[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Martin Renvoize changed: What|Removed |Added CC||k...@bywatersolutions.com, ||martin.renvoize@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #35 from Magnus Enger --- (In reply to Katrin Fischer from comment #34) > Hi Magnus, any update on this? I know there are Swedish libraries that have patched their Kohas to work in the way that is implemented in this bug (16694), so having these patches in Koha would be a good thing. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #34 from Katrin Fischer --- (In reply to Magnus Enger from comment #33) > I just discovered that some of my use cases for this bug can be solved by > the development on bug 17826. If the Meröppet vendor can work with 0/1 in a > made up SIP2 field, that bug solves the problem. > > We still need this bug if the vendor only accepts values in field 1 and/or > two of the patron information response. Hi Magnus, any update on this? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #33 from Magnus Enger --- I just discovered that some of my use cases for this bug can be solved by the development on bug 17826. If the Meröppet vendor can work with 0/1 in a made up SIP2 field, that bug solves the problem. We still need this bug if the vendor only accepts values in field 1 and/or two of the patron information response. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #32 from Magnus Enger --- It's been a while... Mark: would you object to moving the plugin code to a separate bug report? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #31 from Magnus Enger --- (In reply to Marcel de Rooy from comment #21) > Also the current code needs additional checking. > If a patron is already debarred etc, so charge_ok is already 0, we should > not set charge_ok to 1 only because the validation attribute is present. Remember that there will be a dedicated Meröppet login, and only that login will have the extra attribute "validate_patron_attribute". This login will only be concerned with letting patrons into the building or not, and that will be governed by the setting of the patron attribute in Koha. The user with this login will not care about whether the patron is debarred or not, or what "charge_ok" is really set to. It is the role of librarians (or custom scripts) to make sure the Meröppet attribute reflects the Meröppet access of the patron. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #30 from Mark Alexander --- (In reply to Magnus Enger from comment #29) > Could we pass $patron to the plugin and let the plugin do what it needs to > it, before returning it? So instead of this (as suggested by Mark): > > $patron = undef unless ( check_patron ( $patron, $server ) ); > > we could do this? > > $patron = check_patron ( $patron, $server ); > > And the plugin could return undef or just a changed $patron. > > I would also suggest a more detailed name for the config-parameter: > > >error-detect="enabled" > institution="RPL" > plugin_class="Koha::Plugin::Com::Bloovis::Sip2patron" /> > > > Maybe something like patron_validation_plugin_class? There could be other > plugins that do other things in the future. I like these suggestions. I have made these changes to my plugin and MsgType.pm on my test setup, and they work as expected. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #29 from Magnus Enger --- Hm, I think I agree that a plugin might make sense here. But can we agree on how to signal that the patron should be denied access? The vendors of "more open" that I have worked with expect a SIP2 response that has us using this to set the proper status: $patron->{'charge_ok'} Could we pass $patron to the plugin and let the plugin do what it needs to it, before returning it? So instead of this (as suggested by Mark): $patron = undef unless ( check_patron ( $patron, $server ) ); we could do this? $patron = check_patron ( $patron, $server ); And the plugin could return undef or just a changed $patron. I would also suggest a more detailed name for the config-parameter: Maybe something like patron_validation_plugin_class? There could be other plugins that do other things in the future. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Andreas Jonsson changed: What|Removed |Added CC||andreas.jons...@kreablo.se -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #28 from Mark Alexander --- (In reply to Colin Campbell from comment #25) > patron should not be being set to undef in MsgType - this could result in a > failed connection. Patron is still supposed to be returned but patron status > flagged I am confused by this. I see that find_patron does sometimes return undef, and that is tested in build_patron_status, handle_block_patron, handle_patron_info, and handle_patron_enable. In those functions, undef seems to indicate an invalid patron. So I thought it would be safe to emulate that behavior. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #27 from Magnus Enger --- (In reply to Colin Campbell from comment #26) > I find it a bit concerning that the "more open" functionality is relying on > as insecure and abusable protocol as sip2. I trust that some additional > security is added to the connection but it does suggest that things are > completely open rather than more open That decision is in the hands of the companies providing the physical "more open" machinery. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #26 from Colin Campbell --- I find it a bit concerning that the "more open" functionality is relying on as insecure and abusable protocol as sip2. I trust that some additional security is added to the connection but it does suggest that things are completely open rather than more open -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #25 from Colin Campbell --- patron should not be being set to undef in MsgType - this could result in a failed connection. Patron is still supposed to be returned but patron status flagged -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #24 from Mark Alexander --- Created attachment 80703 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80703=edit Relevant code from patron validator plugin This is my test plugin for validating SIP2 patrons, with the boilerplate code stripped out. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #23 from Mark Alexander --- Created attachment 80702 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80702=edit Patch for C4/SIP/Sip/MsgType.pm Attached is patch to C4/SIP/Sip/MsgType.pm that uses a plugin to validate patrons. It requires a plugin_class attribute in the account section of SIPconfig.xml; in my test it looked like this: I will also attach the relevant code from the plugin separately. I have no idea if this is the right approach but it's enough to get our library working with Kanopy. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Mark Alexander changed: What|Removed |Added CC||ma...@pobox.com --- Comment #22 from Mark Alexander --- Our library needs a similar feature, but our use case is more complicated. We use two different services that provide streamed movies and ebooks, respectively. So our patron validation code would look at the client IP address on the SIP2 "patron info" or "patron status" request to determine which of the two services made the request. Then it would use the appropriate criteria for that service to validate the patron, perhaps using a different patron attribute for each service. Right now I've hacked the SIP2 server for this purpose, but it might make more sense for the validation code to be placed in a plugin, to allow it to be customized for each library's special requirements. I'll try working on a patch for this. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Sally Healey changed: What|Removed |Added CC||sally.healey@cheshireshared ||services.gov.uk -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Marcel de Rooychanged: What|Removed |Added CC||colin.campbell@ptfs-europe. ||com Status|Signed Off |Failed QA --- Comment #21 from Marcel de Rooy --- QA Comment: Thanks for adding the test. I am not yet fully comfortable with the code added to MsgType.pm. I would rather have the validation in Patron.pm and just calling $patron->validate_or_something from MsgType. Also the current code needs additional checking. If a patron is already debarred etc, so charge_ok is already 0, we should not set charge_ok to 1 only because the validation attribute is present. Another point (no blocker, but adding to discussion): Is the test attr==1 not too simple? Could we allow something like validate_patron="opendoor=Y" or even two expr like validate_patron="opendoor=Y;categorycode=X" etc.? Could be a future extension.. Copying Coling: Do you have additional feedback ? Changing status -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Marcel de Rooychanged: What|Removed |Added QA Contact|testo...@bugs.koha-communit |m.de.r...@rijksmuseum.nl |y.org | --- Comment #20 from Marcel de Rooy --- QA: Looking here now -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Owen Leonardchanged: What|Removed |Added Attachment #66849|0 |1 is obsolete|| --- Comment #19 from Owen Leonard --- Created attachment 67956 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=67956=edit Bug 16694 - Add tests to t/db_dependent/SIP/Message.t Signed-off-by: Owen Leonard Test passes with no errors -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Owen Leonardchanged: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #18 from Benjamin Rokseth--- (In reply to Marcel de Rooy from comment #16) > (In reply to Benjamin Rokseth from comment #11) > > rebased against master. > > > > Ignoring failing test 'Checkin V2' as it has no bearing on this bug and > > should be resolved in another bug > > The test passes with me btw. Please copy your test results in a comment. Good. May be I have corrupted my DB somehow from testing various tests. Seems there are problems on creating items resensitize(): no item found in object to resensitize at C4/SIP/ILS/Transaction/Checkin.pm line 127. # Failed test 'Check screen msg' # at ./t/db_dependent/SIP/Message.t line 448. # got: '' # expected: '1' new ILS::Item(Kckdb) : No item 'Kckdb'. at C4/SIP/ILS/Item.pm line 80. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Status|Failed QA |Needs Signoff --- Comment #17 from Benjamin Rokseth --- needs another signoff on added tests -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #16 from Marcel de Rooy--- (In reply to Benjamin Rokseth from comment #11) > rebased against master. > > Ignoring failing test 'Checkin V2' as it has no bearing on this bug and > should be resolved in another bug The test passes with me btw. Please copy your test results in a comment. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Attachment #66845|0 |1 is obsolete|| --- Comment #15 from Benjamin Rokseth --- Created attachment 66849 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66849=edit Bug 16694 - Add tests to t/db_dependent/SIP/Message.t -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Attachment #66847|0 |1 is obsolete|| --- Comment #14 from Benjamin Rokseth --- Created attachment 66848 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66848=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee Signed-off-by: Magnus Enger Took me a while to remember I was on a gitified setup and needed to do sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm before I could test properly. Works as expected. I have a Swedish customer running a similar hack in production, so looking forward to getting this into Koha proper. