subject:"\[Koha\-bugs\] \[Bug 16929\] Prevent opac\-memberentry waiting for random chars"

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2017-01-31 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #32 from Mason James  ---
Pushed to 16.05.x, for 16.05.09 release

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2017-01-30 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Mason James  changed:

   What|Removed |Added

 Blocks||17905

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2017-01-24 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Mason James  changed:

   What|Removed |Added

 CC||m...@kohaaloha.com

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

 Blocks||17109


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17109
[Bug 17109] sendbasket: Remove second authentication, add CSRF token
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-11 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Mirko Tietgen  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=17084

--- Comment #31 from Mirko Tietgen  ---
The corresponding control file update is at bug 17084:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17084#c1

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-10 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Kyle M Hall  changed:

   What|Removed |Added

 Status|Passed QA   |Pushed to Master
 CC||k...@bywatersolutions.com

--- Comment #30 from Kyle M Hall  ---
Pushed to master for 16.11, thanks Marcel!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

 Blocks||17097

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

 Blocks||17096

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #29 from Marcel de Rooy  ---
Rebased last patch for Dependencies.pm (trivial)

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-09 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

  Attachment #54154|0   |1
is obsolete||

--- Comment #28 from Marcel de Rooy  ---
Created attachment 54216
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54216=edit
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy 

Signed-off-by: Marc 

Signed-off-by: Jonathan Druart 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

 Status|Signed Off  |Passed QA

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

  Attachment #54144|0   |1
is obsolete||

--- Comment #26 from Jonathan Druart  
---
Created attachment 54153
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54153=edit
Bug 16929: [QA Follow-up] Shortcut methods and use statements

Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy 

Signed-off-by: Marc 

Signed-off-by: Jonathan Druart 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

  Attachment #54143|0   |1
is obsolete||

--- Comment #25 from Jonathan Druart  
---
Created attachment 54152
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54152=edit
Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy 
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc 

Signed-off-by: Jonathan Druart 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

  Attachment #54151|0   |1
is obsolete||

--- Comment #27 from Jonathan Druart  
---
Created attachment 54154
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54154=edit
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy 

Signed-off-by: Marc 

Signed-off-by: Jonathan Druart 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #24 from Mirko Tietgen  ---
(In reply to Jonathan Druart from comment #21)
> Marcel, why did you choose 0.29? 0.28 is packaged for jessie.
> 
> I also think that we need to fill debian/control for new deps.
> Mirko, could you confirm that you expect from devs to update it?


In theory, yes. but since the file is supposed to be generated, not edited
manually, and it will clash with other bugs with dependencies, I think it's
easier if I do it once something got pushed. I'm working on automating that.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

 Status|Failed QA   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

  Attachment #54145|0   |1
is obsolete||

--- Comment #23 from Marcel de Rooy  ---
Created attachment 54151
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54151=edit
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy 

Signed-off-by: Marc 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #22 from Marcel de Rooy  ---
(In reply to Jonathan Druart from comment #21)
> Marcel, why did you choose 0.29? 0.28 is packaged for jessie.
> 
> I also think that we need to fill debian/control for new deps.
> Mirko, could you confirm that you expect from devs to update it?

I would say that the PM edits debian/control, not individual devs ..

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

 Status|Signed Off  |Failed QA

--- Comment #21 from Jonathan Druart  
---
Marcel, why did you choose 0.29? 0.28 is packaged for jessie.

I also think that we need to fill debian/control for new deps.
Mirko, could you confirm that you expect from devs to update it?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marc Véron  changed:

   What|Removed |Added

 CC||ve...@veron.ch
 Status|Needs Signoff   |Signed Off

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marc Véron  changed:

   What|Removed |Added

  Attachment #54142|0   |1
is obsolete||

--- Comment #20 from Marc Véron  ---
Created attachment 54145
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54145=edit
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy 

Signed-off-by: Marc 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marc Véron  changed:

   What|Removed |Added

  Attachment #54141|0   |1
is obsolete||

--- Comment #19 from Marc Véron  ---
Created attachment 54144
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54144=edit
Bug 16929: [QA Follow-up] Shortcut methods and use statements

Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy 

Signed-off-by: Marc 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marc Véron  changed:

   What|Removed |Added

  Attachment #54140|0   |1
is obsolete||

--- Comment #18 from Marc Véron  ---
Created attachment 54143
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54143=edit
Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy 
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #17 from Marcel de Rooy  ---
Rebased for opac-memberentry and Dependencies.pm

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

  Attachment #53552|0   |1
is obsolete||

--- Comment #15 from Marcel de Rooy  ---
Created attachment 54141
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54141=edit
Bug 16929: [QA Follow-up] Shortcut methods and use statements

Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

  Attachment #53809|0   |1
is obsolete||

--- Comment #16 from Marcel de Rooy  ---
Created attachment 54142
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54142=edit
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-08-08 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

  Attachment #53487|0   |1
is obsolete||

--- Comment #14 from Marcel de Rooy  ---
Created attachment 54140
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=54140=edit
Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy 
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-29 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Mirko Tietgen  changed:

   What|Removed |Added

   Keywords|nowheezy|

--- Comment #13 from Mirko Tietgen  ---
libbytes-random-secure-perl is in the Koha stable and olstable repositories
now.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-29 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #12 from Mirko Tietgen  ---
> It actually came with WWW::CSRF. It loads Bytes::Random::Secure. Is there a
> package for that one?

If it is used directly, I think it should be in PerlDependencies.

There is no package for WWW:CSRF in Wheezy. I created packages for it and
dependencies for the unstable branch for bug 16591.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16591#c7
I did not get any feedback regarding Wheezy so far and did not have time to try
it myself, so I have not added them to oldstable yet. 


> Will add a follow-up for B::R::S

Thanks!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-29 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #11 from Marcel de Rooy  ---
Created attachment 53809
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53809=edit
Bug 16929: [QA Follow-up] Add dependency for Bytes::Random::Secure

Signed-off-by: Marcel de Rooy 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-29 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #10 from Marcel de Rooy  ---
(In reply to Mirko Tietgen from comment #9)
> Bytes::Random::Secure should be added to PerlDependencies.pm.
> 
> libbytes-random-secure-perl is not available for Debian Wheezy.

It actually came with WWW::CSRF. It loads Bytes::Random::Secure. Is there a
package for that one?

Will add a follow-up for B::R::S

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-29 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Mirko Tietgen  changed:

   What|Removed |Added

   Keywords||dependency, nowheezy
 CC||mi...@abunchofthings.net

--- Comment #9 from Mirko Tietgen  ---
Bytes::Random::Secure should be added to PerlDependencies.pm.

libbytes-random-secure-perl is not available for Debian Wheezy.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

 Blocks||16993

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-28 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Jonathan Druart  changed:

   What|Removed |Added

 Blocks||16992

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-22 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=16960

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-21 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #8 from Marcel de Rooy  ---
Created attachment 53552
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53552=edit
Bug 16929: [QA Follow-up] Shortcut methods and use statements

Resolves the following comments:

I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

Signed-off-by: Marcel de Rooy 

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-20 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #7 from Jonathan Druart  
---
(In reply to Marcel de Rooy from comment #6)
> The require is just performance: no need to load it for general use.

It's not recommended. For instance if the module is missing of buggy, we want
to know it at the compilation step.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-20 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #6 from Marcel de Rooy  ---
(In reply to Jonathan Druart from comment #5)
> I'd prefer to see a generate_csrf method than a CSRF flag.
> It'd be better to use instead of require the 2 modules.

Well, we could add generate_csrf of course. The flag on itself is kind of a
shortcut for type => $type.
The require is just performance: no need to load it for general use.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-20 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #5 from Jonathan Druart  
---
I'd prefer to see a generate_csrf method than a CSRF flag.
It'd be better to use instead of require the 2 modules.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #4 from Marcel de Rooy  ---
Latest patch always uses Bytes::Random::Secure and does not eval/alarm as in
the concept. Includes a test.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org,
   ||ro...@kallisti.net.nz

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=16591

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

  Attachment #53418|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

   Patch complexity|--- |Small patch
 Status|ASSIGNED|Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

--- Comment #3 from Marcel de Rooy  ---
Created attachment 53487
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=53487=edit
Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy 
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 16929] Prevent opac-memberentry waiting for random chars

2016-07-19 Thread bugzilla-daemon

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=16929

Marcel de Rooy  changed:

   What|Removed |Added

Summary|Wrapper around CSRF call?   |Prevent opac-memberentry
   ||waiting for random chars

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

46 matches

Mail list logo