[jira] [Commented] (FINERACT-834) Minor quick win: Please raise very small PR documenting Swagger use on README
[ https://issues.apache.org/jira/browse/FINERACT-834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17201797#comment-17201797 ] Manthan Surkar commented on FINERACT-834: - [~vorburger] Did you check this? https://github.com/apache/fineract#swagger-ui-documentation My bad, I forgot to properly update the issue. +1 on adding the demo link in the online demo videos section as well. > Minor quick win: Please raise very small PR documenting Swagger use on README > - > > Key: FINERACT-834 > URL: https://issues.apache.org/jira/browse/FINERACT-834 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Trivial > > Based on some of the discussion in > https://github.com/apache/fineract/pull/629 (which got superseded by > https://github.com/apache/fineract/pull/695), I think it would be very useful > to have a short line (or a or two paragraph, max) in > https://github.com/apache/fineract/blob/develop/README.md#apache-fineract-platform-api > which simply explains how one actually may currently use the Swagger UI, as > it currently is. > I will just be completely honest and admit that personally I do not actually > know how! ;-) Is there a special URL one has to access? Does one need to > locally install anything? > [~kangbreder] would you like to do this? Please do raise 1 small PR with ONLY > this README change. > [~awasum] [~sanyam] ([~sanyam96] ?) FYI -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINERACT-1160) Integration tests for loanStatus Parameter
Manthan Surkar created FINERACT-1160: Summary: Integration tests for loanStatus Parameter Key: FINERACT-1160 URL: https://issues.apache.org/jira/browse/FINERACT-1160 Project: Apache Fineract Issue Type: Test Reporter: Manthan Surkar Assignee: Manthan Surkar The parameter was added in https://github.com/apache/fineract/pull/1251 Write the integration tests to cover its use -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1156) SQL injection error with Run Reports
[
https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar reassigned FINERACT-1156:
Assignee: Manthan Surkar
> SQL injection error with Run Reports
>
>
> Key: FINERACT-1156
> URL: https://issues.apache.org/jira/browse/FINERACT-1156
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Manthan Surkar
>Assignee: Manthan Surkar
>Priority: Major
> Attachments: screenshot-1.png
>
>
> As reported by Matt
> He faced the SQL injection error while trying to run reports for Active Loans
> (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced
> this issue, this turns out to be a problem with the regex that was designed
> to accept the report names.
> !screenshot-1.png!
> Unrelated:
> This module has a lot of SQL string concatenation and a good place to use our
> SQLbuilder module ( I will take this)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-1155) NPE at AddressWritePlatformServiceImpl.addNewClientAddress()
[
https://issues.apache.org/jira/browse/FINERACT-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar reassigned FINERACT-1155:
Assignee: Manthan Surkar
> NPE at AddressWritePlatformServiceImpl.addNewClientAddress()
>
>
> Key: FINERACT-1155
> URL: https://issues.apache.org/jira/browse/FINERACT-1155
> Project: Apache Fineract
> Issue Type: Bug
> Components: Client
>Affects Versions: 1.4.0
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Blocker
> Labels: beginner
> Fix For: 1.5.0
>
>
> See FINERACT-932 for general background, and fix this problem:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.portfolio.address.service.AddressWritePlatformServiceImpl.addNewClientAddress
> (AddressWritePlatformServiceImpl.java:136)
> at
> org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl.createClient
> (ClientWritePlatformServiceJpaRepositoryImpl.java:329)
> at
> org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl$$FastClassBySpringCGLIB$$71ca1b7f.invoke
> ()
> at org.springframework.cglib.proxy.MethodProxy.invoke
> (MethodProxy.java:218)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint
> (CglibAopProxy.java:771)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction
> (TransactionAspectSupport.java:366)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke
> (TransactionInterceptor.java:118)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept
> (CglibAopProxy.java:691)
> at
> org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl$$EnhancerBySpringCGLIB$$f240e1f6.createClient
> ()
> at
> org.apache.fineract.portfolio.client.handler.CreateClientCommandHandler.processCommand
> (CreateClientCommandHandler.java:45)
> at
> org.apache.fineract.portfolio.client.handler.CreateClientCommandHandler$$FastClassBySpringCGLIB$$6bce1ca9.invoke
> ()
> at org.springframework.cglib.proxy.MethodProxy.invoke
> (MethodProxy.java:218)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint
> (CglibAopProxy.java:771)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction
> (TransactionAspectSupport.java:366)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke
> (TransactionInterceptor.java:118)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept
> (CglibAopProxy.java:691)
> at
> org.apache.fineract.portfolio.client.handler.CreateClientCommandHandler$$EnhancerBySpringCGLIB$$15d9efb4.processCommand
> ()
> at
> org.apache.fineract.commands.service.SynchronousCommandProcessingService.processAndLogCommand
> (SynchronousCommandProcessingService.java:82)
> at
> org.apache.fineract.commands.service.SynchronousCommandProcessingService$$FastClassBySpringCGLIB$$ec92d53f.invoke
> ()
> at org.springframework.cglib.proxy.MethodProxy.invoke
> (MethodProxy.java:218)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint
> (CglibAopProxy.java:771)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
>
[jira] [Updated] (FINERACT-1156) SQL injection error with Run Reports
[
https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar updated FINERACT-1156:
-
Description:
As reported by Matt
He faced the SQL injection error while trying to run reports for Active Loans
(Pentaho).
After investigating a bit, I found all the report names that had a "(" faced
this issue, this turns out to be a problem with the regex that was designed to
accept the report names.
!screenshot-1.png!
Unrelated:
This module has a lot of SQL string concatenation and a good place to use our
SQLbuilder module ( I will take this)
was:
As reported by Matt
He faced the SQL injection error while trying to run reports for Active Loans
(Pentaho).
After investigating a bit, I found all the the report names that had a "("
faced this issue, this turns out to be a problem with the regex that was
designed to accept the report names.
Unrelated:
This module has a lot of SQL string concatenation and a good place to use our
SQLbuilder module ( I will take this)
> SQL injection error with Run Reports
>
>
> Key: FINERACT-1156
> URL: https://issues.apache.org/jira/browse/FINERACT-1156
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Manthan Surkar
>Priority: Major
> Attachments: screenshot-1.png
>
>
> As reported by Matt
> He faced the SQL injection error while trying to run reports for Active Loans
> (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced
> this issue, this turns out to be a problem with the regex that was designed
> to accept the report names.
> !screenshot-1.png!
> Unrelated:
> This module has a lot of SQL string concatenation and a good place to use our
> SQLbuilder module ( I will take this)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (FINERACT-1156) SQL injection error with Run Reports
[
https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar updated FINERACT-1156:
-
Attachment: screenshot-1.png
> SQL injection error with Run Reports
>
>
> Key: FINERACT-1156
> URL: https://issues.apache.org/jira/browse/FINERACT-1156
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Manthan Surkar
>Priority: Major
> Attachments: screenshot-1.png
>
>
> As reported by Matt
> He faced the SQL injection error while trying to run reports for Active Loans
> (Pentaho).
> After investigating a bit, I found all the the report names that had a "("
> faced this issue, this turns out to be a problem with the regex that was
> designed to accept the report names.
> Unrelated:
> This module has a lot of SQL string concatenation and a good place to use our
> SQLbuilder module ( I will take this)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (FINERACT-1156) SQL injection error with Run Reports
Manthan Surkar created FINERACT-1156:
Summary: SQL injection error with Run Reports
Key: FINERACT-1156
URL: https://issues.apache.org/jira/browse/FINERACT-1156
Project: Apache Fineract
Issue Type: Bug
Reporter: Manthan Surkar
As reported by Matt
He faced the SQL injection error while trying to run reports for Active Loans
(Pentaho).
After investigating a bit, I found all the the report names that had a "("
faced this issue, this turns out to be a problem with the regex that was
designed to accept the report names.
Unrelated:
This module has a lot of SQL string concatenation and a good place to use our
SQLbuilder module ( I will take this)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1155) NPE at AddressWritePlatformServiceImpl.addNewClientAddress()
[
https://issues.apache.org/jira/browse/FINERACT-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17200345#comment-17200345
]
Manthan Surkar commented on FINERACT-1155:
--
can I take this up? [~vorburger]
> NPE at AddressWritePlatformServiceImpl.addNewClientAddress()
>
>
> Key: FINERACT-1155
> URL: https://issues.apache.org/jira/browse/FINERACT-1155
> Project: Apache Fineract
> Issue Type: Bug
> Components: Client
>Affects Versions: 1.4.0
>Reporter: Michael Vorburger
>Priority: Blocker
> Labels: beginner
> Fix For: 1.5.0
>
>
> See FINERACT-932 for general background, and fix this problem:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.portfolio.address.service.AddressWritePlatformServiceImpl.addNewClientAddress
> (AddressWritePlatformServiceImpl.java:136)
> at
> org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl.createClient
> (ClientWritePlatformServiceJpaRepositoryImpl.java:329)
> at
> org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl$$FastClassBySpringCGLIB$$71ca1b7f.invoke
> ()
> at org.springframework.cglib.proxy.MethodProxy.invoke
> (MethodProxy.java:218)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint
> (CglibAopProxy.java:771)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction
> (TransactionAspectSupport.java:366)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke
> (TransactionInterceptor.java:118)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept
> (CglibAopProxy.java:691)
> at
> org.apache.fineract.portfolio.client.service.ClientWritePlatformServiceJpaRepositoryImpl$$EnhancerBySpringCGLIB$$f240e1f6.createClient
> ()
> at
> org.apache.fineract.portfolio.client.handler.CreateClientCommandHandler.processCommand
> (CreateClientCommandHandler.java:45)
> at
> org.apache.fineract.portfolio.client.handler.CreateClientCommandHandler$$FastClassBySpringCGLIB$$6bce1ca9.invoke
> ()
> at org.springframework.cglib.proxy.MethodProxy.invoke
> (MethodProxy.java:218)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint
> (CglibAopProxy.java:771)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction
> (TransactionAspectSupport.java:366)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke
> (TransactionInterceptor.java:118)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:186)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept
> (CglibAopProxy.java:691)
> at
> org.apache.fineract.portfolio.client.handler.CreateClientCommandHandler$$EnhancerBySpringCGLIB$$15d9efb4.processCommand
> ()
> at
> org.apache.fineract.commands.service.SynchronousCommandProcessingService.processAndLogCommand
> (SynchronousCommandProcessingService.java:82)
> at
> org.apache.fineract.commands.service.SynchronousCommandProcessingService$$FastClassBySpringCGLIB$$ec92d53f.invoke
> ()
> at org.springframework.cglib.proxy.MethodProxy.invoke
> (MethodProxy.java:218)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint
> (CglibAopProxy.java:771)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed
> (ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed
> (CglibAopProxy.java:749)
> at
>
[jira] [Updated] (FINERACT-1150) Integration tests for SQL builder column name Regex
[ https://issues.apache.org/jira/browse/FINERACT-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1150: - Issue Type: Test (was: Bug) > Integration tests for SQL builder column name Regex > --- > > Key: FINERACT-1150 > URL: https://issues.apache.org/jira/browse/FINERACT-1150 > Project: Apache Fineract > Issue Type: Test >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > > Background: FINERACT-1149 > It is a good idea to have integration tests here. > cc: [~vorburger] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1150) Integration tests for SQL builder column name Regex
[ https://issues.apache.org/jira/browse/FINERACT-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1150: - Description: Background: FINERACT-1149 It is a good idea to have integration tests here. cc: [~vorburger] was:Background: FINERACT-1149 > Integration tests for SQL builder column name Regex > --- > > Key: FINERACT-1150 > URL: https://issues.apache.org/jira/browse/FINERACT-1150 > Project: Apache Fineract > Issue Type: Bug >Reporter: Manthan Surkar >Priority: Major > > Background: FINERACT-1149 > It is a good idea to have integration tests here. > cc: [~vorburger] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1150) Integration tests for SQL builder column name Regex
[ https://issues.apache.org/jira/browse/FINERACT-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1150: Assignee: Manthan Surkar > Integration tests for SQL builder column name Regex > --- > > Key: FINERACT-1150 > URL: https://issues.apache.org/jira/browse/FINERACT-1150 > Project: Apache Fineract > Issue Type: Bug >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > > Background: FINERACT-1149 > It is a good idea to have integration tests here. > cc: [~vorburger] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINERACT-1150) Integration tests for SQL builder column name Regex
Manthan Surkar created FINERACT-1150: Summary: Integration tests for SQL builder column name Regex Key: FINERACT-1150 URL: https://issues.apache.org/jira/browse/FINERACT-1150 Project: Apache Fineract Issue Type: Bug Reporter: Manthan Surkar Background: FINERACT-1149 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1149) IllegalArgumentException at SQLBuilder.addCriteria() at StaffReadPlatformServiceImpl.retrieveAllLoanOfficersInOfficeById()
[
https://issues.apache.org/jira/browse/FINERACT-1149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17194821#comment-17194821
]
Manthan Surkar commented on FINERACT-1149:
--
Thanks, Yes I will do the integration tests part.
