more cleanup: [1] Copyright statement [2] Removing the (unneeded) flush [3] Removing C4::Log from the BEGIN block; we seem to skip that nowadays. [4] $succes goes to the subtest, $schema and $dbh are global our vars. Not required but just what we should do if it would run under Plack. Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94713|0 |1 is obsolete|| --- Comment #25 from Marcel de Rooy --- Created attachment 98067 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98067=edit Bug 21190: Prepare Log.t for further changes This patch only makes cosmetic changes: [1] It moves the existing tests at 'root level' inside a new subtest. [2] It obviously adds indentation for step 1. [3] It fixes some whitespace (tabs, space before newline) Test plan: Run t/db../Log.t Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #24 from Katrin Fischer --- I was just trying to offer a compromise here :) The other log options are simple yes/no questions, so there is no need to change that unless we want to make it more granular in what they log. I am NOT suggesting to combine them into one big multi-select, I think that would be more confusing than helpful. But a LoginLog (or similar) with 2 options in a select would still make sense to me. One pref per "data type" + options. Not insisting tho, just to explain more what I meant in the first place. I am not in the Anti-YASP group. Examples for a multi-select would be: MarkLostItemsAsReturned or SocialNetworks (on master). -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #23 from Joonas Kylmälä --- (In reply to Marcel de Rooy from comment #22) > (In reply to Katrin Fischer from comment #21) > > I think TrackLastPatronActivity has a different goal. Could we shrink it to > > one additional pref using a multi-select approach? Check what you want to > > track. > > Thx for your feedback. > Agree about TrackLastPatronActivity. The multi-select approach could of > course be done; would that mean a sign-off? :) > I do not think it is a requirement to get this further btw. Currently, we > have all log preferences on one tab, all in YesNo style. So this is > consistent; adding another way would be a style change. I agree to not go out of style, so doing the multi-select approach could be something to be done in a separate bug report for all the logging options. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #22 from Marcel de Rooy --- (In reply to Katrin Fischer from comment #21) > (In reply to Marcel de Rooy from comment #20) > > (In reply to Joonas Kylmälä from comment #19) > > > I suggest that instead of adding two new sysprefs we could use the already > > > existing syspref TrackLastPatronActivity? Or at least just add one syspref > > > instead of two since I don't think such granularity is needed to log > > > either > > > failed or successful logins. > > > > Hi Jonaas, > > Thx for asking. I agree that they are related. But I do think that > > granularity of logging success and/or failure is useful. Although Vitor is > > interested in both, I can imagine that others only would be interested in > > the failures. There might be a difference in numbers there too. > > I think TrackLastPatronActivity has a different goal. Could we shrink it to > one additional pref using a multi-select approach? Check what you want to > track. Thx for your feedback. Agree about TrackLastPatronActivity. The multi-select approach could of course be done; would that mean a sign-off? :) I do not think it is a requirement to get this further btw. Currently, we have all log preferences on one tab, all in YesNo style. So this is consistent; adding another way would be a style change. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de --- Comment #21 from Katrin Fischer --- (In reply to Marcel de Rooy from comment #20) > (In reply to Joonas Kylmälä from comment #19) > > I suggest that instead of adding two new sysprefs we could use the already > > existing syspref TrackLastPatronActivity? Or at least just add one syspref > > instead of two since I don't think such granularity is needed to log either > > failed or successful logins. > > Hi Jonaas, > Thx for asking. I agree that they are related. But I do think that > granularity of logging success and/or failure is useful. Although Vitor is > interested in both, I can imagine that others only would be interested in > the failures. There might be a difference in numbers there too. I think TrackLastPatronActivity has a different goal. Could we shrink it to one additional pref using a multi-select approach? Check what you want to track. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #20 from Marcel de Rooy --- (In reply to Joonas Kylmälä from comment #19) > I suggest that instead of adding two new sysprefs we could use the already > existing syspref TrackLastPatronActivity? Or at least just add one syspref > instead of two since I don't think such granularity is needed to log either > failed or successful logins. Hi Jonaas, Thx for asking. I agree that they are related. But I do think that granularity of logging success and/or failure is useful. Although Vitor is interested in both, I can imagine that others only would be interested in the failures. There might be a difference in numbers there too. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Joonas Kylmälä changed: What|Removed |Added CC||joonas.kylm...