Time  Nick             Message
05:51 dcook            @later tell Joubu I'm not keen for a SVC API user to use the REST API for CSRF tokens. Also, I think it's fairly common design to get the CSRF token from the response headers of the previous API call, so I think my work on SVC API still stands. But happy to discuss more.
05:51 huginn`          dcook: The operation succeeded.
05:51 dcook            Not sure about vcirc/set-library.pl. I'll take a quick look. It's something I added recently.
05:58 dcook            Joubu: Yeah looks like it's been fixed. I'll update the pad for set-library.pl
05:59 Joubu            @later tell lukeg You have an account on jenkins it seems
05:59 huginn`          Joubu: The operation succeeded.
05:59 Joubu            dcook: I've done a lot for svc scripts already
06:08 Joubu            oleonard: ping me when you are around, if you still get the permission problem on .pot files
07:34 reiveune         hello
07:59 fridolin         hollow
08:30 paulderscheid[m] morning #koha
08:40 krimsonkharne[m] o/
11:48 oleonard         Hi #koha
12:02 oleonard         Hi? #koha?
12:09 Joubu            Hi! oleonard!
12:13 oleonard         :)
12:54 ashimema         Hola
12:54 ashimema         🪄
12:55 * ashimema       isn't really here today, just waiting in the queue for Harry Potter Studios with the kids
12:59 magnuse          ashimema: yay!
13:00 magnuse          see if you can find any good perl spells or options?
13:04 krimsonkharne[m] ex-perl-iarmus!
13:09 matts            :)
13:13 domm[m]          Joubu: hey!
13:14 Joubu            o/
13:15 MarkHofstetter   ho!
13:17 Joubu            domm[m]: I don't think we can use the CSRFBlock middleware, Koha is not a full psgi app
13:17 Joubu            and we are not using plack sessions
13:17 domm[m]          Yeah, but I guess it can be used for inspiration
13:17 Joubu            yes, definitelly, I didn't think about that this morning...
13:17 domm[m]          But generally I think that a Middleware would be the correct place to handle CSRF
13:18 domm[m]          It runs before the actual request, and can inspect the request env (i.e. headers and params).
13:19 domm[m]          and if some conditions are true, you can just return 400 (or whatever) without ever hitting the actual app
13:19 Joubu            domm[m]: I think I am just trying to be too nice :D I wanted to provide the end user with an integrated error on the Koha UI "wrong csrf token" (we have that implemented already)
13:20 Joubu            but returning a 403 seems a good idea
13:20 domm[m]          You can also return some nice HTML
13:20 domm[m]          https://metacpan.org/pod/Plack::Middleware::PrettyException   :-)
13:21 domm[m]          The problem will be that to render the Koha UI, you'll need the app
13:21 domm[m]          so short-circuiting to an error won't be an option
13:22 domm[m]          BUT: You can also change the downstream URL in the middleware (i.e. to point to an action/cgi that will render the nice error) and then call the app with that rewritten path
13:22 domm[m]          so instead of calling the action the user wanted to call, you can force them to another action (i.e. the error page) if some conditions are true
13:24 Joubu            yes, I was stuck this morning trying to empty the "op" parameter, but what you are suggesting seems better. And more things to learn.
13:25 Joubu            The other idea was to inherit from Plack::Request and adjust the "parameters" env, but it feels so wrong. Without even knowing if it would work at the end.
13:32 domm[m]          no, middleware is the correct place
13:32 * domm[m]        sent a code block: https://matrix.org/_matrix/media/v3/download/matrix.org/jbVkrBGvpImJSTJOBvhumXIs
13:34 domm[m]          if you want to change the value of param 'op' you'd need to do that in $env (though I'm not sure how easy that is for POST). in the worst case you would need to create a new $env by copying everything from the old one (without op)
13:34 Joubu            yes, it's exactly what I have, but then trying to hack $self->env->{'plack.request.merged'} to empty 'op', until I realized that stupid CGI is not aware of that anyway...
13:36 Joubu            it didn't work when I tried that
13:42 Joubu            domm[m]: ha, it's working! I was so close! Thanks for helping me on this!
13:56 domm[m]          Joubu: happy to be your rubber duck :-)
14:17 domm[m]          What do I do when bugzilla denies a patch because 413 Request Entity Too Large (via git bz)?
14:21 Joubu            domm[m]: push to a remote branch
14:25 domm[m]          into which repo? I don't have access to git.koha-community.org? So to our github fork?
14:26 domm[m]          0+
14:31 Joubu            yes, github or gitlab or whatever
14:31 Joubu            the git.k-c.org is not meant for that anyway
15:08 krimsonkharne[m] quick question... anybody ever done a patron import with overwriting multiple patron attributes?
15:14 Joubu            krimsonkharne[m]: "attr_1:foo2,attr_bar:bar"
15:14 Joubu            I have that somewhere in a lost file. If this is your question.
15:15 krimsonkharne[m] cheers Joubu, exactly what I was looking for
15:15 krimsonkharne[m] Joubu++
15:16 Joubu            bug 23668
15:16 huginn`          04Bug https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23668 enhancement, P5 - low, ---, koha-bugs, NEW , Manual on patron import: Information on syntax for patron attributes
15:23 krimsonkharne[m] on it
15:24 krimsonkharne[m] as long as I'm already testing it out, might as well do the doc xD
15:25 aude_c[m]        Joubu++
15:25 aude_c[m]        krimsonkharne++
15:50 PedroAmorim[m]   jajm++
15:55 MelissaB         Hello. If I need to upgrade Koha, but also find out that Debian is outdated, do I upgrade Debian or Koha first?
16:02 reiveune         bye
16:04 reiveune         bye
16:07 oleonard         MelissaB: I'm not an expert but I think you should export your data out of Koha before the Debian upgrade, then upgrade Koha after Debian. What version of Koha are you upgrading from?
16:16 MelissaB         oleonard: im on 21.11, but I do see the latest version runs on Debian 10, so I was actually now thinking to upgrade Koha and then Debian
16:17 MelissaB         im a little scared, but I have done the backups
16:17 oleonard         You can always completely reinstall Koha and import your backup if something goes wrong.
16:18 oleonard         But again, not an expert in these things.
16:18 MelissaB         oleonard: true! thanks I feel better
16:18 MelissaB         no problem
18:14 MelissaB         I finally upgraded
18:14 MelissaB         oleonard: thank you
18:14 MelissaB         oleonard: is there a simple way to show all the items in my catalog?
18:15 oleonard         I'm not sure if there is a wildcard search you can do in item search?  Either way you could also build an SQL report
18:16 oleonard         Oh I guess you can submit the item search form without making any selections and get all your items.
18:30 MelissaB         thanks oleonard
20:36 JasonGreene[m]   might be asking a bit,  can I get someone to "teamviewer" into my desktop and see where I am failing? 👀