subject:"\[Koha\-bugs\] \[Bug 16694\] Limit SIP2 auth by patron attribute"

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2023-09-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Martin Renvoize  changed:

   What|Removed |Added

 CC||k...@bywatersolutions.com,
   ||martin.renvoize@ptfs-europe
   ||.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2023-09-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #35 from Magnus Enger  ---
(In reply to Katrin Fischer from comment #34)
> Hi Magnus, any update on this?

I know there are Swedish libraries that have patched their Kohas to work in the
way that is implemented in this bug (16694), so having these patches in Koha
would be a good thing.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2023-09-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #34 from Katrin Fischer  ---
(In reply to Magnus Enger from comment #33)
> I just discovered that some of my use cases for this bug can be solved by
> the development on bug 17826. If the Meröppet vendor can work with 0/1 in a
> made up SIP2 field, that bug solves the problem. 
> 
> We still need this bug if the vendor only accepts values in field 1 and/or
> two of the patron information response.

Hi Magnus, any update on this?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2021-12-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #33 from Magnus Enger  ---
I just discovered that some of my use cases for this bug can be solved by the
development on bug 17826. If the Meröppet vendor can work with 0/1 in a made up
SIP2 field, that bug solves the problem. 

We still need this bug if the vendor only accepts values in field 1 and/or two
of the patron information response.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2021-12-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #32 from Magnus Enger  ---
It's been a while... Mark: would you object to moving the plugin code to a
separate bug report?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2021-12-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #31 from Magnus Enger  ---
(In reply to Marcel de Rooy from comment #21)
> Also the current code needs additional checking.
> If a patron is already debarred etc, so charge_ok is already 0, we should
> not set charge_ok to 1 only because the validation attribute is present.

Remember that there will be a dedicated Meröppet login, and only that login
will have the extra attribute "validate_patron_attribute". This login will only
be concerned with letting patrons into the building or not, and that will be
governed by the setting of the patron attribute in Koha. The user with this
login will not care about whether the patron is debarred or not, or what
"charge_ok" is really set to. It is the role of librarians (or custom scripts)
to make sure the Meröppet attribute reflects the Meröppet access of the patron.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2020-11-26 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #30 from Mark Alexander  ---
(In reply to Magnus Enger from comment #29)
> Could we pass $patron to the plugin and let the plugin do what it needs to
> it, before returning it? So instead of this (as suggested by Mark):
> 
> $patron = undef unless ( check_patron ( $patron, $server ) );
> 
> we could do this? 
> 
> $patron = check_patron ( $patron, $server );
> 
> And the plugin could return undef or just a changed $patron. 
> 
> I would also suggest a more detailed name for the config-parameter: 
> 
>   
>error-detect="enabled"
> institution="RPL"
> plugin_class="Koha::Plugin::Com::Bloovis::Sip2patron" />
>   
> 
> Maybe something like patron_validation_plugin_class? There could be other
> plugins that do other things in the future.

I like these suggestions. I have made these changes to my plugin and MsgType.pm
on my test setup, and they work as expected.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2020-11-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #29 from Magnus Enger  ---
Hm, I think I agree that a plugin might make sense here. But can we agree on
how to signal that the patron should be denied access? The vendors of "more
open" that I have worked with expect a SIP2 response that has us using this to
set the proper status:

$patron->{'charge_ok'}

Could we pass $patron to the plugin and let the plugin do what it needs to it,
before returning it? So instead of this (as suggested by Mark):

$patron = undef unless ( check_patron ( $patron, $server ) );

we could do this? 

$patron = check_patron ( $patron, $server );

And the plugin could return undef or just a changed $patron. 

