Bug 12367 - Import patrons still says "MD5 hash"

The password hashing algorithm was changed in Bug 9611,
but on Tools > Import patrons, in the text on the right
hand side, it still says:

"'password' should be stored in plaintext, and will be
converted to a MD5 hash"

This has no practical effect, of course, but to someone
evaluating Koha it might give the false impression that
password security is lower than it really is.

To test:
- Look at Tools > Import patrons and verify that it says
  "a MD5 hash"
- Also look at the help page and see the same text
- Apply the patch
- Check that both the tool and the help now says
  "a Bcrypt hash"

I'll do a patch for the docs too.

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt
index e6641fd..73f0bc1 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt
@@ -10,7 +10,7 @@
 
 <blockquote>borrowernumber, cardnumber, surname, firstname, title, othernames, initials, streetnumber, streettype, address, address2, city, zipcode, country, email, phone, mobile, fax, emailpro, phonepro, B_streetnumber, B_streettype, B_address, B_address2, B_city, B_zipcode, B_country, B_email, B_phone, dateofbirth, branchcode, categorycode, dateenrolled, dateexpiry, gonenoaddress, lost, debarred, contactname, contactfirstname, contacttitle, guarantorid, borrowernotes, relationship, ethnicity, ethnotes, sex, password, flags, userid, opacnote, contactnote, sort1, sort2, altcontactfirstname, altcontactsurname, altcontactaddress1, altcontactaddress2, altcontactaddress3, altcontactzipcode, altcontactcountry, altcontactphone, smsalertnumber, patron_attributes</blockquote>
 
-<p style="color: #990000;">Important: The 'password' value should be stored in plain text, and will be converted to a md5 hash (which is an encrypted version of the password).</p>
+<p style="color: #990000;">Important: The 'password' value should be stored in plain text, and will be converted to a Bcrypt hash (which is an encrypted version of the password).</p>
 
 <ul>
     <li>If your passwords are already encrypted, talk to your systems administrator about options</li>

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt
index 894dc2a..40410f8 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt
@@ -158,7 +158,7 @@
 </li>
 [% END %]
 <li>The fields 'branchcode' and 'categorycode' are <b>required</b> and <b>must match</b> valid entries in your database.</li>
-<li>'password' should be stored in plaintext, and will be converted to a MD5 hash (if your passwords are already encrypted, talk to your system administrator about options).</li>
+<li>'password' should be stored in plaintext, and will be converted to a Bcrypt hash (if your passwords are already encrypted, talk to your system administrator about options).</li>
 <li>Date formats should match your system preference, and <b>must</b> be zero-padded, e.g. '01/02/2008'.  Alternatively,
 you can supply dates in ISO format (e.g., '2010-10-28').
 </li>