> IllegalArgumentException at SQLBuilder.addCriteria() at
> StaffReadPlatformServiceImpl.retrieveAllLoanOfficersInOfficeById()
> --
>
> Key: FINERACT-1149
> URL: https://issues.apache.org/jira/browse/FINERACT-1149
> Project: Apache Fineract
> Issue Type: Bug
>Affects Versions: 1.4.0
>Reporter: Michael Vorburger
>Assignee: Michael Vorburger
>Priority: Blocker
> Fix For: 1.5.0
>
>
> See FINERACT-932 for general background; I've found this in logs of
> [https://www.fineract.dev:|https://www.fineract.dev/]
> {code:java}
> java.lang.IllegalArgumentException: criteria column name must match
> [a-zA-Z_][a-zA-Z0-9_-]*\.)?[a-zA-Z_-][a-zA-Z0-9_-]* : is_loan_officer= =
> at
> org.apache.fineract.infrastructure.security.utils.SQLBuilder.addCriteria
> (SQLBuilder.java:79)
> at
> org.apache.fineract.organisation.staff.service.StaffReadPlatformServiceImpl.retrieveAllLoanOfficersInOfficeById
> (StaffReadPlatformServiceImpl.java:164)
> at
> org.apache.fineract.portfolio.loanaccount.service.LoanReadPlatformServiceImpl.retrieveAllowedLoanOfficers
> (LoanReadPlatformServiceImpl.java:1478)
> at
> org.apache.fineract.portfolio.loanaccount.api.LoansApiResource.template
> (LoansApiResource.java:444){code}
> [~Manthan] FYI would you perhaps want to create an integration test for this?
> Just a thought.
> I'll raise a PR to fix it (as it seems to be a trivial problem).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-834) Minor quick win: Please raise very small PR documenting Swagger use on README
[ https://issues.apache.org/jira/browse/FINERACT-834?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-834: --- Assignee: Manthan Surkar > Minor quick win: Please raise very small PR documenting Swagger use on README > - > > Key: FINERACT-834 > URL: https://issues.apache.org/jira/browse/FINERACT-834 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Trivial > > Based on some of the discussion in > https://github.com/apache/fineract/pull/629 (which got superseded by > https://github.com/apache/fineract/pull/695), I think it would be very useful > to have a short line (or a or two paragraph, max) in > https://github.com/apache/fineract/blob/develop/README.md#apache-fineract-platform-api > which simply explains how one actually may currently use the Swagger UI, as > it currently is. > I will just be completely honest and admit that personally I do not actually > know how! ;-) Is there a special URL one has to access? Does one need to > locally install anything? > [~kangbreder] would you like to do this? Please do raise 1 small PR with ONLY > this README change. > [~awasum] [~sanyam] ([~sanyam96] ?) FYI -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-942) Make Checkstyle detect bad logging anti-patterns (and fix problems found)
[ https://issues.apache.org/jira/browse/FINERACT-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17181639#comment-17181639 ] Manthan Surkar edited comment on FINERACT-942 at 8/24/20, 9:16 AM: --- only 1 checkstyle is left I would say it is better to add this in 1.4.0 and make an issue for the remaining. Are you okay with it? oh we are moving this to 1.5.0 for this since we already moved to the 1.4.0. was (Author: manthan): only 1 checkstyle is left I would say it is better to add this in 1.4.0 and make an issue for the remaining. Are you okay with it? oh we are moving to 1.5.0 for this since we already moved to the 1.4.0. > Make Checkstyle detect bad logging anti-patterns (and fix problems found) > - > > Key: FINERACT-942 > URL: https://issues.apache.org/jira/browse/FINERACT-942 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.5.0 > > > A particularly useful part of FINERACT-821, helping to detect real errors in > Fineract and not just formating, would be to enable the following in > fineract-provider/config/checkstyle/checkstyle.xml, and fix any problems that > this finds: > 1. RegexpSinglelineJava / printStackTrace > 2. IllegalCatch, IllegalThrows, MutableException, > AvoidHidingCauseExceptionCheck > 3. > [EmptyCatchBlock|https://checkstyle.sourceforge.io/config_blocks.html#EmptyCatchBlock] > Nota bene that we already have FINERACT-696, but this is complementary to > that. > One thing this should detect is e.g. the bad wrong emtpy > catch(MessagingException e) in EmailMessageJobEmailServiceImpl. > It may lead to more of FINERACT-932, which would be a Good Thing. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-9) Repayment Transactions allocated to FINANCIAL_ACTIVITY.LIABILITY_TRANSFER
[
https://issues.apache.org/jira/browse/FINERACT-9?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar reassigned FINERACT-9:
-
Assignee: (was: Manthan Surkar)
> Repayment Transactions allocated to FINANCIAL_ACTIVITY.LIABILITY_TRANSFER
> -
>
> Key: FINERACT-9
> URL: https://issues.apache.org/jira/browse/FINERACT-9
> Project: Apache Fineract
> Issue Type: Bug
> Components: Loan
>Reporter: Dayna Harp
>Priority: Major
> Labels: p2
>
> https://mifosforge.jira.com/browse/MIFOSX-2438
> All repayment transactions after an account transfer transaction are
> allocated to FINANCIAL_ACTIVITY.LIABILITY_TRANSFER accountAll repayment
> transactions after an account transfer transaction are allocated to
> FINANCIAL_ACTIVITY.LIABILITY_TRANSFER account.
> This is cause by the "isAccountTransfer" boolean outside the for loop on line
> 108 in
> "https://github.com/openMF/mifosx/blob/develop/mifosng-provider/src/main/java/org/mifosplatform/accounting/journalentry/service/AccountingProcessorHelper.java;
> The boolean should be in the for loop.
> boolean isAccountTransfer = (Boolean)
> accountingBridgeData.get("isAccountTransfer");
> @SuppressWarnings("unchecked")
> final List> newTransactionsMap =
> (List>) accountingBridgeData.get("newLoanTransactions");
> for (final Map map : newTransactionsMap) {
> final Long transactionOfficeId = (Long) map.get("officeId");
> final String transactionId = ((Long) map.get("id")).toString();
> final Date transactionDate = ((LocalDate)
> map.get("date")).toDate();
> final LoanTransactionEnumData transactionType =
> (LoanTransactionEnumData) map.get("type");
> final BigDecimal amount = (BigDecimal) map.get("amount");
> final BigDecimal principal = (BigDecimal)
> map.get("principalPortion");
> final BigDecimal interest = (BigDecimal)
> map.get("interestPortion");
> final BigDecimal fees = (BigDecimal) map.get("feeChargesPortion");
> final BigDecimal penalties = (BigDecimal)
> map.get("penaltyChargesPortion");
> final BigDecimal overPayments = (BigDecimal)
> map.get("overPaymentPortion");
> final boolean reversed = (Boolean) map.get("reversed");
> final Long paymentTypeId = (Long) map.get("paymentTypeId");
> final List feePaymentDetails = new
> ArrayList<>();
> final List penaltyPaymentDetails = new
> ArrayList<>();
> // extract charge payment details (if exists)
> if (map.containsKey("loanChargesPaid")) {
> @SuppressWarnings("unchecked")
> final List> loanChargesPaidData =
> (List>) map.get("loanChargesPaid");
> for (final Map loanChargePaid :
> loanChargesPaidData) {
> final Long chargeId = (Long)
> loanChargePaid.get("chargeId");
> final Long loanChargeId = (Long)
> loanChargePaid.get("loanChargeId");
> final boolean isPenalty = (Boolean)
> loanChargePaid.get("isPenalty");
> final BigDecimal chargeAmountPaid = (BigDecimal)
> loanChargePaid.get("amount");
> final ChargePaymentDTO chargePaymentDTO = new
> ChargePaymentDTO(chargeId, loanChargeId, chargeAmountPaid);
> if (isPenalty) {
> penaltyPaymentDetails.add(chargePaymentDTO);
> } else {
> feePaymentDetails.add(chargePaymentDTO);
> }
> }
> }
> if (!isAccountTransfer) {
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1105) Swagger generates invalid Open API Specification file
[
https://issues.apache.org/jira/browse/FINERACT-1105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17183083#comment-17183083
]
Manthan Surkar commented on FINERACT-1105:
--
[~Grandolf49] thanks for this!
> Swagger generates invalid Open API Specification file
> -
>
> Key: FINERACT-1105
> URL: https://issues.apache.org/jira/browse/FINERACT-1105
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Chinmay Kulkarni
>Assignee: Chinmay Kulkarni
>Priority: Minor
> Fix For: 1.4.0
>
>
> The Open API Specification file produced by Swagger Gradle Plugin is invalid.