I would also suggest a more detailed name for the config-parameter: 

  
  
  

Maybe something like patron_validation_plugin_class? There could be other
plugins that do other things in the future.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2019-08-21 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Andreas Jonsson  changed:

   What|Removed |Added

 CC||andreas.jons...@kreablo.se

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #28 from Mark Alexander  ---
(In reply to Colin Campbell from comment #25)
> patron should not be being set to undef in MsgType - this could result in a
> failed connection. Patron is still supposed to be returned but patron status
> flagged

I am confused by this.  I see that find_patron does sometimes return undef, and
that is tested in build_patron_status, handle_block_patron, handle_patron_info,
and handle_patron_enable.  In those functions, undef seems to indicate an
invalid patron.  So I thought it would be safe to emulate that behavior.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #27 from Magnus Enger  ---
(In reply to Colin Campbell from comment #26)
> I find it a bit concerning that the "more open" functionality is relying on
> as insecure and abusable protocol as sip2. I trust that some additional
> security is added to the connection but it does suggest that things are
> completely open rather than more open

That decision is in the hands of the companies providing the physical "more
open" machinery.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #26 from Colin Campbell  ---
I find it a bit concerning that the "more open" functionality is relying on as
insecure and abusable protocol as sip2. I trust that some additional security
is added to the connection but it does suggest that things are completely open
rather than more open

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #25 from Colin Campbell  ---
patron should not be being set to undef in MsgType - this could result in a
failed connection. Patron is still supposed to be returned but patron status
flagged

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #24 from Mark Alexander  ---
Created attachment 80703
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80703=edit
Relevant code from patron validator plugin

This is my test plugin for validating SIP2 patrons, with the boilerplate code
stripped out.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #23 from Mark Alexander  ---
Created attachment 80702
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=80702=edit
Patch for C4/SIP/Sip/MsgType.pm

Attached is patch to C4/SIP/Sip/MsgType.pm that uses a plugin to
validate patrons.  It requires a plugin_class attribute in the account
section of SIPconfig.xml; in my test it looked like this:

  
  
  

I will also attach the relevant code from the plugin separately.

I have no idea if this is the right approach but it's enough to get our library
working with Kanopy.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-16 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Mark Alexander  changed:

   What|Removed |Added

 CC||ma...@pobox.com

--- Comment #22 from Mark Alexander  ---
Our library needs a similar feature, but our use case is more complicated.

We use two different services that provide streamed movies and ebooks,
respectively.  So our patron validation code would look at the client IP
address on the SIP2 "patron info" or "patron status" request to determine which
of the two services made the request.  Then it would use the appropriate
criteria for that service to validate the patron, perhaps using a different
patron attribute for each service.

Right now I've hacked the SIP2 server for this purpose, but it might make more
sense for the validation code to be placed in a plugin, to allow it to be
customized for each library's special requirements.  I'll try working on a
patch for this.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2018-10-16 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Sally Healey  changed:

   What|Removed |Added

 CC||sally.healey@cheshireshared
   ||services.gov.uk

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-10-13 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Marcel de Rooy  changed:

   What|Removed |Added

 CC||colin.campbell@ptfs-europe.
   ||com
 Status|Signed Off  |Failed QA

--- Comment #21 from Marcel de Rooy  ---
QA Comment:
Thanks for adding the test.
I am not yet fully comfortable with the code added to MsgType.pm. I would
rather have the validation in Patron.pm and just calling
$patron->validate_or_something from MsgType.

Also the current code needs additional checking.
If a patron is already debarred etc, so charge_ok is already 0, we should not
set charge_ok to 1 only because the validation attribute is present.

Another point (no blocker, but adding to discussion): Is the test attr==1 not
too simple? Could we allow something like validate_patron="opendoor=Y" or even
two expr like validate_patron="opendoor=Y;categorycode=X" etc.? Could be a
future extension..

Copying Coling: Do you have additional feedback ?

