[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Lucas Gass changed: What|Removed |Added Status|Needs Signoff |Patch doesn't apply CC||lu...@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au --- Comment #20 from David Cook --- I think that sending the securePasswordPattern is not a good idea, as it's not the API consumer's job to handle the password. Sending "code" and "securePasswordLabel" is fine as that communicates the message from Koha to the API consumer. On my TODO list, I'm actually planning more complex password security than just a regex. I want to add a customizable list of passwords that users cannot use (e.g. "password", "123456", "Password1", "koha", etc). We could also add rules like the password and username cannot match. These aren't "patterns" per se, but would rather be communicated by "code" and "securePasswordLabel" I think. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Status|Failed QA |Needs Signoff --- Comment #19 from Arthur Suzuki --- (In reply to Jonathan Druart from comment #15) > Waiting for an answer. Bonsoir Jonathan :) I've implemented a password_policy method in charge of submitting the regex. KR, Arthur -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Attachment #100426|0 |1 is obsolete|| --- Comment #17 from Arthur Suzuki --- Created attachment 106566 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106566&action=edit Bug 23011: Have AuthenticatePatron method send more information We want AuthenticatePatron to send some more information upon successful login, especially in the case where password is not safe and should be renewed. The goal is to let a third-party app catch thoses codes and display a warning to the users. Test plan : 1 / apply tests patch 2 / run tests, verify failure 3 / apply C4/ILSDI/Service.pm patch 4 / run tests again, verify green Signed-off-by: Emmi Takkinen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #18 from Arthur Suzuki --- Created attachment 106567 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106567&action=edit Bug 23011: QA follow-up -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Attachment #100425|0 |1 is obsolete|| --- Comment #16 from Arthur Suzuki --- Created attachment 106565 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106565&action=edit Bug 23011: Add new tests (AuthenticatePatron error codes) This bug add new tests to the AuthenticatePatron ILS-DI service. It tests new error codes patron might get when successfully connecting but with a password which doesn't match Koha security rules. Signed-off-by: Emmi Takkinen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Jonathan Druart changed: What|Removed |Added Status|Signed Off |Failed QA --- Comment #15 from Jonathan Druart --- Waiting for an answer. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #14 from Arthur Suzuki --- Yeay, thanks for signing off this patch Emmi =) Arthur -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org --- Comment #13 from Jonathan Druart --- I have the feeling that what you need here is a password_policy method that would return the different rules. For instance only checking for minPasswordLength is wrong, there is a default to 3 if the pref is not set (or < 3) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Emmi Takkinen changed: What|Removed |Added CC||emmi.takki...@outlook.com Status|Needs Signoff |Signed Off --- Comment #12 from Emmi Takkinen --- Forgot to obsolete last patch when signing off first time. But patch works as intended. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Emmi Takkinen changed: What|Removed |Added Attachment #96562|0 |1 is obsolete|| Attachment #100423|0 |1 is obsolete|| Attachment #100424|0 |1 is obsolete|| --- Comment #10 from Emmi Takkinen --- Created attachment 100425 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=100425&action=edit Bug 23011: Add new tests (AuthenticatePatron error codes) This bug add new tests to the AuthenticatePatron ILS-DI service. It tests new error codes patron might get when successfully connecting but with a password which doesn't match Koha security rules. Signed-off-by: Emmi Takkinen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #11 from Emmi Takkinen --- Created attachment 100426 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=100426&action=edit Bug 23011: Have AuthenticatePatron method send more information We want AuthenticatePatron to send some more information upon successful login, especially in the case where password is not safe and should be renewed. The goal is to let a third-party app catch thoses codes and display a warning to the users. Test plan : 1 / apply tests patch 2 / run tests, verify failure 3 / apply C4/ILSDI/Service.pm patch 4 / run tests again, verify green Signed-off-by: Emmi Takkinen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #9 from Emmi Takkinen --- Created attachment 100424 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=100424&action=edit Bug 23011: Have AuthenticatePatron method send more information We want AuthenticatePatron to send some more information upon successful login, especially in the case where password is not safe and should be renewed. The goal is to let a third-party app catch thoses codes and display a warning to the users. Test plan : 1 / apply tests patch 2 / run tests, verify failure 3 / apply C4/ILSDI/Service.pm patch 4 / run tests again, verify green Signed-off-by: Emmi Takkinen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Emmi Takkinen changed: What|Removed |Added Attachment #96561|0 |1 is obsolete|| --- Comment #8 from Emmi Takkinen --- Created attachment 100423 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=100423&action=edit Bug 23011: Add new tests (AuthenticatePatron error codes) This bug add new tests to the AuthenticatePatron ILS-DI service. It tests new error codes patron might get when successfully connecting but with a password which doesn't match Koha security rules. Signed-off-by: Emmi Takkinen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Priority|P5 - low|P4 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Attachment #93517|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Attachment #93512|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Attachment #96560|0 |1 is obsolete|| --- Comment #7 from Arthur Suzuki --- Created attachment 96562 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=96562&action=edit Bug 23011: Have AuthenticatePatron method send more information We want AuthenticatePatron to send some more information upon successful login, especially in the case where password is not safe and should be renewed. The goal is to let a third-party app catch thoses codes and display a warning to the users. Test plan : 1 / apply tests patch 2 / run tests, verify failure 3 / apply C4/ILSDI/Service.pm patch 4 / run tests again, verify green -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #5 from Arthur Suzuki --- Created attachment 96560 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=96560&action=edit Bug 23011: Have AuthenticatePatron method send more information We want AuthenticatePatron to send some more information upon successful login, especially in the case where password is not safe and should be renewed. The goal is to let a third-party app catch thoses codes and display a warning to the users. Test plan : 1 / apply tests patch 2 / run tests, verify failure 3 / apply C4/ILSDI/Service.pm patch 4 / run tests again, verify green -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #6 from Arthur Suzuki --- Created attachment 96561 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=96561&action=edit Bug 23011: Add new tests (AuthenticatePatron error codes) This bug add new tests to the AuthenticatePatron ILS-DI service. It tests new error codes patron might get when successfully connecting but with a password which doesn't match Koha security rules. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #4 from Arthur Suzuki --- The regex is needed by the client app we use to provide some client side input validation before sending any new (and possibly wrong) password to koha. i'm thinking of the following solution : is_password_valid could return the regex in addition to the boolean and error. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Julian Maurice changed: What|Removed |Added Status|Needs Signoff |Failed QA CC||julian.maur...@biblibre.com --- Comment #3 from Julian Maurice --- Tests are failing, but it's just the number of tests that is wrong > Parse errors: Bad plan. You planned 9 tests but ran 10. QA tool reports some errors as well: > FAIL C4/ILSDI/Services.pm > FAIL forbidden patterns > forbidden pattern: tab char (line 382) > forbidden pattern: tab char (line 386) > forbidden pattern: tab char (line 384) > forbidden pattern: tab char (line 383) > forbidden pattern: tab char (line 385) > > Commit title does not start with 'Bug X: ' - de967f9fc0 > Commit title does not start with 'Bug X: ' - 23cd5391bc Otherwise it works well, but I'm a bit concerned by the fact that the patch duplicates the password regexp. If someone modify it in is_password_valid, there are high chances that they will forgot to modify it in ILSDI code. Also, it's not the only thing checked in is_password_valid (there is also a check on whitespaces). Is it really needed to return the regexp ? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #2 from Arthur Suzuki --- Created attachment 93517 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=93517&action=edit Bug23011 : Have AuthenticatePatron method send more information We want AuthenticatePatron to send some more information upon successful login, especially in the case where password is not safe and should be renewed. The goal is to let a third-party app catch thoses codes and display a warning to the users. Test plan : 1 / apply tests patch 2 / run tests, verify failure 3 / apply C4/ILSDI/Service.pm patch 4 / run tests again, verify green -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 --- Comment #1 from Arthur Suzuki --- Created attachment 93512 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=93512&action=edit Bug23011 : Add new tests (AuthenticatePatron error codes) This bug add new tests to the AuthenticatePatron ILS-DI service. It tests new error codes patron might get when successfully connecting but with a password which doesn't match Koha security rules. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Status|NEW |Needs Signoff Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 23011] AuthenticatePatron could alert if password is not safe
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23011 Arthur Suzuki changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |arthur.suz...@biblibre.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/