> # Run *./gradlew build*
> # Use the contents of the generated Open API Spec file
> *build/classes/java/main/static/swagger-ui/fineract.yaml* to debug/validate
> spec file from here: [https://validator.swagger.io/] - Use Debug POST
> request to validate
> The validator returns the following:
> {code:yaml}
> ---
> messages: - "attribute paths.'/glclosures'(get).responses.200.description is
> missing"
> - "attribute paths.'/glclosures'(post).responses.200.description is missing"
> - "attribute paths.'/glclosures/{glClosureId}'(get).responses.200.description
> is missing"
> - "attribute paths.'/glclosures/{glClosureId}'(put).responses.200.description
> is missing"
> - "attribute
> paths.'/glclosures/{glClosureId}'(delete).responses.200.description is\
> \ missing"
> - "attribute
> paths.'/financialactivityaccounts'(get).responses.200.description is\
> \ missing"
> - "attribute
> paths.'/financialactivityaccounts'(post).responses.200.description is\
> \ missing"
> - "attribute
> paths.'/financialactivityaccounts/{mappingId}'(get).responses.200.description\
> \ is missing"
> - "attribute
> paths.'/financialactivityaccounts/{mappingId}'(put).responses.200.description\
> \ is missing"
> - "attribute paths.'/glaccounts/template'(get).responses.200.description is
> missing"
> - "attribute paths.'/glaccounts'(get).responses.200.description is missing"
> - "attribute paths.'/glaccounts'(post).responses.200.description is missing"
> - "attribute paths.'/glaccounts/{glAccountId}'(get).responses.200.description
> is missing"
> - "attribute paths.'/glaccounts/{glAccountId}'(put).responses.200.description
> is missing"
> - "attribute
> paths.'/glaccounts/{glAccountId}'(delete).responses.200.description is\
> \ missing"
> - "attribute
> paths.'/journalentries/{transactionId}'(post).responses.200.description\
> \ is missing"
> - "attribute
> paths.'/journalentries/{journalEntryId}'(get).responses.200.description\
> \ is missing"
> - "attribute paths.'/journalentries'(get).responses.200.description is
> missing"
> - "attribute paths.'/journalentries'(post).responses.200.description is
> missing"
> - "attribute paths.'/provisioningentries'(get).responses.200.description is
> missing"
> - "attribute paths.'/provisioningentries'(post).responses.200.description is
> missing"
> - "attribute
> paths.'/provisioningentries/entries'(get).responses.200.description is\
> \ missing"
> - "attribute
> paths.'/provisioningentries/{entryId}'(get).responses.200.description\
> \ is missing"
> - "attribute
> paths.'/provisioningentries/{entryId}'(post).responses.200.description\
> \ is missing"
> - "attribute paths.'/accountingrules'(get).responses.200.description is
> missing"
> - "attribute paths.'/accountingrules'(post).responses.200.description is
> missing"
> - "attribute
> paths.'/accountingrules/{accountingRuleId}'(get).responses.200.description\
> \ is missing"
> - "attribute
> paths.'/accountingrules/{accountingRuleId}'(put).responses.200.description\
> \ is missing"
> - "attribute
> paths.'/accountingrules/{accountingRuleId}'(delete).responses.200.description\
> \ is missing"
> - "attribute paths.'/accountingrules/template'(get).responses.200.description
> is missing"
> - "attribute paths.'/audits/searchtemplate'(get).responses.200.description is
> missing"
> - "attribute paths.'/audits'(get).responses.200.description is missing"
> - "attribute paths.'/audits/{auditId}'(get).responses.200.description is
> missing"
> - "attribute
> paths.'/makercheckers/searchtemplate'(get).responses.200.description\
> \ is missing"
> - "attribute paths.'/makercheckers/{auditId}'(post).responses.200.description
> is missing"
> - "attribute
> paths.'/makercheckers/{auditId}'(delete).responses.200.description is\
> \ missing"
> - "attribute paths.'/makercheckers'(get).responses.200.description is missing"
> - "attribute paths.'/accountnumberformats'(get).responses.200.description is
> missing"
> - "attribute paths.'/accountnumberformats'(post).responses.200.description is
> missing"
> - "attribute
> paths.'/accountnumberformats/template'(get).responses.200.description\
> \ is missing"
> -
[jira] [Comment Edited] (FINERACT-942) Make Checkstyle detect bad logging anti-patterns (and fix problems found)
[ https://issues.apache.org/jira/browse/FINERACT-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17181639#comment-17181639 ] Manthan Surkar edited comment on FINERACT-942 at 8/21/20, 6:26 AM: --- only 1 checkstyle is left I would say it is better to add this in 1.4.0 and make an issue for the remaining. Are you okay with it? oh we are moving to 1.5.0 for this since we already moved to the 1.4.0. was (Author: manthan): only 1 checkstyle is left I would say it is better to add this in 1.4.0 and make an issue for the remaining. Are you okay with it? > Make Checkstyle detect bad logging anti-patterns (and fix problems found) > - > > Key: FINERACT-942 > URL: https://issues.apache.org/jira/browse/FINERACT-942 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > A particularly useful part of FINERACT-821, helping to detect real errors in > Fineract and not just formating, would be to enable the following in > fineract-provider/config/checkstyle/checkstyle.xml, and fix any problems that > this finds: > 1. RegexpSinglelineJava / printStackTrace > 2. IllegalCatch, IllegalThrows, MutableException, > AvoidHidingCauseExceptionCheck > 3. > [EmptyCatchBlock|https://checkstyle.sourceforge.io/config_blocks.html#EmptyCatchBlock] > Nota bene that we already have FINERACT-696, but this is complementary to > that. > One thing this should detect is e.g. the bad wrong emtpy > catch(MessagingException e) in EmailMessageJobEmailServiceImpl. > It may lead to more of FINERACT-932, which would be a Good Thing. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-942) Make Checkstyle detect bad logging anti-patterns (and fix problems found)
[ https://issues.apache.org/jira/browse/FINERACT-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17181639#comment-17181639 ] Manthan Surkar commented on FINERACT-942: - only 1 checkstyle is left I would say it is better to add this in 1.4.0 and make an issue for the remaining. Are you okay with it? > Make Checkstyle detect bad logging anti-patterns (and fix problems found) > - > > Key: FINERACT-942 > URL: https://issues.apache.org/jira/browse/FINERACT-942 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > A particularly useful part of FINERACT-821, helping to detect real errors in > Fineract and not just formating, would be to enable the following in > fineract-provider/config/checkstyle/checkstyle.xml, and fix any problems that > this finds: > 1. RegexpSinglelineJava / printStackTrace > 2. IllegalCatch, IllegalThrows, MutableException, > AvoidHidingCauseExceptionCheck > 3. > [EmptyCatchBlock|https://checkstyle.sourceforge.io/config_blocks.html#EmptyCatchBlock] > Nota bene that we already have FINERACT-696, but this is complementary to > that. > One thing this should detect is e.g. the bad wrong emtpy > catch(MessagingException e) in EmailMessageJobEmailServiceImpl. > It may lead to more of FINERACT-932, which would be a Good Thing. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17179065#comment-17179065 ] Manthan Surkar commented on FINERACT-1058: -- no! do not merge this yet, this is blocked by a FINERACT-1095, should be done then :D > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17179065#comment-17179065 ] Manthan Surkar edited comment on FINERACT-1058 at 8/17/20, 3:31 PM: no! do not close this yet, this is blocked by a FINERACT-1095, should be done then :D was (Author: manthan): no! do not merge this yet, this is blocked by a FINERACT-1095, should be done then :D > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1082) Automate Fineract version number population into Swagger doc
[ https://issues.apache.org/jira/browse/FINERACT-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17178640#comment-17178640 ] Manthan Surkar commented on FINERACT-1082: -- [~ptuomola] Sorry for asking this again, I went through All possible options, researched a bit on the same I could not find a direct way: https://github.com/swagger-api/swagger-core/tree/master/modules/swagger-gradle-plugin from the plugin at least, none of the property seems to be useful in this case, can you have a quick look? > Automate Fineract version number population into Swagger doc > > > Key: FINERACT-1082 > URL: https://issues.apache.org/jira/browse/FINERACT-1082 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Manthan Surkar >Priority: Minor > > Currently the Fineract version (e.g. 1.4.0) for Swagger documentation is > hardcoded into fineract-provider/config/swagger/fineract-input.json. This > should be automatically populated based on current Fineract version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1082) Automate Fineract version number population into Swagger doc
[ https://issues.apache.org/jira/browse/FINERACT-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17178384#comment-17178384 ] Manthan Surkar commented on FINERACT-1082: -- [~ptuomola] got it, thank you :D > Automate Fineract version number population into Swagger doc > > > Key: FINERACT-1082 > URL: https://issues.apache.org/jira/browse/FINERACT-1082 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Manthan Surkar >Priority: Minor > > Currently the Fineract version (e.g. 1.4.0) for Swagger documentation is > hardcoded into fineract-provider/config/swagger/fineract-input.json. This > should be automatically populated based on current Fineract version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17178383#comment-17178383
]
Manthan Surkar commented on FINERACT-1095:
--
[~ptuomola]
Since we are trying to replace the use case of two values i.e l.loan_status_id
in (100,200), do you have any suggestions on how to implement this? Is it a
good idea to take ',' separated values from the user? or you have other ideas?
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly defend
> {{sqlSearch}}. If not, let's just
[jira] [Commented] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17178382#comment-17178382
]
Manthan Surkar commented on FINERACT-1095:
--
The first part is now merged ;) https://github.com/apache/fineract/pull/1207
I am looking into the 2nd and last part now.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly defend
> {{sqlSearch}}. If not, let's just completely remove it. We do have to first
> replace the small current use in the community-app.
> PS: Nota bene that this issue
[jira] [Commented] (FINERACT-1082) Automate Fineract version number population into Swagger doc
[ https://issues.apache.org/jira/browse/FINERACT-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17171772#comment-17171772 ] Manthan Surkar commented on FINERACT-1082: -- [~ptuomola] Can you please tell how can I use the value in .yaml file? The property that we get in the Gradle Git property plugin, are we supposed to set some parameter in the build.gradle swagger config? Just the direction to proceed will do. Thanks Manthan > Automate Fineract version number population into Swagger doc > > > Key: FINERACT-1082 > URL: https://issues.apache.org/jira/browse/FINERACT-1082 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Manthan Surkar >Priority: Minor > > Currently the Fineract version (e.g. 1.4.0) for Swagger documentation is > hardcoded into fineract-provider/config/swagger/fineract-input.json. This > should be automatically populated based on current Fineract version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-746) Add/update swagger document for commands api's
[ https://issues.apache.org/jira/browse/FINERACT-746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-746: --- Assignee: (was: Manthan Surkar) > Add/update swagger document for commands api's > -- > > Key: FINERACT-746 > URL: https://issues.apache.org/jira/browse/FINERACT-746 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for remaining api's of commands module. > Update/correct existing documentation of commands module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (FINERACT-746) Add/update swagger document for commands api's
[ https://issues.apache.org/jira/browse/FINERACT-746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar closed FINERACT-746. --- Fix Version/s: 1.4.0 Resolution: Fixed > Add/update swagger document for commands api's > -- > > Key: FINERACT-746 > URL: https://issues.apache.org/jira/browse/FINERACT-746 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > Fix For: 1.4.0 > > > Add documentation for remaining api's of commands module. > Update/correct existing documentation of commands module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-746) Add/update swagger document for commands api's
[ https://issues.apache.org/jira/browse/FINERACT-746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17171708#comment-17171708 ] Manthan Surkar commented on FINERACT-746: - I have talked to kang, and confirmed this is already done. > Add/update swagger document for commands api's > -- > > Key: FINERACT-746 > URL: https://issues.apache.org/jira/browse/FINERACT-746 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for remaining api's of commands module. > Update/correct existing documentation of commands module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165963#comment-17165963
]
Manthan Surkar edited comment on FINERACT-1095 at 7/27/20, 9:07 PM:
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
"status": {
"id": 300,
"code": "clientStatusType.active",
"value": "Active"
},
"active": true,
I am currently looking into the loans.
was (Author: manthan):
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
*"status":*
*{ "id": 300, "code": "clientStatusType.active", "value": "Active" }**,*
*"active": true,*
I am currently looking into the loans.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
>
[jira] [Comment Edited] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165963#comment-17165963
]
Manthan Surkar edited comment on FINERACT-1095 at 7/27/20, 9:06 PM:
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
*"status":*
*{ "id": 300, "code": "clientStatusType.active", "value": "Active" }**,*
*"active": true,*
I am currently looking into the loans.
was (Author: manthan):
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
* "status": {
"id": 300,
"code": "clientStatusType.active",
"value": "Active"
},
"active": true, *
I am currently looking into the loans.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
>
[jira] [Commented] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165963#comment-17165963
]
Manthan Surkar commented on FINERACT-1095:
--
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
*"status": {
"id": 300,
"code": "clientStatusType.active",
"value": "Active"
},
"active": true,*
I am currently looking into the loans.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly
[jira] [Comment Edited] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165963#comment-17165963
]
Manthan Surkar edited comment on FINERACT-1095 at 7/27/20, 9:05 PM:
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
* "status": {
"id": 300,
"code": "clientStatusType.active",
"value": "Active"
},
"active": true, *
I am currently looking into the loans.
was (Author: manthan):
Update for status in the client:
We already have 2 parameters that could help in the use case.