Changing status

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-10-13 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Marcel de Rooy  changed:

   What|Removed |Added

 QA Contact|testo...@bugs.koha-communit |m.de.r...@rijksmuseum.nl
   |y.org   |

--- Comment #20 from Marcel de Rooy  ---
QA: Looking here now

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-10-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Owen Leonard  changed:

   What|Removed |Added

  Attachment #66849|0   |1
is obsolete||

--- Comment #19 from Owen Leonard  ---
Created attachment 67956
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=67956=edit
Bug 16694 - Add tests to t/db_dependent/SIP/Message.t

Signed-off-by: Owen Leonard 

Test passes with no errors

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-10-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Owen Leonard  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #18 from Benjamin Rokseth  ---
(In reply to Marcel de Rooy from comment #16)
> (In reply to Benjamin Rokseth from comment #11)
> > rebased against master.
> > 
> > Ignoring failing test 'Checkin V2' as it has no bearing on this bug and
> > should be resolved in another bug
> 
> The test passes with me btw. Please copy your test results in a comment.

Good. May be I have corrupted my DB somehow from testing various tests.
Seems there are problems on creating items

  resensitize(): no item found in object to resensitize at 
  C4/SIP/ILS/Transaction/Checkin.pm line 127.

#   Failed test 'Check screen msg'
#   at ./t/db_dependent/SIP/Message.t line 448.
#  got: ''
# expected: '1'
  new ILS::Item(Kckdb) : No item 'Kckdb'. at C4/SIP/ILS/Item.pm line 80.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

 Status|Failed QA   |Needs Signoff

--- Comment #17 from Benjamin Rokseth  ---
needs another signoff on added tests

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #16 from Marcel de Rooy  ---
(In reply to Benjamin Rokseth from comment #11)
> rebased against master.
> 
> Ignoring failing test 'Checkin V2' as it has no bearing on this bug and
> should be resolved in another bug

The test passes with me btw. Please copy your test results in a comment.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #66845|0   |1
is obsolete||

--- Comment #15 from Benjamin Rokseth  ---
Created attachment 66849
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66849=edit
Bug 16694 - Add tests to t/db_dependent/SIP/Message.t

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #66847|0   |1
is obsolete||

--- Comment #14 from Benjamin Rokseth  ---
Created attachment 66848
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66848=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

Signed-off-by: Magnus Enger 
Took me a while to remember I was on a gitified setup and needed to do
sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm
before I could test properly. Works as expected. I have a Swedish customer
running a similar hack in production, so looking forward to getting this
into Koha proper.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #66846|0   |1
is obsolete||

--- Comment #13 from Benjamin Rokseth  ---
Created attachment 66847
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66847=edit
Bug 18137: (QA followup) Make sure the session exists and is expired on
expiration tests

Signed-off-by: Tomas Cohen Arazi 

Signed-off-by: Lari Taskula 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #12 from Benjamin Rokseth  ---
Created attachment 66846
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66846=edit
Bug 18137: (QA followup) Make sure the session exists and is expired on
expiration tests

Signed-off-by: Tomas Cohen Arazi 

Signed-off-by: Lari Taskula 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #11 from Benjamin Rokseth  ---
rebased against master.

Ignoring failing test 'Checkin V2' as it has no bearing on this bug and should
be resolved in another bug

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-09-05 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #56579|0   |1
is obsolete||

--- Comment #10 from Benjamin Rokseth  ---
Created attachment 66845
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=66845=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

Signed-off-by: Magnus Enger 
Took me a while to remember I was on a gitified setup and needed to do
sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm
before I could test properly. Works as expected. I have a Swedish customer
running a similar hack in production, so looking forward to getting this
into Koha proper.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-04-20 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #9 from Magnus Enger  ---
Benjamin: Feel like writing that test?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-04-20 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Jonathan Druart  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=14731

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2017-01-27 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Marcel de Rooy  changed:

   What|Removed |Added

 CC||m.de.r...@rijksmuseum.nl
 Status|Signed Off  |Failed QA

--- Comment #8 from Marcel de Rooy  ---
Would be nice to validate this small change with a small test in e.g.
t/db_dependent/SIP/Message.t
We already have a test there for patron info.
Should not be big deal :)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Magnus Enger  changed:

   What|Removed |Added

  Attachment #56442|0   |1
is obsolete||

--- Comment #7 from Magnus Enger  ---
Created attachment 56579
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56579=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