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Attachment #66846|0 |1 is obsolete|| --- Comment #13 from Benjamin Rokseth --- Created attachment 66847 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66847=edit Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests Signed-off-by: Tomas Cohen Arazi Signed-off-by: Lari Taskula -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #12 from Benjamin Rokseth--- Created attachment 66846 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66846=edit Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests Signed-off-by: Tomas Cohen Arazi Signed-off-by: Lari Taskula -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #11 from Benjamin Rokseth--- rebased against master. Ignoring failing test 'Checkin V2' as it has no bearing on this bug and should be resolved in another bug -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Attachment #56579|0 |1 is obsolete|| --- Comment #10 from Benjamin Rokseth --- Created attachment 66845 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66845=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee Signed-off-by: Magnus Enger Took me a while to remember I was on a gitified setup and needed to do sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm before I could test properly. Works as expected. I have a Swedish customer running a similar hack in production, so looking forward to getting this into Koha proper. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #9 from Magnus Enger--- Benjamin: Feel like writing that test? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Jonathan Druartchanged: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=14731 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Marcel de Rooychanged: What|Removed |Added CC||m.de.r...@rijksmuseum.nl Status|Signed Off |Failed QA --- Comment #8 from Marcel de Rooy --- Would be nice to validate this small change with a small test in e.g. t/db_dependent/SIP/Message.t We already have a test there for patron info. Should not be big deal :) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Magnus Engerchanged: What|Removed |Added Attachment #56442|0 |1 is obsolete|| --- Comment #7 from Magnus Enger --- Created attachment 56579 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56579=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee Signed-off-by: Magnus Enger Took me a while to remember I was on a gitified setup and needed to do sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm before I could test properly. Works as expected. I have a Swedish customer running a similar hack in production, so looking forward to getting this into Koha proper. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Magnus Engerchanged: What|Removed |Added Status|Needs Signoff |Signed Off Patch complexity|--- |Small patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Status|Failed QA |Needs Signoff --- Comment #6 from Benjamin Rokseth --- Thx for the followup, Magnus! Actually there was also a logical error in the original code, so I merged in your change. It should work as advertised now. That is, only an borrower attribute value of "1" or an authorised value mapped to "1" will grant access to the patron if the validate_patron_attribute is set to a borrower attribute in the SIPConfig login. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Attachment #56068|0 |1 is obsolete|| --- Comment #5 from Benjamin Rokseth --- Created attachment 56442 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56442=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #4 from Magnus Enger--- I had been working on a patch for this where I did: if ( defined $server->{'account'}->{'patron-attribute'} ) { my $attribute_value = $patron->get_patron_attribute_value($server->{'account'}->{'patron-attribute'}); $patron->{'charge_ok'} = $attribute_value; } -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Magnus Engerchanged: What|Removed |Added Status|Needs Signoff |Failed QA --- Comment #3 from Magnus Enger --- I can't seem to be able to turn "64 " into "64YY", no matter what I set the extended patron attribute is set to. I think this is because the default values for charge_ok and renew_ok are 1, so by only setting them to 1 the patches never changes them. Something like this should work, I think: if ($attr || $attr == "1") { syslog( "LOG_ERR", "attr OK" ); $patron->{charge_ok} = 1; $patron->{renew_ok} = 1; } else { $patron->{charge_ok} = 0; $patron->{renew_ok} = 0; } Otherwise, this looks OK, so it should be an easy fix/followup. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added Attachment #54920|0 |1 is obsolete|| --- Comment #2 from Benjamin Rokseth --- Created attachment 56068 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56068=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 Benjamin Roksethchanged: What|Removed |Added CC||benjamin.roks...@kul.oslo.k ||ommune.no Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694 --- Comment #1 from Benjamin Rokseth--- Created attachment 54920 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54920=edit Bug 16694 - Limit SIP2 auth by patron attribute The main use case of this bug is to use patron attributes to grant special privileges, e.g. to open a door to an unmanned library. This patch adds an extra check against patron attributes if login account in SIPconfig.xml has a key validate_patron_attribute set to some patron attribute. If a patron information request is sent (63), and patron has proper rights in the given attribute: (a value of 1/true or some authorised value mapping to 1) The user will be allowed access (in SIP: charge and/or renewal ok). Otherwise denied. Please note that this is specific to the SIP login account, so self checkout machines can be handled differently than e.g. a door card terminal. To test: 0) you need to debug using telnet or the koha provided sip_client 1) add validate_patron_attribute="testattribute" to some login account in SIPconfig.xml 2) add a patron attribute "testattribute" 3) edit some patron and set "testattribute" to "1" 4) do a sip login with the given login account from SIPconfig.xml 5) do a patron information request (63) on the patron 6) observe that no charge or renewal denied is given in the response (64 ) 7) try all or any of the following: - set patron attribute to anything but "1" - delete the patron attribute - map the patron attribute to an authorized list, e.g. (YES_NO) and set it to a value that doesn't map to "1", e.g. "No". 8) do a patron information request (63) again 9) observe that charge and renewal is now denied in the SIP response (64YY) 10) thank yourself if noone else does and grab a coffee -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/