Looks something like this:
*"status": {
"id": 300,
"code": "clientStatusType.active",
"value": "Active"
},
"active": true,*
I am currently looking into the loans.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If
[jira] [Commented] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17164961#comment-17164961
]
Manthan Surkar commented on FINERACT-1095:
--
[~vorburger] I have discussed with Chirag,
1. I will first add the APIs that are required in a community app.
2. Chirag will update the community app with newly added APIs.
3. We remove this sqlSearch feature after 1 and 2, and the community agrees.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly defend
> {{sqlSearch}}. If not, let's just
[jira] [Commented] (FINERACT-741) Improving Swagger UI to group related APIs together instead of random order
[ https://issues.apache.org/jira/browse/FINERACT-741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17164960#comment-17164960 ] Manthan Surkar commented on FINERACT-741: - [~ptuomola] okay!! [~vorburger] [~sanyam96] you think the same way? Should we try this first and then make a demo video/launch swagger? > Improving Swagger UI to group related APIs together instead of random order > --- > > Key: FINERACT-741 > URL: https://issues.apache.org/jira/browse/FINERACT-741 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > All API's are currently listed in a random order and someone new to the > system cannot comprehend relationships between them. The home page needs to > be improved with either a sidebar or a navbar (similar to the one in the > existing documentation) which groups together related API's and provides > hyperlinks to their swagger documentation -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-942) Make Checkstyle detect bad logging anti-patterns (and fix problems found)
[ https://issues.apache.org/jira/browse/FINERACT-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17164959#comment-17164959 ] Manthan Surkar commented on FINERACT-942: - [~vorburger] sure, 1. https://github.com/apache/fineract/blob/b61957acb20ede94bedd05edc95a505bc59ba513/fineract-provider/src/integrationTest/java/org/apache/fineract/integrationtests/HookIntegrationTest.java#L79-L92 2. https://github.com/apache/fineract/blob/b61957acb20ede94bedd05edc95a505bc59ba513/fineract-provider/src/integrationTest/java/org/apache/fineract/integrationtests/HookIntegrationTest.java#L93-L100 *3. * https://github.com/apache/fineract/blob/c529fdf58c335adb4dd938b0551f7e355e9eb56d/fineract-provider/src/main/java/org/apache/fineract/batch/command/internal/DisburseLoanCommandStrategy.java#L81-L93 and https://github.com/apache/fineract/blob/c529fdf58c335adb4dd938b0551f7e355e9eb56d/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/sms/service/SmsCampaignDomainServiceImpl.java#L233-L235 *4.* https://github.com/apache/fineract/blob/2323450e71d1508e6ff218d48b856aefa04542d0/fineract-provider/src/main/java/org/apache/fineract/infrastructure/bulkimport/importhandler/client/ClientEntityImportHandler.java#L194-L228 > Make Checkstyle detect bad logging anti-patterns (and fix problems found) > - > > Key: FINERACT-942 > URL: https://issues.apache.org/jira/browse/FINERACT-942 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > A particularly useful part of FINERACT-821, helping to detect real errors in > Fineract and not just formating, would be to enable the following in > fineract-provider/config/checkstyle/checkstyle.xml, and fix any problems that > this finds: > 1. RegexpSinglelineJava / printStackTrace > 2. IllegalCatch, IllegalThrows, MutableException, > AvoidHidingCauseExceptionCheck > 3. > [EmptyCatchBlock|https://checkstyle.sourceforge.io/config_blocks.html#EmptyCatchBlock] > Nota bene that we already have FINERACT-696, but this is complementary to > that. > One thing this should detect is e.g. the bad wrong emtpy > catch(MessagingException e) in EmailMessageJobEmailServiceImpl. > It may lead to more of FINERACT-932, which would be a Good Thing. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-942) Make Checkstyle detect bad logging anti-patterns (and fix problems found)
[ https://issues.apache.org/jira/browse/FINERACT-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17164959#comment-17164959 ] Manthan Surkar edited comment on FINERACT-942 at 7/25/20, 2:43 PM: --- [~vorburger] sure, 1. https://github.com/apache/fineract/blob/b61957acb20ede94bedd05edc95a505bc59ba513/fineract-provider/src/integrationTest/java/org/apache/fineract/integrationtests/HookIntegrationTest.java#L79-L92 2. https://github.com/apache/fineract/blob/b61957acb20ede94bedd05edc95a505bc59ba513/fineract-provider/src/integrationTest/java/org/apache/fineract/integrationtests/HookIntegrationTest.java#L93-L100 *3.* https://github.com/apache/fineract/blob/c529fdf58c335adb4dd938b0551f7e355e9eb56d/fineract-provider/src/main/java/org/apache/fineract/batch/command/internal/DisburseLoanCommandStrategy.java#L81-L93 and https://github.com/apache/fineract/blob/c529fdf58c335adb4dd938b0551f7e355e9eb56d/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/sms/service/SmsCampaignDomainServiceImpl.java#L233-L235 *4.* https://github.com/apache/fineract/blob/2323450e71d1508e6ff218d48b856aefa04542d0/fineract-provider/src/main/java/org/apache/fineract/infrastructure/bulkimport/importhandler/client/ClientEntityImportHandler.java#L194-L228 was (Author: manthan): [~vorburger] sure, 1. https://github.com/apache/fineract/blob/b61957acb20ede94bedd05edc95a505bc59ba513/fineract-provider/src/integrationTest/java/org/apache/fineract/integrationtests/HookIntegrationTest.java#L79-L92 2. https://github.com/apache/fineract/blob/b61957acb20ede94bedd05edc95a505bc59ba513/fineract-provider/src/integrationTest/java/org/apache/fineract/integrationtests/HookIntegrationTest.java#L93-L100 *3. * https://github.com/apache/fineract/blob/c529fdf58c335adb4dd938b0551f7e355e9eb56d/fineract-provider/src/main/java/org/apache/fineract/batch/command/internal/DisburseLoanCommandStrategy.java#L81-L93 and https://github.com/apache/fineract/blob/c529fdf58c335adb4dd938b0551f7e355e9eb56d/fineract-provider/src/main/java/org/apache/fineract/infrastructure/campaigns/sms/service/SmsCampaignDomainServiceImpl.java#L233-L235 *4.* https://github.com/apache/fineract/blob/2323450e71d1508e6ff218d48b856aefa04542d0/fineract-provider/src/main/java/org/apache/fineract/infrastructure/bulkimport/importhandler/client/ClientEntityImportHandler.java#L194-L228 > Make Checkstyle detect bad logging anti-patterns (and fix problems found) > - > > Key: FINERACT-942 > URL: https://issues.apache.org/jira/browse/FINERACT-942 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > A particularly useful part of FINERACT-821, helping to detect real errors in > Fineract and not just formating, would be to enable the following in > fineract-provider/config/checkstyle/checkstyle.xml, and fix any problems that > this finds: > 1. RegexpSinglelineJava / printStackTrace > 2. IllegalCatch, IllegalThrows, MutableException, > AvoidHidingCauseExceptionCheck > 3. > [EmptyCatchBlock|https://checkstyle.sourceforge.io/config_blocks.html#EmptyCatchBlock] > Nota bene that we already have FINERACT-696, but this is complementary to > that. > One thing this should detect is e.g. the bad wrong emtpy > catch(MessagingException e) in EmailMessageJobEmailServiceImpl. > It may lead to more of FINERACT-932, which would be a Good Thing. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17163273#comment-17163273
]
Manthan Surkar commented on FINERACT-1095:
--
Thanks [~vorburger]
I agree we should remove this, I am self-assigning this.
If everyone on the mailing list agrees to remove this I will remove this from
fineract as well as community app.
As you said there are two places where this is used, I will instead add the API
here(again as you suggested) and make it work ;)
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if
[jira] [Assigned] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar reassigned FINERACT-1095:
Assignee: Manthan Surkar
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly defend
> {{sqlSearch}}. If not, let's just completely remove it. We do have to first
> replace the small current use in the community-app.
> PS: Nota bene that this issue isn't stating that a REST API with query
> capabilities is bad per se. The point here is that an "SQL pass-through" is
> wrong. We
[jira] [Commented] (FINERACT-942) Make Checkstyle detect bad logging anti-patterns (and fix problems found)
[ https://issues.apache.org/jira/browse/FINERACT-942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161551#comment-17161551 ] Manthan Surkar commented on FINERACT-942: - [~vorburger] The illegal catch checkstyle is the last one left, I will need some guidance before I proceed: 1. general exceptions are used to timeout request, like eg: loop: do some request if Exception wait for 3 sec and goto loop else Exit 2. Use it for no reason and just safety, and removing the try-catch block won't affect the code/cause any error. 3. A runtime exception is caught and logged 4. When an operation is to be performed on say 10 entities and we don't want to stop if an entity 5 has a runtime exception, it is caught. TBH I don't know how to tackle any of these situations with confidence. IMO, in 2,3 we should remove the logging completely. 1,4 we should suppress the warning, WDTY? > Make Checkstyle detect bad logging anti-patterns (and fix problems found) > - > > Key: FINERACT-942 > URL: https://issues.apache.org/jira/browse/FINERACT-942 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > A particularly useful part of FINERACT-821, helping to detect real errors in > Fineract and not just formating, would be to enable the following in > fineract-provider/config/checkstyle/checkstyle.xml, and fix any problems that > this finds: > 1. RegexpSinglelineJava / printStackTrace > 2. IllegalCatch, IllegalThrows, MutableException, > AvoidHidingCauseExceptionCheck > 3. > [EmptyCatchBlock|https://checkstyle.sourceforge.io/config_blocks.html#EmptyCatchBlock] > Nota bene that we already have FINERACT-696, but this is complementary to > that. > One thing this should detect is e.g. the bad wrong emtpy > catch(MessagingException e) in EmailMessageJobEmailServiceImpl. > It may lead to more of FINERACT-932, which would be a Good Thing. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-741) Improving Swagger UI to group related APIs together instead of random order
[ https://issues.apache.org/jira/browse/FINERACT-741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17161521#comment-17161521 ] Manthan Surkar commented on FINERACT-741: - [~ptuomola] [~vorburger] [~sanyam96] IMHO the current swagger-UI with the filter feature does a good job, and this feature can be enhancement but not a requirement for a swagger to operate. Having said that this is really good to have. Currently swagger won't support this, but I have found something good enough to consider: https://wll8.github.io/redoc-try/index.html http://redocly.github.io/redoc/?url=https://demo.fineract.dev/fineract-provider/swagger-ui/fineract.yaml Redoc does exactly what we want a sidebar, but I am afraid the project might not keep up with new features swagger generated JSON might have to offer. It does work with openAPI 3.0 file, but we need to make sure we get all important features like:* 1. Authorization 2. Try it out, work smooth, which might need some work. TBH, I really like the sidebar but The general UI- swagger original is a bit neater. If we can make all the features work + sidebar would you like to consider this? Given that it has some disadvantages as well? The project is still very active: https://github.com/Redocly/redoc > Improving Swagger UI to group related APIs together instead of random order > --- > > Key: FINERACT-741 > URL: https://issues.apache.org/jira/browse/FINERACT-741 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > All API's are currently listed in a random order and someone new to the > system cannot comprehend relationships between them. The home page needs to > be improved with either a sidebar or a navbar (similar to the one in the > existing documentation) which groups together related API's and provides > hyperlinks to their swagger documentation -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-842) Make the Try it Button on swagger ui accept client requests and produce responses
[ https://issues.apache.org/jira/browse/FINERACT-842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-842. - Fix Version/s: 1.4.0 Resolution: Fixed > Make the Try it Button on swagger ui accept client requests and produce > responses > - > > Key: FINERACT-842 > URL: https://issues.apache.org/jira/browse/FINERACT-842 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Labels: beginner, documentation > Fix For: 1.4.0 > > > as described in [~kangbreder] > https://docs.google.com/document/d/1EfnwUjyAJzpeMwDWKRAPQN5YNrpwCvVigfIEoudVStg/edit# > the goal of this sub-task is to make the "Try It" button on the Swagger UI > work. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1066) NullPointerException at SQLInjectionValidator.validateSQLInput()
[
https://issues.apache.org/jira/browse/FINERACT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159445#comment-17159445
]
Manthan Surkar commented on FINERACT-1066:
--
https://github.com/apache/fineract/pull/1159
My bad, I wrote wrong issue number in pr commit msg, I will fix this.