Signed-off-by: Magnus Enger 
Took me a while to remember I was on a gitified setup and needed to do
sudo cp C4/SIP/Sip/MsgType.pm /usr/share/koha/lib/C4/SIP/Sip/MsgType.pm
before I could test properly. Works as expected. I have a Swedish customer
running a similar hack in production, so looking forward to getting this
into Koha proper.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-17 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Magnus Enger  changed:

   What|Removed |Added

 Status|Needs Signoff   |Signed Off
   Patch complexity|--- |Small patch

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-13 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

 Status|Failed QA   |Needs Signoff

--- Comment #6 from Benjamin Rokseth  ---
Thx for the followup, Magnus! Actually there was also a logical error in the
original code, so I merged in your change. It should work as advertised now.

That is, only an borrower attribute value of "1" or an authorised value mapped
to "1" will grant access to the patron if the validate_patron_attribute is set
to a borrower attribute in the SIPConfig login.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-13 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #56068|0   |1
is obsolete||

--- Comment #5 from Benjamin Rokseth  ---
Created attachment 56442
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56442=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #4 from Magnus Enger  ---
I had been working on a patch for this where I did:

if ( defined $server->{'account'}->{'patron-attribute'} ) {
my $attribute_value =
$patron->get_patron_attribute_value($server->{'account'}->{'patron-attribute'});
$patron->{'charge_ok'} = $attribute_value;
}

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Magnus Enger  changed:

   What|Removed |Added

 Status|Needs Signoff   |Failed QA

--- Comment #3 from Magnus Enger  ---
I can't seem to be able to turn "64  " into "64YY", no matter what I set the
extended patron attribute is set to. I think this is because the default values
for charge_ok and renew_ok are 1, so by only setting them to 1 the patches
never changes them. Something like this should work, I think:

if ($attr || $attr == "1") {
syslog( "LOG_ERR", "attr OK" );
$patron->{charge_ok} = 1; 
$patron->{renew_ok} = 1; 
} else {
$patron->{charge_ok} = 0; 
$patron->{renew_ok} = 0; 
}

Otherwise, this looks OK, so it should be an easy fix/followup.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-10-06 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

  Attachment #54920|0   |1
is obsolete||

--- Comment #2 from Benjamin Rokseth  ---
Created attachment 56068
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=56068=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-08-26 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

Benjamin Rokseth  changed:

   What|Removed |Added

 CC||benjamin.roks...@kul.oslo.k
   ||ommune.no
 Status|NEW |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16694] Limit SIP2 auth by patron attribute

2016-08-26 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16694

--- Comment #1 from Benjamin Rokseth  ---
Created attachment 54920
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54920=edit
Bug 16694 - Limit SIP2 auth by patron attribute

The main use case of this bug is to use patron attributes to grant special
privileges, e.g. to open a door to an unmanned library.

This patch adds an extra check against patron attributes if login account
in SIPconfig.xml has a key validate_patron_attribute set to some patron
attribute.

If a patron information request is sent (63), and patron has proper rights in
the
given attribute: (a value of 1/true or some authorised value mapping to 1)
The user will be allowed access (in SIP: charge and/or renewal ok).
Otherwise denied.

Please note that this is specific to the SIP login account, so self checkout
machines can be handled differently than e.g. a door card terminal.

To test:
0) you need to debug using telnet or the koha provided sip_client
1) add validate_patron_attribute="testattribute" to some login account in
SIPconfig.xml
2) add a patron attribute "testattribute"
3) edit some patron and set "testattribute" to "1"
4) do a sip login with the given login account from SIPconfig.xml
5) do a patron information request (63) on the patron
6) observe that no charge or renewal denied is given in the response (64  )
7) try all or any of the following:
 - set patron attribute to anything but "1"
 - delete the patron attribute
 - map the patron attribute to an authorized list, e.g. (YES_NO) and
   set it to a value that doesn't map to "1", e.g. "No".
8) do a patron information request (63) again
9) observe that charge and renewal is now denied in the SIP response (64YY)
10) thank yourself if noone else does and grab a coffee

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

42 matches

Mail list logo