commit 291c2f103d59fc624842a5917d36326daab35410 Author: Marcel de Rooy Date: Fri Oct 24 13:06:23 2025 +0200 Bug 41094: Fix search_anonymize_candidates, locked_account We should not allow anonymizing patrons with failed login attempts when the pref FailedLoginAttempts has not been set. Test plan: Run the test again from the previous patch. This should pass now. Choose a patron with a positive value (say 55) in borrowers.login_attempts or modify one. (NOTE: This patron will be anonymized in the test plan.) Empty pref value for FailedLoginAttempts. Set PatronAnonymizeDelay to 1. Fill dateexpiry for this patron to yesterday. Run cleanupdatabase.pl -confirm -v and check if the patron was NOT anonymized. * Anonymized 0 patrons Now set FailedLoginAttempts to a value (say 55) so that the patron is considered as locked. (This unrealistic value is for testing only.) MAKE SURE that you will not be anonymizing more patrons than you like in the next step! (Set login_attempts to value < 55 for all other patrons.) Run cleanupdatabase.pl -confirm -v again and check if the patron was anonymized. * Anonymized 1 patrons Restore the changed pref values. Signed-off-by: Marcel de Rooy Signed-off-by: David Nind Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit f4ff248b5ce4de2638d0060a36057d47b033c044 Author: Marcel de Rooy Date: Fri Oct 24 13:06:23 2025 +0200 Bug 41094: Improve test of search_anonymize_candidates/account_locked Test plan: Run the test without applying the follow-up patch. The test should fail. This shows that we need the fix and will help avoid future regressions. Signed-off-by: Marcel de Rooy Signed-off-by: David Nind Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit 343786b40687b443cf875035956898569f628201 Author: Lucas Gass Date: Thu Nov 6 21:25:58 2025 +0000 Bug 41211: Deal with findborrower in holds_table_patron_page function To test: 1. Find a patron, take note of their cardnumber, and place some holds for that patron. I use Ronnie Ballard ( 23529000139858 ) in k-t-d. 2. Scan the patrons cardnumber to bring you directly to their record. The URL for me is KOHA/cgi-bin/koha/circ/circulation.pl?findborrower=23529000139858 3. Go to the patron's "Hold" tab, check at least 1 hold and click "Cancel selected". 4. Nothing happens. Console error: Uncaught ReferenceError: biblionumbers is not defined 5. Try using the red trash can icon to delete the hold. A modal pops up, click "Confirm cancellation". 6. You are redirected to KOHA/cgi-bin/koha/circ/circulation.pl?borrowernumber= 7. IF you go back to the patron record the hold is not cancelled. 8. APPLY PATCH and clear the browser cache. 9. Try again, eveything should work! Signed-off-by: CJ Lynce Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit 644e4af1f6ee9048ebc875daa5291d3059b39b9f Author: Lucas Gass Date: Thu Nov 6 21:43:47 2025 +0000 Bug 41212: Sort debit_types for manual invoice by description To test: 1. Add some debit types that can be manually invoiced. 2. Go to members/maninvoice.pl?borrowernumber=X where X is your borrowernumber 3. In the type dropdown see that the entries are sorted by code not description. 4. APPLY patch and restart_all 5. Try again, now it should sort by code. Signed-off-by: Owen Leonard Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit 29f95187859ab21bb7ca67f48173e4317f5121f0 Author: Lucas Gass Date: Fri Sep 19 17:22:53 2025 +0000 Bug 40843: Sort patron attributes by description To test: 1/ Have several borrower attributes set up so you can see how they sort 2/ Go to Tools > Batch patron modification 3/ Notice the "Patron attribute:: dropdown near the bottom 4/ It is sorted by the attribute code, not the description. 