@helsinki.fi --- Comment #19 from Joonas Kylmälä --- I suggest that instead of adding two new sysprefs we could use the already existing syspref TrackLastPatronActivity? Or at least just add one syspref instead of two since I don't think such granularity is needed to log either failed or successful logins. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #18 from Marcel de Rooy --- Please get this further now by testing and signing off ! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Status|ASSIGNED|Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #17 from Marcel de Rooy --- Created attachment 94805 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94805=edit Bug 21190: Add tests for authentication success and failure Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #16 from Marcel de Rooy --- Status: I will only extend the test for the changes in checkpw. Exploring further non-regular authentication events might be a part 2. We cover the most now via checkpw. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #15 from Marcel de Rooy --- Created attachment 94736 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94736=edit Bug 21190: Allow browsing the system logs for AUTH events Trivial change, adding AUTH to viewlog template only. Test plan: Look for the Authentication log lines in viewlog.pl (intranet tools). Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #12 from Marcel de Rooy --- Created attachment 94733 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94733=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94733|0 |1 is obsolete|| --- Comment #14 from Marcel de Rooy --- Created attachment 94735 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94735=edit Bug 21190: Add authentication logging to checkpw Add optional logging for successful and failing login attempts in checkpw. Test plan: Enable the preferences Perform a good login and a bad attempt Check action_logs Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Attachment #94732|0 |1 is obsolete|| --- Comment #13 from Marcel de Rooy --- Created attachment 94734 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94734=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #11 from Marcel de Rooy --- Created attachment 94732 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94732=edit Bug 21190: Introduce preferences AuthFailureLog and AuthSuccessLog Test plan: Run atomic update. Check the Logs tab of preferences. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=21191 Blocks|21191 | --- Comment #10 from Marcel de Rooy --- Moving 21191 to see also Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21191 [Bug 21191] GDPR: Script to block inactive users (with no successful logins on a defined period) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=23896 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Blocks|23896 | Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23896 [Bug 23896] logaction should pass the correct interface to Koha::Logger -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Blocks||23896 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23896 [Bug 23896] logaction should pass the correct interface to Koha::Logger -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #9 from Marcel de Rooy --- Created attachment 94717 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94717=edit Bug 21190: Remove t/Log.t Since we have t/db../Log.t and t/Log.t simply does nothing, we would better remove it. No test plan either :) Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #8 from Marcel de Rooy --- Created attachment 94715 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94715=edit Bug 21190: Add interfaces parameter to POD in C4::Logs Just fixing documentation along the way. No test plan, just read the patch. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #7 from Marcel de Rooy --- Created attachment 94714 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94714=edit Bug 21190: Add subtest to Log.t for GDPR logging Apart from a new subtest, doing some more cleanup: [1] Copyright statement [2] Removing the (unneeded) flush [3] Removing C4::Log from the BEGIN block; we seem to skip that nowadays. [4] $succes goes to the subtest, $schema and $dbh are global our vars. Not required but just what we should do if it would run under Plack. Test plan: Run t/db_dependent/Log.t Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 --- Comment #6 from Marcel de Rooy --- Created attachment 94713 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=94713=edit Bug 21190: Prepare Log.t for further changes This patch only makes cosmetic changes: [1] It moves the existing tests at 'root level' inside a new subtest. [2] It obviously adds indentation for step 1. [3] It fixes some whitespace (tabs, space before newline) Test plan: Run t/db../Log.t Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 21190] GDPR: Log successful/unsuccessful login attempts [part 1]
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21190 Marcel de Rooy changed: What|Removed |Added Status|NEW |ASSIGNED Assignee|koha-b...@lists.koha-commun |m.de.r...@rijksmuseum.nl |ity.org | Summary|GDPR: Log |GDPR: Log |successful/unsuccessful |successful/unsuccessful |login attempts |login attempts [part 1] --- Comment #5 from Marcel de Rooy --- Trying to give this a little start here :) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/