> NullPointerException at SQLInjectionValidator.validateSQLInput()
>
>
> Key: FINERACT-1066
> URL: https://issues.apache.org/jira/browse/FINERACT-1066
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Blocker
> Fix For: 1.4.0
>
>
> See FINERACT-932 for general background; I'm currently seeing this in logs of
> [https://www.fineract.dev|https://www.fineract.dev/]:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput
> (SQLInjectionValidator.java:36)
> at
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection
> (ColumnValidator.java:94)
> at
> org.apache.fineract.portfolio.group.service.CenterReadPlatformServiceImpl.retrieveAll
> (CenterReadPlatformServiceImpl.java:432)
> at
> org.apache.fineract.portfolio.group.api.CentersApiResource.retrieveAll
> (CentersApiResource.java:219) {noformat}
> [~Manthan] is this perhaps something you'd like to pick up?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1082) Automate Fineract version number population into Swagger doc
[ https://issues.apache.org/jira/browse/FINERACT-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159434#comment-17159434 ] Manthan Surkar commented on FINERACT-1082: -- [~ptuomola] can you guide me a little on from where to fetch the version? I could not find the version property anywhere. i found -> releaseVersion=1.0.0 in gradle.properties is this wrong and needs to be updated? > Automate Fineract version number population into Swagger doc > > > Key: FINERACT-1082 > URL: https://issues.apache.org/jira/browse/FINERACT-1082 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Manthan Surkar >Priority: Minor > > Currently the Fineract version (e.g. 1.4.0) for Swagger documentation is > hardcoded into fineract-provider/config/swagger/fineract-input.json. This > should be automatically populated based on current Fineract version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-742) Swagger guide for new api's
[ https://issues.apache.org/jira/browse/FINERACT-742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159431#comment-17159431 ] Manthan Surkar commented on FINERACT-742: - [~vorburger] Here is the guide that was written(GSoC'19) : https://docs.google.com/document/d/1BkN-Iw5kNrfia7chsgeNoyo6Z1vnBqRnioF0_IRwDyE/edit Should we add it to readme? and then mark this as closed? or you have any other idea on what we can do with the guide? > Swagger guide for new api's > > > Key: FINERACT-742 > URL: https://issues.apache.org/jira/browse/FINERACT-742 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > Create swagger documentation guide for developers to apply swagger > annotations on fineract apis. > Going forward, whenever new api will be created, it's swagger document can be > created along with api. > For reference : https://goo.gl/8RMMhN -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-742) Swagger guide for new api's
[ https://issues.apache.org/jira/browse/FINERACT-742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-742: --- Assignee: Manthan Surkar > Swagger guide for new api's > > > Key: FINERACT-742 > URL: https://issues.apache.org/jira/browse/FINERACT-742 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > Create swagger documentation guide for developers to apply swagger > annotations on fineract apis. > Going forward, whenever new api will be created, it's swagger document can be > created along with api. > For reference : https://goo.gl/8RMMhN -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-834) Minor quick win: Please raise very small PR documenting Swagger use on README
[ https://issues.apache.org/jira/browse/FINERACT-834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159430#comment-17159430 ] Manthan Surkar commented on FINERACT-834: - [~vorburger] [~ptuomola] do you think it would be a good idea to add a small video demo on how to use swagger-api? otherwise, we can write it in Text format about features like Filter and try-it. > Minor quick win: Please raise very small PR documenting Swagger use on README > - > > Key: FINERACT-834 > URL: https://issues.apache.org/jira/browse/FINERACT-834 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Priority: Major > > Based on some of the discussion in > https://github.com/apache/fineract/pull/629 (which got superseded by > https://github.com/apache/fineract/pull/695), I think it would be very useful > to have a short line (or a or two paragraph, max) in > https://github.com/apache/fineract/blob/develop/README.md#apache-fineract-platform-api > which simply explains how one actually may currently use the Swagger UI, as > it currently is. > I will just be completely honest and admit that personally I do not actually > know how! ;-) Is there a special URL one has to access? Does one need to > locally install anything? > [~kangbreder] would you like to do this? Please do raise 1 small PR with ONLY > this README change. > [~awasum] [~sanyam] ([~sanyam96] ?) FYI -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-746) Add/update swagger document for commands api's
[ https://issues.apache.org/jira/browse/FINERACT-746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159428#comment-17159428 ] Manthan Surkar commented on FINERACT-746: - This probably needs some work, taking this up. > Add/update swagger document for commands api's > -- > > Key: FINERACT-746 > URL: https://issues.apache.org/jira/browse/FINERACT-746 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for remaining api's of commands module. > Update/correct existing documentation of commands module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-746) Add/update swagger document for commands api's
[ https://issues.apache.org/jira/browse/FINERACT-746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-746: --- Assignee: Manthan Surkar > Add/update swagger document for commands api's > -- > > Key: FINERACT-746 > URL: https://issues.apache.org/jira/browse/FINERACT-746 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for remaining api's of commands module. > Update/correct existing documentation of commands module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-741) Improving Swagger UI to group related APIs together instead of random order
[ https://issues.apache.org/jira/browse/FINERACT-741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-741: --- Assignee: Manthan Surkar > Improving Swagger UI to group related APIs together instead of random order > --- > > Key: FINERACT-741 > URL: https://issues.apache.org/jira/browse/FINERACT-741 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Assignee: Manthan Surkar >Priority: Minor > Labels: fineract-swagger-doc > > All API's are currently listed in a random order and someone new to the > system cannot comprehend relationships between them. The home page needs to > be improved with either a sidebar or a navbar (similar to the one in the > existing documentation) which groups together related API's and provides > hyperlinks to their swagger documentation -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-741) Improving Swagger UI to group related APIs together instead of random order
[ https://issues.apache.org/jira/browse/FINERACT-741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159425#comment-17159425 ] Manthan Surkar commented on FINERACT-741: - I am taking this :) > Improving Swagger UI to group related APIs together instead of random order > --- > > Key: FINERACT-741 > URL: https://issues.apache.org/jira/browse/FINERACT-741 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > All API's are currently listed in a random order and someone new to the > system cannot comprehend relationships between them. The home page needs to > be improved with either a sidebar or a navbar (similar to the one in the > existing documentation) which groups together related API's and provides > hyperlinks to their swagger documentation -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-743) Add/update swagger document for accounting api's
[ https://issues.apache.org/jira/browse/FINERACT-743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159422#comment-17159422 ] Manthan Surkar commented on FINERACT-743: - Closing this, based upon my review (on live swagger-ui) and GSoC report of [~kangbreder]. > Add/update swagger document for accounting api's > > > Key: FINERACT-743 > URL: https://issues.apache.org/jira/browse/FINERACT-743 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for remaining api's of accounting module. > Update/correct existing documentation of accounting module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-743) Add/update swagger document for accounting api's
[ https://issues.apache.org/jira/browse/FINERACT-743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-743. - Fix Version/s: 1.4.0 Resolution: Fixed > Add/update swagger document for accounting api's > > > Key: FINERACT-743 > URL: https://issues.apache.org/jira/browse/FINERACT-743 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > Fix For: 1.4.0 > > > Add documentation for remaining api's of accounting module. > Update/correct existing documentation of accounting module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-745) Update swagger document for batch api
[ https://issues.apache.org/jira/browse/FINERACT-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-745. - Fix Version/s: 1.4.0 Resolution: Fixed > Update swagger document for batch api > - > > Key: FINERACT-745 > URL: https://issues.apache.org/jira/browse/FINERACT-745 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > Fix For: 1.4.0 > > > Update/correct existing documentation of batch api module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-745) Update swagger document for batch api
[ https://issues.apache.org/jira/browse/FINERACT-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159420#comment-17159420 ] Manthan Surkar commented on FINERACT-745: - Closing this, based upon my review (on live swagger-ui) and GSoC report of [~kangbreder]. > Update swagger document for batch api > - > > Key: FINERACT-745 > URL: https://issues.apache.org/jira/browse/FINERACT-745 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > Update/correct existing documentation of batch api module. > > Reference : Goal 3 : FINERACT-733 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-744) Add swagger document for adhocquery api
[ https://issues.apache.org/jira/browse/FINERACT-744?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-744: Fix Version/s: 1.4.0 > Add swagger document for adhocquery api > --- > > Key: FINERACT-744 > URL: https://issues.apache.org/jira/browse/FINERACT-744 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > Fix For: 1.4.0 > > > Add documentation for adhocquery api module. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1066) NullPointerException at SQLInjectionValidator.validateSQLInput()
[
https://issues.apache.org/jira/browse/FINERACT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar updated FINERACT-1066:
-
Fix Version/s: 1.4.0
> NullPointerException at SQLInjectionValidator.validateSQLInput()
>
>
> Key: FINERACT-1066
> URL: https://issues.apache.org/jira/browse/FINERACT-1066
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Blocker
> Fix For: 1.4.0
>
>
> See FINERACT-932 for general background; I'm currently seeing this in logs of
> [https://www.fineract.dev|https://www.fineract.dev/]:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput
> (SQLInjectionValidator.java:36)
> at
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection
> (ColumnValidator.java:94)
> at
> org.apache.fineract.portfolio.group.service.CenterReadPlatformServiceImpl.retrieveAll
> (CenterReadPlatformServiceImpl.java:432)
> at
> org.apache.fineract.portfolio.group.api.CentersApiResource.retrieveAll
> (CentersApiResource.java:219) {noformat}
> [~Manthan] is this perhaps something you'd like to pick up?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (FINERACT-1047) Integration tests for audit trails
[ https://issues.apache.org/jira/browse/FINERACT-1047?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-1047. -- Resolution: Fixed > Integration tests for audit trails > -- > > Key: FINERACT-1047 > URL: https://issues.apache.org/jira/browse/FINERACT-1047 > Project: Apache Fineract > Issue Type: Test >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > Related to FINERACT-799 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1083) Swagger UI resource location to be version independent
[ https://issues.apache.org/jira/browse/FINERACT-1083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1083: - Fix Version/s: 1.4.0 > Swagger UI resource location to be version independent > -- > > Key: FINERACT-1083 > URL: https://issues.apache.org/jira/browse/FINERACT-1083 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Petri Tuomola >Priority: Major > Fix For: 1.4.0 > > > Swagger UI application is now included through the runtime dependency in the > Gradle file (dependency on 'org.webjars.npm:swagger-ui-dist'), and Tomcat is > then instructed to route requests for /swagger-ui to the WebJar (see code in > org.apache.fineract.infrastructure.core.boot.WebFrontEndConfiguration). > The only problem is that the code in > org.apache.fineract.infrastructure.core.boot.WebFrontEndConfiguration refers > to the WebJAR with a specific version number. When we upgrade the dependency > we need to also change the source code to point to the right version. A > better solution would be to make this version agnostic - either by using the > webjars-locator > ([https://mvnrepository.com/artifact/org.webjars/webjars-locator) > |https://mvnrepository.com/artifact/org.webjars/webjars-locator]or by simply > writing some code to find swagger.json from classpath and using the found > location to determine the right resource location to use. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1090) Add a Search/Filter option in swagger-ui