5/ APPLY PATCH and restart_all 6/ Try again, it should sort by the description Signed-off-by: Brendan Lawlor Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit ea00bef8281e29a94d0d98ba4594851849e641f6 Author: Marcel de Rooy Date: Mon Nov 3 10:04:46 2025 +0100 Bug 41168: Remove part "by keyword" from OPAC search bar placeholder Side note: The if test on ms_kw in OPAC masthead seems not to be used, but considering that out of scope here. Test plan: Check the shorter text on OPAC search bar. Toggle SearchMyLibraryFirst and OpacAddMastheadLibraryPulldown. Refresh. Signed-off-by: Marcel de Rooy Signed-off-by: David Nind Signed-off-by: Lisette Scheer Signed-off-by: Lucas Gass commit 4bb7a1371c42421e8fc1ef947ce5da4b65ac1462 Author: Caroline Cyr La Rose Date: Mon Aug 18 09:39:26 2025 -0400 Bug 40664: Serial subscription input missing "Required" labels This patch adds missing "Required" labels next to two mandatory fields in the second page of the new serial subscription form. To test: 1. Go to Serials 2. Click 'New subscription' 3. Enter a biblionumber in the 'Record' field (e.g. 230) 4. Click 'Next' 5. (Click 'OK' to confirm that you are not adding a vendor) --> On the page 'Add a new subscription (2/2)' the fields 'Frequency' and 'Subscription start date' are red to indicate that they are mandatory, but there is no 'Required' note next to them. 6. Apply patch and refresh the page --> It should say 'Required' next to all the mandatory fields (in red) Signed-off-by: David Nind Signed-off-by: Lisette Scheer Signed-off-by: Lucas Gass commit ac7861bbe2b472bd9d0828e3ce7b79038bcd63be Author: Jan Kissig Date: Tue Nov 18 13:39:26 2025 +0000 Bug 40836: (QA follow-up) Reduce params Reduce params given to process method. Signed-off-by: Lucas Gass commit a399374a2dff753a3241ccb2b8a09afae79ac418 Author: Laura Escamilla Date: Fri Nov 7 16:55:10 2025 +0000 Bug 40836: OPAC Type column should show local debit/credit type descriptions To test: 1. create a credit type that can be applied manually 2. create a debit type that can be applied manually 3. apply both a credit and debit to your patron (make sure auto-reconcile is off) 4. look at your patron's account in the staff interface, see values in the "account type" column 5. look at your patron's account in the OPAC, see the "Type" column is blank 6. Apply the patch - restart_all 7. Refresh the patron’s account in the OPAC — clear browser cache if necessary. The Type columns should now be populated. Signed-off-by: CJ Lynce Signed-off-by: Lucas Gass commit 61d44af60062be6bed8f0691703515b964c7caae Author: Tomás Cohen Arazi Date: Tue Nov 18 11:24:46 2025 -0300 Bug 41262: Remove duplicate `logaction` import This patch removes a trivial duplicate import. To test: 1. Apply the patch 2. Run: k$ prove t/db_dependent/Koha/Patron.t => SUCCESS: Tests don't break 3. Sign off :-D Signed-off-by: Tomás Cohen Arazi Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit 03aa616c8ffeefb73e729dca533697c8bbe8aeb6 Author: Pedro Amorim Date: Wed Nov 19 16:12:22 2025 +0000 Bug 37893: (QA follow-up): Fix TestBuilder.t To test, run: prove t/db_dependent/TestBuilder.t Signed-off-by: Lucas Gass commit 0bbd97a4b99c592d59fd49d266bff649ffe39ec2 Author: Pedro Amorim Date: Wed Nov 19 14:50:10 2025 +0000 Bug 37893: (QA follow-up): Fix pod_coverage.t To test: prove -v /kohadevbox/koha/xt/author/pod_coverage.t The changes to Schema files are fixes that were overlooked originally. The 'die' line in C4/SIP/Sip/Configuration.pm is to force the script to die if SIP configuration does not exist, which only happens when