https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39435
--- Comment #32 from Marcel de Rooy <[email protected]> --- Created attachment 180481 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=180481&action=edit Bug 39435: Add bot challenge middleware class This new class will call Koha::BotChallenger->check from Plack middleware. NOTE: We need to pass a defined value to check_csrf from the CSRF middleware. Koha::Token should only return immediately on undefined session_id. Actually, this makes the second check in check_csrf unneeded. This adds a unit test, primarily testing the control flow within ->call. The BotChallenger->check is tested already in the former patch. Test plan: [1] Run t/Koha/Middleware/BotChallenge.t and t/Token.t [2] Copy the plack.psgi change into your /etc/koha/plack.pgsi. Restart all. Clear browser cache (*). [3] Clear pref BotChallengePlugin. Verify that OPAC response time is just like before (given same circumstances etc.) [4] Apply the examples patch. cp -r botchallenge/plugins/BotChallenge /var/lib/koha/INSTANCE/plugins/ cp -r botchallenge/plugins/js /var/lib/koha/INSTANCE/plugins/ Restart all. Clear browser cache (*). [5] Set pref to BotChallenge::Dumb. This does not use js. [6] Verify that the first OPAC hit triggers opac-bot-challenge. Wait a few seconds and submit. Check cookie BotChallenge in browser dev tools. Navigate thru OPAC. Normal response, no challenge? [7] Remove the cookie. Hit another OPAC page. Challenge comes back? Bonus tests [8] See also bug 39466, add alias for plugins/js to apache-shared-opac. Restart all [9] Set pref to BotChallenge::Simple or BotChallenge::Text. Remove cookie. Navigate thru OPAC again. (*) During testing I had some issues with browser cache redirecting pages to opac-bot-challenge. A refresh on opac-bot-challenge should resolve that too. Signed-off-by: Marcel de Rooy <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