[ https://issues.apache.org/jira/browse/FINERACT-1090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-1090. -- Fix Version/s: 1.4.0 Resolution: Fixed > Add a Search/Filter option in swagger-ui > > > Key: FINERACT-1090 > URL: https://issues.apache.org/jira/browse/FINERACT-1090 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > Currently, It is very hard to navigate in swagger-UI, it would be nice to > have a search/filter option to find relevant APIs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1045) Replace links to demo.openmf.org on Swagger with (local) / links
[ https://issues.apache.org/jira/browse/FINERACT-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1045: - Fix Version/s: 1.4.0 > Replace links to demo.openmf.org on Swagger with (local) / links > > > Key: FINERACT-1045 > URL: https://issues.apache.org/jira/browse/FINERACT-1045 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Petri Tuomola >Priority: Major > Fix For: 1.4.0 > > > Following [~ptuomola] PR [https://github.com/apache/fineract/pull/1069/files] > for FINERACT-835, we can now see stuff on > [http://localhost:8080/fineract-provider/swagger-ui/index.html#/] but the > very start of it, that top level description "Apache Fineract is a..." which > has many links to [https://demo.openmf.org/api-docs/apiLive.htm] looks weird, > now that we have apiLive.htm bundled in the app.. > As a first step, let's just replace all those links with absolute root links > to the instance's own self-hosted doc. > The goal of this issue should be that searching (grep) for "openmf.org" finds > no more matches at all. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1044) fineract-provider/swagger-ui/ => /fineract-provider/swagger-ui/index.html
[ https://issues.apache.org/jira/browse/FINERACT-1044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1044: - Fix Version/s: 1.4.0 > fineract-provider/swagger-ui/ => /fineract-provider/swagger-ui/index.html > - > > Key: FINERACT-1044 > URL: https://issues.apache.org/jira/browse/FINERACT-1044 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Minor > Fix For: 1.4.0 > > > Based on my current local testing of > https://github.com/apache/fineract/pull/1069/ for FINERACT-835: > It would be "nice to have" (prio Minor) if e.g. > http://localhost:8080/fineract-provider/swagger-ui/ would redirect to > http://localhost:8080/fineract-provider/swagger-ui/index.html > This is probably possible with a 2-3 lines of customization in > fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/boot/WebFrontEndConfiguration.java > ? > [~Manthan] and [~ptuomola] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1049) Shares account delete gives 405
[ https://issues.apache.org/jira/browse/FINERACT-1049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1049: Assignee: Natasha Natarajan (was: Manthan Surkar) > Shares account delete gives 405 > --- > > Key: FINERACT-1049 > URL: https://issues.apache.org/jira/browse/FINERACT-1049 > Project: Apache Fineract > Issue Type: Bug > Components: Shares >Reporter: Karan >Assignee: Natasha Natarajan >Priority: Minor > Labels: beginner > Attachments: Screenshot from 2020-06-23 16-27-59.png, > screenshot(7).png, screenshot(8).png > > > Shares account delete support is required. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1049) Shares account delete gives 405
[ https://issues.apache.org/jira/browse/FINERACT-1049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159012#comment-17159012 ] Manthan Surkar commented on FINERACT-1049: -- Yes [~natashan] please take this, I am working on other issues and there is no point in delaying this. Assigning to you. > Shares account delete gives 405 > --- > > Key: FINERACT-1049 > URL: https://issues.apache.org/jira/browse/FINERACT-1049 > Project: Apache Fineract > Issue Type: Bug > Components: Shares >Reporter: Karan >Assignee: Manthan Surkar >Priority: Minor > Labels: beginner > Attachments: Screenshot from 2020-06-23 16-27-59.png, > screenshot(7).png, screenshot(8).png > > > Shares account delete support is required. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1090) Add a Search/Filter option in swagger-ui
[ https://issues.apache.org/jira/browse/FINERACT-1090?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1090: Assignee: Manthan Surkar > Add a Search/Filter option in swagger-ui > > > Key: FINERACT-1090 > URL: https://issues.apache.org/jira/browse/FINERACT-1090 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > > Currently, It is very hard to navigate in swagger-UI, it would be nice to > have a search/filter option to find relevant APIs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINERACT-1090) Add a Search/Filter option in swagger-ui
Manthan Surkar created FINERACT-1090: Summary: Add a Search/Filter option in swagger-ui Key: FINERACT-1090 URL: https://issues.apache.org/jira/browse/FINERACT-1090 Project: Apache Fineract Issue Type: Sub-task Reporter: Manthan Surkar Currently, It is very hard to navigate in swagger-UI, it would be nice to have a search/filter option to find relevant APIs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1083) Swagger UI resource location to be version independent
[ https://issues.apache.org/jira/browse/FINERACT-1083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-1083. -- Resolution: Fixed > Swagger UI resource location to be version independent > -- > > Key: FINERACT-1083 > URL: https://issues.apache.org/jira/browse/FINERACT-1083 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Petri Tuomola >Priority: Major > > Swagger UI application is now included through the runtime dependency in the > Gradle file (dependency on 'org.webjars.npm:swagger-ui-dist'), and Tomcat is > then instructed to route requests for /swagger-ui to the WebJar (see code in > org.apache.fineract.infrastructure.core.boot.WebFrontEndConfiguration). > The only problem is that the code in > org.apache.fineract.infrastructure.core.boot.WebFrontEndConfiguration refers > to the WebJAR with a specific version number. When we upgrade the dependency > we need to also change the source code to point to the right version. A > better solution would be to make this version agnostic - either by using the > webjars-locator > ([https://mvnrepository.com/artifact/org.webjars/webjars-locator) > |https://mvnrepository.com/artifact/org.webjars/webjars-locator]or by simply > writing some code to find swagger.json from classpath and using the found > location to determine the right resource location to use. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-835) Generate swagger-ui/response.json at build time
[
https://issues.apache.org/jira/browse/FINERACT-835?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar resolved FINERACT-835.
-
Resolution: Fixed
> Generate swagger-ui/response.json at build time
> ---
>
> Key: FINERACT-835
> URL: https://issues.apache.org/jira/browse/FINERACT-835
> Project: Apache Fineract
> Issue Type: Sub-task
>Reporter: Michael Vorburger
>Assignee: Petri Tuomola
>Priority: Major
> Labels: beginner, documentation
> Fix For: 1.4.0
>
>
> We currently have src/main/resources/swagger-ui/response.json (checked into
> Git).
> That file seems to have been manually put there by people over time.
> https://github.com/apache/fineract/pull/629 (which got superseded by
> https://github.com/apache/fineract/pull/695) mentions that, quote:
> {quote}The already existing response.json file in
> src/main/resources/swagger-ui/ is the spec generated with the request
> https://localhost:8443/fineract-provider/api/v1/swagger.json. Every time a
> modification is done on the swagger docs or a new swagger doc is added, this
> spec needs to be generated again at runtime and the response.json file as
> well updated so that the modifications can be seen on the UI.{quote}
> and also:
> {quote}The io.swagger.core.v3.swagger-gradle-plugin is a plugin i had added
> to automatically generate the specs during build time and not at run time.
> This was so that every time one builds on the project, the response.json
> updates. But this did not work as expected.{quote}
> The review process of the PR raise for this issue will be as follows: We will
> modify one of the descriptions in one of those annotations added in the
> original PR. We will (manually, locally) run {{./gradlew build}}. If that
> updates the src/main/resources/swagger-ui/response.json, then this task is
> done, and the proposed PR will be merged.
> [~kangbreder] would you like to do this? Please raise PR with ONLY this
> change, nothing else. Specifically, please do NOT add other Gradle plugins to
> the build which are not directly related to this specific goal. For example,
> building client libraries, or moving that response.json file elsewhere, is
> out of scope of this sub-task. (I'll be creating another sub-task about those
> things.)
> [~awasum] [~sanyam] ([~sanyam96] ?) FYI
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (FINERACT-837) Make swagger-ui/response.json (?) a pure built time artifact, and remove it from Git
[
https://issues.apache.org/jira/browse/FINERACT-837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar resolved FINERACT-837.
-
Resolution: Fixed
> Make swagger-ui/response.json (?) a pure built time artifact, and remove it
> from Git
>
>
> Key: FINERACT-837
> URL: https://issues.apache.org/jira/browse/FINERACT-837
> Project: Apache Fineract
> Issue Type: Sub-task
>Reporter: Michael Vorburger
>Assignee: Petri Tuomola
>Priority: Major
>
> Once FINERACT-835 is fully implemented (do not start working on this until
> FINERACT-835 is merged), and just in order to reduce confusion about what is
> manually maintained and what is provided by the build, IMHO we really should
> make swagger-ui/response.json (or whatever will replace it?) a pure built
> time artifact.
> What I mean is that {{./gradlew build}} should produce this file at the
> appropriate place under {{build/}}, from where it should be picked up and
> included in the right place in the WAR. That file should then be removed from
> Git in {{src/main/resources/swagger-ui/response.json}} where it currently
> lives.
> I guess it would be cool to make this change after having the test proposed
> in FINERACT-836 just to "prove" that "it (?) still works as before and
> nothing broke".
> The assumption I've made here is that it's best to have this JSON file built
> at run-time. I know little about Swagger, and if the conclusion is that it's
> better and fine to just have something (Swagger runtime) build the Swagger
> JSON (YAML?) through scanning the annotations at runtime, and that's how this
> is typically done, then we can of course forget about, and just remove the
> {{src/main/resources/swagger-ui/response.json}} completely.
> [~kangbreder] would you like to do this? Please raise PR with ONLY this
> change, nothing else.
> [~awasum] [~sanyam] ([~sanyam96] ?) FYI
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1045) Replace links to demo.openmf.org on Swagger with (local) / links
[ https://issues.apache.org/jira/browse/FINERACT-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17157054#comment-17157054 ] Manthan Surkar commented on FINERACT-1045: -- I am changing the assignee since [~ptuomola] fixed this :D > Replace links to demo.openmf.org on Swagger with (local) / links > > > Key: FINERACT-1045 > URL: https://issues.apache.org/jira/browse/FINERACT-1045 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Petri Tuomola >Priority: Major > > Following [~ptuomola] PR [https://github.com/apache/fineract/pull/1069/files] > for FINERACT-835, we can now see stuff on > [http://localhost:8080/fineract-provider/swagger-ui/index.html#/] but the > very start of it, that top level description "Apache Fineract is a..." which > has many links to [https://demo.openmf.org/api-docs/apiLive.htm] looks weird, > now that we have apiLive.htm bundled in the app.. > As a first step, let's just replace all those links with absolute root links > to the instance's own self-hosted doc. > The goal of this issue should be that searching (grep) for "openmf.org" finds > no more matches at all. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1045) Replace links to demo.openmf.org on Swagger with (local) / links
[ https://issues.apache.org/jira/browse/FINERACT-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-1045. -- Resolution: Fixed > Replace links to demo.openmf.org on Swagger with (local) / links > > > Key: FINERACT-1045 > URL: https://issues.apache.org/jira/browse/FINERACT-1045 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Petri Tuomola >Priority: Major > > Following [~ptuomola] PR [https://github.com/apache/fineract/pull/1069/files] > for FINERACT-835, we can now see stuff on > [http://localhost:8080/fineract-provider/swagger-ui/index.html#/] but the > very start of it, that top level description "Apache Fineract is a..." which > has many links to [https://demo.openmf.org/api-docs/apiLive.htm] looks weird, > now that we have apiLive.htm bundled in the app.. > As a first step, let's just replace all those links with absolute root links > to the instance's own self-hosted doc. > The goal of this issue should be that searching (grep) for "openmf.org" finds > no more matches at all. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1066) NullPointerException at SQLInjectionValidator.validateSQLInput()
[
https://issues.apache.org/jira/browse/FINERACT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar resolved FINERACT-1066.