running pod_coverage.t The original code (prior to 37893) did not consider the possibiliy of a config_file being invalid or undef, parser->XMLin(config_file) died silently, but because pod_coverage.t skips over files that die, it didn't fail. See bug 41271. Now, with the changes from bug 37893, if a config_file doesnt exist the code falls back to whats in the cache, so it doesn't try to XMLin load an invalid config_file anymore, and fails verbosely. Signed-off-by: Lucas Gass commit 2c3809bbf9d152bb5a2ba905cf827b231bd2d669 Author: Lucas Gass Date: Tue Nov 18 18:16:21 2025 +0000 Bug 37893: (RM follow-up) Adjust db_rev Signed-off-by: Lucas Gass commit 9e40c7caf5b03178c507619aabd01cfe1e11824d Author: Lucas Gass Date: Tue Nov 18 17:36:59 2025 +0000 Bug 37893: DBRev 25.06.00.035 Signed-off-by: Lucas Gass commit f57ea320bd07f886417abc8b1c4023dd8ba50031 Author: Lucas Gass Date: Tue Nov 18 17:35:04 2025 +0000 Bug 37893: Fix http links Signed-off-by: Lucas Gass commit 0aa77814c78f20a80df17bc091444a402dcf282d Author: Pedro Amorim Date: Tue Nov 18 16:53:19 2025 +0000 Bug 37893: (QA follow-up): Fix database inconsistencies: This should pass: perl /kohadevbox/misc4dev/run_tests.pl --instance=kohadev --db-password=password --run-db-compare-only --compare-with=HEAD This is a squash of the following: 1) Fix charset in kohastructure.sql 2) Fix NULL => DEFAULT NULL 3) Reorder tables in kohastructure.sql 4) typos Signed-off-by: Lucas Gass commit 94eab622c7826f285bdcaac83dd97e4a062a3718 Author: Pedro Amorim Date: Tue Nov 18 16:04:43 2025 +0000 Bug 37893: (QA follow-up): Fix xt/api.t Signed-off-by: Lucas Gass commit 8ef32181e7b310fbc91841433dfa6c4cb7f599d6 Author: Pedro Amorim Date: Fri Nov 7 14:06:01 2025 +0000 Bug 37893: (QA follow-up): Update cypress tests Addressing QA lines of feedback has changed the forms. Cypress tests need to be updated accordingly. cypress run --spec t/cypress/integration/SIP2/Accounts.ts --config video=false,screenshotOnRunFailure=false cypress run --spec t/cypress/integration/SIP2/Institutions.ts --config video=false,screenshotOnRunFailure=false cypress run --spec t/cypress/integration/SIP2/SystemPreferenceOverrides.ts --config video=false,screenshotOnRunFailure=false Signed-off-by: Lucas Gass commit 987db4f5ce585f022f86528b090137c9b37ba2ba Author: Pedro Amorim Date: Fri Nov 7 09:45:45 2025 -0100 Bug 37893: (QA follow-up): Add changes to etc/koha-httpd.conf Signed-off-by: Lucas Gass commit 8b5497fd0eceb6ab47053747c0ec29691b8bcc02 Author: Pedro Amorim Date: Fri Nov 7 10:15:39 2025 +0000 Bug 37893: (QA follow-up): Clean-up store code, fix erm => sip2 Signed-off-by: Lucas Gass commit d968e4e77c2b8617b8de96c046b5261ad29782f3 Author: Pedro Amorim Date: Thu Nov 6 15:50:38 2025 -0100 Bug 37893: (QA follow-up): Update SIP2 breadcrumbs to start with Administration Signed-off-by: Lucas Gass commit 73398675509e83a8fb570e8fcca798edc8618d29 Author: Pedro Amorim Date: Fri Nov 7 09:59:18 2025 -0100 Bug 37893: (QA follow-up): Remove nonexistent js-patron-format.inc After bug 40958 Signed-off-by: Lucas Gass commit 5dd9966c8e891b352682f2587149dcc798911e6a Author: Pedro Amorim Date: Thu Nov 6 16:45:00 2025 +0000 Bug 37893: (QA follow-up): Fix sip2 div app container Signed-off-by: Lucas Gass commit 4c4e64dc7af8f194b254d39e43717f27445025bd Author: Pedro Amorim Date: Thu Nov 6 16:41:08 2025 +0000 Bug 37893: (QA follow-up): Add Koha::SIP2::Accounts unit tests Signed-off-by: Lucas Gass commit c24a5b25c56a464c3a25d687c2a8ce0069545e7e Author: Pedro Amorim Date: Thu Nov 6 15:53:05 2025 +0000 Bug 37893: (QA follow-up): Remove file_transports database table This was clearly a mistake