[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Martin Renvoize changed: What|Removed |Added CC|martin.renvoize@ptfs-europe | |.com| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Jonathan Druart changed: What|Removed |Added Blocks||36937 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36937 [Bug 36937] api/v1/password_validation.t generates warnings -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Frédéric Demians changed: What|Removed |Added Status|Pushed to oldstable |Pushed to oldoldstable CC||frede...@tamil.fr --- Comment #17 from Frédéric Demians --- Pushed to 22.11.x for 23.11.14 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Lucas Gass changed: What|Removed |Added CC||lu...@bywatersolutions.com Version(s)|24.05.00,23.11.02 |24.05.00,23.11.02,23.05.08 released in|| Status|Pushed to stable|Pushed to oldstable --- Comment #16 from Lucas Gass --- Backported to 23.05.x for upcoming 23.05.08 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Fridolin Somers changed: What|Removed |Added Status|Pushed to master|Pushed to stable CC||fridolin.som...@biblibre.co ||m Version(s)|24.05.00|24.05.00,23.11.02 released in|| --- Comment #15 from Fridolin Somers --- Pushed to 23.11.x for 23.11.02 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #14 from Katrin Fischer --- Pushed for 24.05! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Katrin Fischer changed: What|Removed |Added Status|Passed QA |Pushed to master Version(s)||24.05.00 released in|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Tomás Cohen Arazi changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Tomás Cohen Arazi changed: What|Removed |Added QA Contact||tomasco...@gmail.com Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #13 from Tomás Cohen Arazi --- Looks good. Amended the patches so they don't have tidy issues. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Tomás Cohen Arazi changed: What|Removed |Added Attachment #159940|0 |1 is obsolete|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Tomás Cohen Arazi changed: What|Removed |Added Attachment #159939|0 |1 is obsolete|| --- Comment #12 from Tomás Cohen Arazi --- Created attachment 159957 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=159957&action=edit Bug 35204: Prevent an expired password from throwing a 500 error Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted. Test plan: 1) Choose a patron and set their password expiry date to a date in the past 2) Send a request to auth/password/validation as an authenticated user with that patron's details 3) The response should be a 500 error 4) Apply patch 5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of "Password expired" Signed-off-by: Tomas Cohen Arazi -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #11 from Tomás Cohen Arazi --- Created attachment 159956 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=159956&action=edit Bug 35204: Add unit tests prove t/db_dependent/api/v1/password_validation.t Signed-off-by: Tomas Cohen Arazi bsoletes: 159940 - Bug 35204: Add unit tests -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Tomás Cohen Arazi changed: What|Removed |Added Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #10 from Matt Blenkinsop --- Attempt two - I've added a unit test and changed the error code to now show a password expiration rather than just "Validation failed". Let me know if this needs tweaking at all -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #9 from Matt Blenkinsop --- Created attachment 159940 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=159940&action=edit Bug 35204: Add unit tests prove t/db_dependent/api/v1/password_validation.t -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Matt Blenkinsop changed: What|Removed |Added Attachment #159612|0 |1 is obsolete|| --- Comment #8 from Matt Blenkinsop --- Created attachment 159939 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=159939&action=edit Bug 35204: Prevent an expired password from throwing a 500 error Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted. Test plan: 1) Choose a patron and set their password expiry date to a date in the past 2) Send a request to auth/password/validation as an authenticated user with that patron's details 3) The response should be a 500 error 4) Apply patch 5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of "Password expired" -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Matt Blenkinsop changed: What|Removed |Added Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #7 from Tomás Cohen Arazi --- I was going to fail this one yesterday but had a flight delayed. - We need tests (they should highlight what dcook is saying) - My opinion is we should return `error_code` => 'password_expired' or similar, so API consumers can really act correctly on further steps for the end user. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #6 from David Nind --- (In reply to David Cook from comment #3) > (In reply to David Nind from comment #2) > > I'm happy to test, but how to send a request is not something I'm great at. > > > > Could you provide an example of how to send a request to generate the error? > > > > Thanks! > > curl -u AMINDUSER:ADMINPASSWORD -H "Content-Type: application/json" > http://localhost:8081/api/v1/auth/password/validation -d > '{"identifier":"patron","password":"$uper Duper 4wesome Password"}' Thanks David! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 David Cook changed: What|Removed |Added Status|Needs Signoff |Failed QA --- Comment #5 from David Cook --- Sorry but I think I'm going to mark this one as Failed QA even though I'm the one who made the original mistake 😅 I can fix this tomorrow afternoon if you'd prefer. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #4 from David Cook --- While this works... I don't think it's the right solution. It looks like we should change "unless ($status)" to "unless ($status && $status > 0)". I'm basing that off these lines 2004 # INTERNAL AUTH 2005 if ( $check_internal_as_fallback ) { 2006 @return = checkpw_internal( $userid, $password, $no_set_userenv); 2007 $passwd_ok = 1 if $return[0] > 0; # 1 or 2 2008 } I don't think the -2 for an expired password actually gets used anywhere so that's fun. The "password_expired" message at login time seems to come from $patron->password_expired in a different auth function. I don't know what a return value of 2 means either... (One of these days auth in Koha won't be a nightmare...) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #3 from David Cook --- (In reply to David Nind from comment #2) > I'm happy to test, but how to send a request is not something I'm great at. > > Could you provide an example of how to send a request to generate the error? > > Thanks! curl -u AMINDUSER:ADMINPASSWORD -H "Content-Type: application/json" http://localhost:8081/api/v1/auth/password/validation -d '{"identifier":"patron","password":"$uper Duper 4wesome Password"}' -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 David Nind changed: What|Removed |Added CC||da...@davidnind.com --- Comment #2 from David Nind --- I'm happy to test, but how to send a request is not something I'm great at. Could you provide an example of how to send a request to generate the error? Thanks! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Matt Blenkinsop changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |matt.blenkinsop@ptfs-europe |ity.org |.com -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 --- Comment #1 from Matt Blenkinsop --- Created attachment 159612 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=159612&action=edit Bug 35204: Prevent an expired password from throwing a 500 error Currently when a patron with an expired password is authenticated via the API a 500 error is returned rather than a 400 "Validation failed" error. This patch catches the return value for an expired password and returns the validation failure before the patron search is attempted. Test plan: 1) Choose a patron and set their password expiry date to a date in the past 2) Send a request to auth/password/validation with that patron's details 3) The response should be a 500 error 4) Apply patch 5) Repeat steps 1-3 and this time the response should be a 400 code with an error message of "Validation failed" -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Matt Blenkinsop changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Martin Renvoize changed: What|Removed |Added CC||martin.renvoize@ptfs-europe ||.com, ||matt.blenkinsop@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 David Cook changed: What|Removed |Added CC||dc...@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 35204] REST API: POST endpoint /auth/password/validation dies on patron with expired password
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35204 Nick Clemens changed: What|Removed |Added Depends on||30962 Severity|normal |major Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30962 [Bug 30962] Add POST endpoint for validating a user password -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/