--
Resolution: Fixed
> NullPointerException at SQLInjectionValidator.validateSQLInput()
>
>
> Key: FINERACT-1066
> URL: https://issues.apache.org/jira/browse/FINERACT-1066
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Blocker
>
> See FINERACT-932 for general background; I'm currently seeing this in logs of
> [https://www.fineract.dev|https://www.fineract.dev/]:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput
> (SQLInjectionValidator.java:36)
> at
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection
> (ColumnValidator.java:94)
> at
> org.apache.fineract.portfolio.group.service.CenterReadPlatformServiceImpl.retrieveAll
> (CenterReadPlatformServiceImpl.java:432)
> at
> org.apache.fineract.portfolio.group.api.CentersApiResource.retrieveAll
> (CentersApiResource.java:219) {noformat}
> [~Manthan] is this perhaps something you'd like to pick up?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-1045) Replace links to demo.openmf.org on Swagger with (local) / links
[ https://issues.apache.org/jira/browse/FINERACT-1045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1045: Assignee: Petri Tuomola (was: Manthan Surkar) > Replace links to demo.openmf.org on Swagger with (local) / links > > > Key: FINERACT-1045 > URL: https://issues.apache.org/jira/browse/FINERACT-1045 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Petri Tuomola >Priority: Major > > Following [~ptuomola] PR [https://github.com/apache/fineract/pull/1069/files] > for FINERACT-835, we can now see stuff on > [http://localhost:8080/fineract-provider/swagger-ui/index.html#/] but the > very start of it, that top level description "Apache Fineract is a..." which > has many links to [https://demo.openmf.org/api-docs/apiLive.htm] looks weird, > now that we have apiLive.htm bundled in the app.. > As a first step, let's just replace all those links with absolute root links > to the instance's own self-hosted doc. > The goal of this issue should be that searching (grep) for "openmf.org" finds > no more matches at all. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1044) fineract-provider/swagger-ui/ => /fineract-provider/swagger-ui/index.html
[ https://issues.apache.org/jira/browse/FINERACT-1044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-1044. -- Resolution: Fixed > fineract-provider/swagger-ui/ => /fineract-provider/swagger-ui/index.html > - > > Key: FINERACT-1044 > URL: https://issues.apache.org/jira/browse/FINERACT-1044 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Minor > > Based on my current local testing of > https://github.com/apache/fineract/pull/1069/ for FINERACT-835: > It would be "nice to have" (prio Minor) if e.g. > http://localhost:8080/fineract-provider/swagger-ui/ would redirect to > http://localhost:8080/fineract-provider/swagger-ui/index.html > This is probably possible with a 2-3 lines of customization in > fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/boot/WebFrontEndConfiguration.java > ? > [~Manthan] and [~ptuomola] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1082) Automate Fineract version number population into Swagger doc
[ https://issues.apache.org/jira/browse/FINERACT-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1082: Assignee: Manthan Surkar > Automate Fineract version number population into Swagger doc > > > Key: FINERACT-1082 > URL: https://issues.apache.org/jira/browse/FINERACT-1082 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Assignee: Manthan Surkar >Priority: Minor > > Currently the Fineract version (e.g. 1.4.0) for Swagger documentation is > hardcoded into fineract-provider/config/swagger/fineract-input.json. This > should be automatically populated based on current Fineract version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1082) Automate Fineract version number population into Swagger doc
[ https://issues.apache.org/jira/browse/FINERACT-1082?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156389#comment-17156389 ] Manthan Surkar commented on FINERACT-1082: -- [~ptuomola] I am taking this up. > Automate Fineract version number population into Swagger doc > > > Key: FINERACT-1082 > URL: https://issues.apache.org/jira/browse/FINERACT-1082 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Petri Tuomola >Priority: Minor > > Currently the Fineract version (e.g. 1.4.0) for Swagger documentation is > hardcoded into fineract-provider/config/swagger/fineract-input.json. This > should be automatically populated based on current Fineract version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-733) Swagger Documentation for Fineract API's
[ https://issues.apache.org/jira/browse/FINERACT-733?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156387#comment-17156387 ] Manthan Surkar commented on FINERACT-733: - [~kangbreder] Can you please mark the issues that you have worked on and "completed" as closed? It would be really helpful to keep the track on this project. I cannot be completely sure whether a subtask was completely done or was some part of it was left in your PR (which had too many changes) I have only marked FINERACT-744 as closed as of now. > Swagger Documentation for Fineract API's > > > Key: FINERACT-733 > URL: https://issues.apache.org/jira/browse/FINERACT-733 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Vishwas Babu A J >Assignee: Michael Vorburger >Priority: Major > Labels: gsoc2019 > Fix For: 1.5.0 > > Attachments: Screen Shot 2019-03-17 at 3.59.23 AM.png > > Time Spent: 10m > Remaining Estimate: 0h > > The original documentation for Fineract is at > [https://github.com/apache/fineract/blob/develop/api-docs/apiLive.htm.] This > documentation was handcrafted to meet the following goals > # Provide a detailed overview of the API design and common options (under > "Overview" section of the top Navbar at > [https://demo.openmf.org/api-docs/apiLive.htm|https://demo.openmf.org/api-docs/apiLive.htm#loans]) > # Help consumers to easily visualize related API's to quickly determine the > scope of functionality supported by the system ( Ex: links to all loan > related API's consolidated under the "Loan" section of the navbar) > # For each entity in the system, provide a meaningful description of what > the entity represents in the real world (Ex: > [https://demo.openmf.org/api-docs/apiLive.htm#glaccounts] ) > # For common fields associated with an entity, provide a meaningful > description of what they represent and how they are to be used (Ex: > [https://demo.openmf.org/api-docs/apiLive.htm#loans] , see the description > and detailed explanation of fields like transactionProcessingStrategyId ) > # Provide a detailed overview of the functionality supported by each API > call (especially when their usage is not obvious, see the detailed > documentation for Batch API's at > [https://demo.openmf.org/api-docs/apiLive.htm#batch_api] ) > # Provide examples of sample requests and responses for each API call > However, this documentation suffered a major drawback, i.e all of it was > handwritten and was difficult for new committers to add to and maintain. It > was also preferable that users be allowed to try out all API's from the > documentation itself, which wasn't an option. > The newly added Swagger documentation aims to address these concerns. The > current status of the same and the work needed to meet the goals of the > original documentation is described below > > *Goal 1* > The swagger docs rely on the existing API docs through hyperlinks for the > entire overview section. To make the swagger docs the single source of truth > for API documentation, the existing docs need to be deprecated. For doing the > same, this entire section needs to be copied over to the swagger UI (and well > formatted) and all references to the older docs removed. ** > *Goal 2* > All API's are currently listed in a random order and someone new to the > system cannot comprehend relationships between them. The home page needs to > be improved with either a sidebar or a navbar (similar to the one in the > existing documentation) which groups together related API's and provides > hyperlinks to their swagger documentation > *Goal 3* > While entity descriptions seem to be present in the codebase (Ex: > https://github.com/apache/fineract/blob/201cbf82f67f7a623b8c38bf9465f4af79791c20/fineract-provider/src/main/java/org/apache/fineract/portfolio/savings/api/SavingsAccountsApiResource.java#L76), > they aren't reflected in the generated documentation. This is likely because > the description field is deprecated, see discussion at > [https://github.com/swagger-api/swagger-core/issues/1476.] > It would be nice if this description was well formatted too. > *Goal 4* > Taking [https://demo.openmf.org/api-docs/apiLive.htm#loans] as an example, > the details and descriptions of fields like "transactionProcessingStrategyId" > are not carried over. Without this information, an API consumer would not > understand what each of these (non-obvious) fields mean and how they are to > be used. > *Goal 5* > The amount of information present for an API like > [https://demo.openmf.org/api-docs/apiLive.htm#batch_api] is significantly > more than that of the equivalent API in Swagger (detailed description, > possible errors, command strategies supported etc). We would need
[jira] [Assigned] (FINERACT-836) Integration Test the Swagger UI
[ https://issues.apache.org/jira/browse/FINERACT-836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-836: --- Assignee: Manthan Surkar > Integration Test the Swagger UI > --- > > Key: FINERACT-836 > URL: https://issues.apache.org/jira/browse/FINERACT-836 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > > With the various changes related to Swagger proposed in the other subtasks, > it occurred to me what it could be nice and cool if there was an integration > test which provided for future non-regression proving that "Swagger worked". > I'm not entirely sure how to best do this, but I'm thinking something simple > and pragmatic... definitely not actually clicking around the UI with > WebDrive, just just hitting some URL which provides the generated JSON file > at runtime, and makes sure that's a 200 and not a 500 - would that make any > sense? [~sanyam] ([~sanyam96] ?) your thoughts very welcome... > [~kangbreder] would you like to do this? Again, we want 1 PR for JUST and > ONLY this. > [~awasum] FYI -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-744) Add swagger document for adhocquery api
[ https://issues.apache.org/jira/browse/FINERACT-744?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar resolved FINERACT-744. - Resolution: Fixed > Add swagger document for adhocquery api > --- > > Key: FINERACT-744 > URL: https://issues.apache.org/jira/browse/FINERACT-744 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for adhocquery api module. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-744) Add swagger document for adhocquery api
[ https://issues.apache.org/jira/browse/FINERACT-744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156384#comment-17156384 ] Manthan Surkar commented on FINERACT-744: - >From GSOC report of [~kangbreder] Refer: https://gist.github.com/kangbreder/034f47e2e8015cee10b48b7c5f1b8df1#task1-complete-swagger-documentation-on-all-apis-of-fineractcompleted I am marking this as complete ( along with other issues similar to this). FYI [~rahul.usit12] [~sanyam96] [~kangbreder] [~vorburger] > Add swagger document for adhocquery api > --- > > Key: FINERACT-744 > URL: https://issues.apache.org/jira/browse/FINERACT-744 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Rahul Goel >Priority: Minor > Labels: fineract-swagger-doc > > Add documentation for adhocquery api module. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-842) Make the Try it Button on swagger ui accept client requests and produce responses
[ https://issues.apache.org/jira/browse/FINERACT-842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-842: --- Assignee: Manthan Surkar > Make the Try it Button on swagger ui accept client requests and produce > responses > - > > Key: FINERACT-842 > URL: https://issues.apache.org/jira/browse/FINERACT-842 > Project: Apache Fineract > Issue Type: Sub-task >Reporter: Michael Vorburger >Assignee: Manthan Surkar >Priority: Major > Labels: beginner, documentation > > as described in [~kangbreder] > https://docs.google.com/document/d/1EfnwUjyAJzpeMwDWKRAPQN5YNrpwCvVigfIEoudVStg/edit# > the goal of this sub-task is to make the "Try It" button on the Swagger UI > work. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1047) Integration tests for audit trails
[ https://issues.apache.org/jira/browse/FINERACT-1047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17154545#comment-17154545 ] Manthan Surkar commented on FINERACT-1047: -- This issue can be closed after the PR #1164 and #1165 are merged :) > Integration tests for audit trails > -- > > Key: FINERACT-1047 > URL: https://issues.apache.org/jira/browse/FINERACT-1047 > Project: Apache Fineract > Issue Type: Test >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > Related to FINERACT-799 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-837) Make swagger-ui/response.json (?) a pure built time artifact, and remove it from Git
[
https://issues.apache.org/jira/browse/FINERACT-837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17154056#comment-17154056
]
Manthan Surkar commented on FINERACT-837:
-
[~ptuomola] Hello!