due a botched rebase. Signed-off-by: Lucas Gass commit ba9c8d69a31bb3c8ce43037288930f70ae5bd34f Author: Pedro Amorim Date: Fri Nov 7 10:23:25 2025 +0000 Bug 37893: (QA follow-up): Remove uneeded singular form of the module Signed-off-by: Lucas Gass commit dccff42870158cde5c78ed146e7bc3734ac92f35 Author: Pedro Amorim Date: Fri Nov 7 10:54:03 2025 +0000 Bug 37893: (QA follow-up): Add new line to apache-shared-intranet.conf Signed-off-by: Lucas Gass commit 49e51aa3be812bd8e5917a14bfdec56ce295c22c Author: Pedro Amorim Date: Thu Nov 6 14:24:07 2025 +0000 Bug 37893: (QA follow-up): Explicitly set boolean => 0 for tinyints which arent boolean Signed-off-by: Lucas Gass commit cf11f3863dc528c3ec58aaaf37c6f85978ecac45 Author: Pedro Amorim Date: Tue Nov 4 15:48:32 2025 +0000 Bug 37893: (QA follow-up): Insert defaults to database for delimiter and terminator Not considering here encoding here as I'm uncertain from the code if it should utf8 or ascii Signed-off-by: Lucas Gass commit a15bfabf37b9843f17303f2da0b499774799e4a6 Author: Pedro Amorim Date: Tue Nov 4 14:56:28 2025 +0000 Bug 37893: (QA follow-up): Add tooltip for relationshipWidget patron_attributes: code Signed-off-by: Lucas Gass commit 244a0bd22b3156d597a4943819df58a3dea6fed9 Author: Pedro Amorim Date: Tue Nov 4 14:50:36 2025 +0000 Bug 37893: (QA follow-up): Default terminator to CRLF Signed-off-by: Lucas Gass commit 57b92e9237b53c03ee6e2c863e556971ed98d56d Author: Pedro Amorim Date: Tue Nov 4 14:48:44 2025 +0000 Bug 37893: (QA follow-up): Update prevcheckout_block_checkout label and tooltip Signed-off-by: Lucas Gass commit e02fe6da521270778c27b57dd97c7ef48fdb475a Author: Pedro Amorim Date: Tue Nov 4 14:47:05 2025 +0000 Bug 37893: (QA follow-up): Set label for holds_get_captured Signed-off-by: Lucas Gass commit 76fe7446914601bcdec9bfdec64fb542ee381756 Author: Pedro Amorim Date: Tue Nov 4 14:44:33 2025 +0000 Bug 37893: (QA follow-up): Set tooltip for 'Format due date' Signed-off-by: Lucas Gass commit 04542a4ee1b8b537aba1e993f0b9807a8569f0a3 Author: Pedro Amorim Date: Tue Nov 4 14:41:48 2025 +0000 Bug 37893: (QA follow-up): Ensure convert_nonprinting_characters is null if empty string Signed-off-by: Lucas Gass commit 3e4fc7db7edc2f5bf2d22a2103a6c915a99c8a39 Author: Pedro Amorim Date: Tue Nov 4 13:28:19 2025 -0100 Bug 37893: (QA follow-up): Add maxlength to number attributes. Set '3' for SIP2 institutions retires Signed-off-by: Lucas Gass commit 5e76fb103aa5ca592d7bfb7fbbdf21440009b7b8 Author: Pedro Amorim Date: Tue Nov 4 13:21:41 2025 -0100 Bug 37893: (QA follow-up): Default institution policy attributes to true Signed-off-by: Lucas Gass commit f342ae3dd37117c98818e83217cd43135adbc22e Author: Pedro Amorim Date: Tue Nov 4 13:15:46 2025 -0100 Bug 37893: (QA follow-up): Update institution name label Signed-off-by: Lucas Gass commit e94e205419fda966645c1ddd17d9d19505f72f39 Author: Pedro Amorim Date: Thu Oct 30 13:48:58 2025 +0000 Bug 37893: (QA follow-up): Update admin-home module description Signed-off-by: Lucas Gass commit e713c0e5f54f47d41c34d9503a731a7e0356f916 Author: Martin Renvoize Date: Wed Oct 29 16:09:36 2025 +0000 Bug 37893: (QA follow-up): Add tooltip for account Staff userid The userid field for accounts was missing a tooltip; We add one here that clarifies that the userid must match an existing Koha user with appropriate circulation permissions for the sip client. NOTE: A future follow-up should introduce a patron autocomplete or select type input allowing administrators to just search users to add for this field, but such a component doesn't exist in the Vue architecture yet. Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit a0c3d523bccfc6e90eb5ec0f004b40b3d81bd11f Author: Martin Renvoize Date: Fri Oct 24 16:30:51 2025 +0100 Bug 37893: (QA follow-up): Update tooltip for institution Name The institution name tooltip was slightly misleading, we clarify it here. Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit b5f515422aa195777f6bb767f2673be7ec71f233 Author: Martin Renvoize Date: Fri Oct 24 15:49:57 2025 +0100 Bug 37893: (QA follow-up): Update DBIx::Class schema for sip_accounts Remove login_password column from the DBIx::Class schema result class to reflect the database structure changes. This updates the auto-generated schema to match the removal of the login_password column from the sip_accounts table. Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit c1a97af67c16cc67192f71bd93041f9edb8c7624 Author: Martin Renvoize Date: Fri Oct 24 15:49:21 2025 +0100 Bug 37893: (QA follow-up): Remove plaintext password storage from SIP2 This follow-up removes the security vulnerability of storing plaintext passwords in the sip_accounts table. The SIP2 system now relies entirely on Koha's secure password authentication. Changes: - Remove plaintext password comparison from login_core() and telnet_transport() - Remove login_password column from sip_accounts table - Update database schema files and atomic update - Remove password field from API definitions and Vue form - Update all tests to remove login_password references Authentication now works in two stages: 1. Access control: Check if userid exists in sip_accounts (allowlist) 2. Authentication: Validate password against hash in borrowers table This maintains SIP access control while eliminating plaintext password storage. Staff users authenticate with their Koha password (securely hashed). Test plan: 1. Run updated tests to verify they pass 2. Verify SIP2 authentication works with staff user credentials 3. Confirm no plaintext passwords are stored Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit dfd9e08b6ba2da956bea3ab288857df2ee63914e Author: Pedro Amorim Date: Mon Oct 13 12:55:28 2025 +0000 Bug 37893: Add warning notes to obsolete xml file sections Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit e49697234e313ae0f98dcf0c6fe5e0958d80f3a3 Author: Pedro Amorim Date: Mon Oct 13 11:14:41 2025 +0000 Bug 37893: API tests prove t/db_dependent/api/v1/sip2_accounts.t prove t/db_dependent/api/v1/sip2_institutions.t prove t/db_dependent/api/v1/sip2_system_preference_overrides.t Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit b90f7c88ad8a46c92cac12ef5d80934ebfaaf99e Author: Pedro Amorim Date: Mon Oct 13 11:14:54 2025 +0000 Bug 37893: Add sip2 module permission Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit f70d7a54050ad8ee1949ba8a201264969a082f0d Author: Pedro Amorim Date: Fri Oct 10 15:59:12 2025 +0000 Bug 37893: (QA follow-up): Address qa script complaints Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit ab7684ca2b53ad1feb8b56c726d01f6e99b2b165 Author: Pedro Amorim Date: Fri Oct 10 13:31:46 2025 +0000 Bug 37893: Reimplement check for fresh SIP config Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit 75827c831e2c438029ad41ef250ee4a625a7b178 Author: Pedro Amorim Date: Thu Oct 9 15:46:37 2025 +0000 Bug 37893: Remove redundant inheritance Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass commit 3866d8555511df12197d56a420b1195b8a35b981 Author: Pedro Amorim Date: Thu Oct 9 14:57:05 2025 +0000 Bug 37893: (QA follow-up): Nuke server params and listeners from UI Signed-off-by: Andrew Fuerste Henry Signed-off-by: Lisette Scheer Signed-off-by: Martin Renvoize Signed-off-by: Lucas Gass