IRC log for #koha, 2024-02-22

← Previous day | Today | Next day → | Search | Index

All times shown according to UTC.

Time Nick Message
05:28 slef joined #koha
05:51 dcook @later tell Joubu I'm not keen for a SVC API user to use the REST API for CSRF tokens. Also, I think it's fairly common design to get the CSRF token from the response headers of the previous API call, so I think my work on SVC API still stands. But happy to discuss more.
05:51 huginn` dcook: The operation succeeded.
05:51 dcook Not sure about vcirc/set-library.pl. I'll take a quick look. It's something I added recently.
05:58 Joubu: Yeah looks like it's been fixed. I'll update the pad for set-library.pl
05:59 Joubu @later tell lukeg You have an account on jenkins it seems
05:59 huginn` Joubu: The operation succeeded.
05:59 Joubu dcook: I've done a lot for svc scripts already
06:02 slef joined #koha
06:08 Joubu oleonard: ping me when you are around, if you still get the permission problem on .pot files
07:34 reiveune joined #koha
07:34 reiveune hello
07:59 fridolin joined #koha
07:59 fridolin hollow
08:30 paulderscheid[m] morning #koha
08:40 krimsonkharne[m] o/
09:41 Hanz joined #koha
11:25 oleonard joined #koha
11:33 khall joined #koha
11:48 oleonard Hi #koha
12:02 Hi? #koha?
12:09 Joubu Hi! oleonard!
12:13 oleonard :)
12:28 lds joined #koha
12:54 ashimema Hola
12:54 🪄
12:55 * ashimema isn't really here today, just waiting in the queue for Harry Potter Studios with the kids
12:59 magnuse ashimema: yay!
13:00 see if you can find any good perl spells or options?
13:04 krimsonkharne[m] ex-perl-iarmus!
13:09 matts :)
13:12 MarkHofstetter joined #koha
13:13 domm[m] joined #koha
13:13 domm[m] Joubu: hey!
13:14 Joubu o/
13:15 MarkHofstetter ho!
13:17 Joubu domm[m]: I don't think we can use the CSRFBlock middleware, Koha is not a full psgi app
13:17 and we are not using plack sessions
13:17 domm[m] Yeah, but I guess it can be used for inspiration
13:17 Joubu yes, definitelly, I didn't think about that this morning...
13:17 domm[m] But generally I think that a Middleware would be the correct place to handle CSRF
13:18 It runs before the actual request, and can inspect the request env (i.e. headers and params).
13:19 and if some conditions are true, you can just return 400 (or whatever) without ever hitting the actual app
13:19 Joubu domm[m]: I think I am just trying to be too nice :D I wanted to provide the end user with an integrated error on the Koha UI "wrong csrf token" (we have that implemented already)
13:20 but returning a 403 seems a good idea
13:20 domm[m] You can also return some nice HTML
13:20 https://metacpan.org/pod/Plack[…]::PrettyException   :-)
13:21 The problem will be that to render the Koha UI, you'll need the app
13:21 so short-circuiting to an error won't be an option
13:22 BUT: You can also change the downstream URL in the middleware (i.e. to point to an action/cgi that will render the nice error) and then call the app with that rewritten path
13:22 so instead of calling the action the user wanted to call, you can force them to another action (i.e. the error page) if some conditions are true
13:24 Joubu yes, I was stuck this morning trying to empty the "op" parameter, but what you are suggesting seems better. And more things to learn.
13:25 The other idea was to inherit from Plack::Request and adjust the "parameters" env, but it feels so wrong. Without even knowing if it would work at the end.
13:32 domm[m] no, middleware is the correct place
13:32 * domm[m] sent a code block: https://matrix.org/_matrix/med[…]vpImJSTJOBvhumXIs
13:34 domm[m] if you want to change the value of param 'op' you'd need to do that in $env (though I'm not sure how easy that is for POST). in the worst case you would need to create a new $env by copying everything from the old one (without op)
13:34 Joubu yes, it's exactly what I have, but then trying to hack $self->env->{'plack.request.merged'} to empty 'op', until I realized that stupid CGI is not aware of that anyway...
13:36 it didn't work when I tried that
13:38 khall joined #koha
13:40 Dyrcona joined #koha
13:42 Joubu domm[m]: ha, it's working! I was so close! Thanks for helping me on this!
13:48 caroline joined #koha
13:55 marie-luce joined #koha
13:56 domm[m] Joubu: happy to be your rubber duck :-)
14:10 dpk joined #koha
14:17 domm[m] What do I do when bugzilla denies a patch because 413 Request Entity Too Large (via git bz)?
14:18 khall_ joined #koha
14:21 Joubu domm[m]: push to a remote branch
14:25 domm[m] into which repo? I don't have access to git.koha-community.org? So to our github fork?
14:26 0+
14:31 Joubu yes, github or gitlab or whatever
14:31 the git.k-c.org is not meant for that anyway
14:42 cait joined #koha
15:08 krimsonkharne[m] quick question... anybody ever done a patron import with overwriting multiple patron attributes?
15:08 lds_ joined #koha
15:14 Joubu krimsonkharne[m]: "attr_1:foo2,attr_bar:bar"
15:14 I have that somewhere in a lost file. If this is your question.
15:15 krimsonkharne[m] cheers Joubu, exactly what I was looking for
15:15 Joubu++
15:16 Joubu bug 23668
15:16 huginn` 04Bug https://bugs.koha-community.or[…]_bug.cgi?id=23668 enhancement, P5 - low, ---, koha-bugs, NEW , Manual on patron import: Information on syntax for patron attributes
15:20 khall joined #koha
15:23 krimsonkharne[m] on it
15:24 as long as I'm already testing it out, might as well do the doc xD
15:25 aude_c[m] Joubu++
15:25 krimsonkharne++
15:50 PedroAmorim[m] jajm++
15:55 MelissaB joined #koha
15:55 MelissaB Hello. If I need to upgrade Koha, but also find out that Debian is outdated, do I upgrade Debian or Koha first?
16:00 bag joined #koha
16:02 reiveune bye
16:04 bye
16:04 reiveune left #koha
16:07 oleonard MelissaB: I'm not an expert but I think you should export your data out of Koha before the Debian upgrade, then upgrade Koha after Debian. What version of Koha are you upgrading from?
16:16 MelissaB oleonard: im on 21.11, but I do see the latest version runs on Debian 10, so I was actually now thinking to upgrade Koha and then Debian
16:17 im a little scared, but I have done the backups
16:17 oleonard You can always completely reinstall Koha and import your backup if something goes wrong.
16:18 But again, not an expert in these things.
16:18 MelissaB oleonard: true! thanks I feel better
16:18 no problem
18:01 oleonard joined #koha
18:09 lukeg joined #koha
18:14 MelissaB joined #koha
18:14 MelissaB I finally upgraded
18:14 oleonard: thank you
18:14 oleonard: is there a simple way to show all the items in my catalog?
18:15 oleonard I'm not sure if there is a wildcard search you can do in item search?  Either way you could also build an SQL report
18:16 Oh I guess you can submit the item search form without making any selections and get all your items.
18:25 MarkHofstetter joined #koha
18:30 MelissaB thanks oleonard
20:36 JasonGreene[m] might be asking a bit,  can I get someone to "teamviewer" into my desktop and see where I am failing? 👀

← Previous day | Today | Next day → | Search | Index

koha1