This really made huge progress! Greatt! Since most of the part is now done, I
was looking into FINERACT-1045 which includes replacing the links to old docs
to the local one.
Having seen your comment, the metadata(initial summary) is still not present in
the fineract.json (is that why this is still open?) Since response.json is to
be removed FINERACT-1045 I don't think we should fix the URLs in it, but add
the correct one to the config for fineract.json. Is that only thing that's
remaining? (at least as I can see?) Can you please tell if you have already/or
are working on that? (I can pick the adding part if you are not working already
)
After that,
I tested the fineract.json and it looks good, I was worried about the missing
files though(js files) which are needed by swagger to run and were deleted in
https://github.com/apache/fineract/pull/1069/files . I hope this question makes
sense- should we not add it to the correct place (or maybe it is somehow
downloaded with the version if that's the case). Is it something to be worked
on? I was confused on how that thing works.
[~ptuomola] can you please answer the doubts?
> Make swagger-ui/response.json (?) a pure built time artifact, and remove it
> from Git
>
>
> Key: FINERACT-837
> URL: https://issues.apache.org/jira/browse/FINERACT-837
> Project: Apache Fineract
> Issue Type: Sub-task
>Reporter: Michael Vorburger
>Assignee: Petri Tuomola
>Priority: Major
>
> Once FINERACT-835 is fully implemented (do not start working on this until
> FINERACT-835 is merged), and just in order to reduce confusion about what is
> manually maintained and what is provided by the build, IMHO we really should
> make swagger-ui/response.json (or whatever will replace it?) a pure built
> time artifact.
> What I mean is that {{./gradlew build}} should produce this file at the
> appropriate place under {{build/}}, from where it should be picked up and
> included in the right place in the WAR. That file should then be removed from
> Git in {{src/main/resources/swagger-ui/response.json}} where it currently
> lives.
> I guess it would be cool to make this change after having the test proposed
> in FINERACT-836 just to "prove" that "it (?) still works as before and
> nothing broke".
> The assumption I've made here is that it's best to have this JSON file built
> at run-time. I know little about Swagger, and if the conclusion is that it's
> better and fine to just have something (Swagger runtime) build the Swagger
> JSON (YAML?) through scanning the annotations at runtime, and that's how this
> is typically done, then we can of course forget about, and just remove the
> {{src/main/resources/swagger-ui/response.json}} completely.
> [~kangbreder] would you like to do this? Please raise PR with ONLY this
> change, nothing else.
> [~awasum] [~sanyam] ([~sanyam96] ?) FYI
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-1066) NullPointerException at SQLInjectionValidator.validateSQLInput()
[
https://issues.apache.org/jira/browse/FINERACT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manthan Surkar reassigned FINERACT-1066:
Assignee: Manthan Surkar
> NullPointerException at SQLInjectionValidator.validateSQLInput()
>
>
> Key: FINERACT-1066
> URL: https://issues.apache.org/jira/browse/FINERACT-1066
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Blocker
>
> See FINERACT-932 for general background; I'm currently seeing this in logs of
> [https://www.fineract.dev|https://www.fineract.dev/]:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput
> (SQLInjectionValidator.java:36)
> at
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection
> (ColumnValidator.java:94)
> at
> org.apache.fineract.portfolio.group.service.CenterReadPlatformServiceImpl.retrieveAll
> (CenterReadPlatformServiceImpl.java:432)
> at
> org.apache.fineract.portfolio.group.api.CentersApiResource.retrieveAll
> (CentersApiResource.java:219) {noformat}
> [~Manthan] is this perhaps something you'd like to pick up?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1066) NullPointerException at SQLInjectionValidator.validateSQLInput()
[
https://issues.apache.org/jira/browse/FINERACT-1066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151315#comment-17151315
]
Manthan Surkar commented on FINERACT-1066:
--
Picking this up.
> NullPointerException at SQLInjectionValidator.validateSQLInput()
>
>
> Key: FINERACT-1066
> URL: https://issues.apache.org/jira/browse/FINERACT-1066
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Michael Vorburger
>Priority: Blocker
>
> See FINERACT-932 for general background; I'm currently seeing this in logs of
> [https://www.fineract.dev|https://www.fineract.dev/]:
> {noformat} java.lang.NullPointerException
> at
> org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput
> (SQLInjectionValidator.java:36)
> at
> org.apache.fineract.infrastructure.security.utils.ColumnValidator.validateSqlInjection
> (ColumnValidator.java:94)
> at
> org.apache.fineract.portfolio.group.service.CenterReadPlatformServiceImpl.retrieveAll
> (CenterReadPlatformServiceImpl.java:432)
> at
> org.apache.fineract.portfolio.group.api.CentersApiResource.retrieveAll
> (CentersApiResource.java:219) {noformat}
> [~Manthan] is this perhaps something you'd like to pick up?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149644#comment-17149644 ] Manthan Surkar commented on FINERACT-1058: -- Implemented in: https://github.com/apache/fineract/pull/1123 Failing due to flaky tests currently. > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149416#comment-17149416 ] Manthan Surkar commented on FINERACT-1058: -- Update: Good news -> prepared SQL statement is supported for limit, order by, adding this implementation. > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149363#comment-17149363 ] Manthan Surkar edited comment on FINERACT-1058 at 7/1/20, 11:58 AM: In my opinion: We can add the functionality to add orderBY,limit,offset. Orderby -> check if it matches with column name regex Limit -> should be an integer or "ALL" Offset -> should be an integer Note that all these 3 values come from the user, if we now add this functionally we probably can remove the use validateSQLInjection function also? And completely remove the validates input function. I am currently testing if it is supported as a prepared statement, which would probably solve this problem as well. WDTY? [~vorburger] [~awasum] was (Author: manthan): In my opinion: We can add the functionality to add orderBY,limit,offset. Orderby -> check if it matches with column name regex Limit -> should be an integer or "ALL" Offset -> should be an integer Note that all these 3 values come from the user, if we now add this functionally we probably can remove the use validateSQLInjection function also? And completely remove the validates input function. WDTY? [~vorburger] [~awasum] > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149363#comment-17149363 ] Manthan Surkar commented on FINERACT-1058: -- In my opinion: We can add the functionality to add orderBY,limit,offset. Orderby -> check if it matches with column name regex Limit -> should be an integer or "ALL" Offset -> should be an integer Note that all these 3 values come from the user, if we now add this functionally we probably can remove the use validateSQLInjection function also? And completely remove the validates input function. WDTY? [~vorburger] [~awasum] > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149358#comment-17149358 ] Manthan Surkar edited comment on FINERACT-1058 at 7/1/20, 11:53 AM: [~vorburger] I have noticed a problem, our final aim here is to remove all use of validateSQLinput function (right?), in that case, we cannot use the function *this.columnValidator.validateSqlInjection(sqlBuilder.toString(), parameters.orderBySql());* Since this function then calls validateSQLinput, (which is the current implementation) also this happens in audit trails (Which we initially fixed and I am taking it as a base to work for other sections). Should I be focused on removing validateSqlInjection function ( which calls validateSQLinput)?(which then would mean changes in about 25-30 files, converting all order by and limit as called by the new approach? or just clean up the use of extra criteria with prepared statements (which was done with audit trails?) was (Author: manthan): [~vorburger] I have noticed a problem, our final aim here is to remove all use of validateSQLinput function (right?), in that case, we cannot use the function *this.columnValidator.validateSqlInjection(sqlBuilder.toString(), parameters.orderBySql()); * Since this function then calls validateSQLinput, (which is the current implementation) also this happens in audit trails (Which we initially fixed and I am taking it as a base to work for other sections). Should I be focused on removing validateSqlInjection function ( which calls validateSQLinput)?(which then would mean changes in about 25-30 files, converting all order by and limit as called by the new approach? or just clean up the use of extra criteria with prepared statements (which was done with audit trails?) > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149358#comment-17149358 ] Manthan Surkar commented on FINERACT-1058: -- [~vorburger] I have noticed a problem, our final aim here is to remove all use of validateSQLinput function (right?), in that case, we cannot use the function *this.columnValidator.validateSqlInjection(sqlBuilder.toString(), parameters.orderBySql()); * Since this function then calls validateSQLinput, (which is the current implementation) also this happens in audit trails (Which we initially fixed and I am taking it as a base to work for other sections). Should I be focused on removing validateSqlInjection function ( which calls validateSQLinput)?(which then would mean changes in about 25-30 files, converting all order by and limit as called by the new approach? or just clean up the use of extra criteria with prepared statements (which was done with audit trails?) > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1058: - Attachment: screenshot-1.png > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[
https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148110#comment-17148110
]
Manthan Surkar commented on FINERACT-1058:
--
Extending this to a more general case, we cannot just add support for limit and
order by since then Offset query comes into the picture. The general case would
be to support a non-operator based query.
The problem: They need to be written in a particular order in a query which
makes It little bit harder.
[ ORDER BY sort_expression1 [ASC | DESC] [, sort_expression2 [ASC | DESC] ...]
] [ LIMIT { number | ALL } ] [ OFFSET number ]
> Add support for "limit" and "order by" query in SQLBuilder
> ---
>
> Key: FINERACT-1058
> URL: https://issues.apache.org/jira/browse/FINERACT-1058
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Manthan Surkar
>Assignee: Manthan Surkar
>Priority: Major
>
> This is in continuation of the work done by [~vorburger] in
> https://github.com/apache/fineract/pull/725
> The SQL builder currently does not support limit and order by operation. We
> can either keep the operations independent of SQLbuilder (which is certainly
> not recommended imo) or add it as a part of it.
> WDYT [~vorburger] [~awasum]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar updated FINERACT-1058: - Description: This is in continuation of the work done by [~vorburger] in https://github.com/apache/fineract/pull/725 The SQL builder currently does not support limit and order by operation. We can either keep the operations independent of SQLbuilder (which is certainly not recommended imo) or add it as a part of it. WDYT [~vorburger] [~awasum] > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
Manthan Surkar created FINERACT-1058: Summary: Add support for "limit" and "order by" query in SQLBuilder Key: FINERACT-1058 URL: https://issues.apache.org/jira/browse/FINERACT-1058 Project: Apache Fineract Issue Type: Improvement Reporter: Manthan Surkar -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1058: Assignee: Manthan Surkar > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1047) Integration tests for audit trails
[ https://issues.apache.org/jira/browse/FINERACT-1047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146221#comment-17146221 ] Manthan Surkar commented on FINERACT-1047: -- More to come! It seems like we were typing the comment at the same time. :P > Integration tests for audit trails > -- > > Key: FINERACT-1047 > URL: https://issues.apache.org/jira/browse/FINERACT-1047 > Project: Apache Fineract > Issue Type: Test >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > Related to FINERACT-799 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1047) Integration tests for audit trails
[ https://issues.apache.org/jira/browse/FINERACT-1047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146219#comment-17146219 ] Manthan Surkar commented on FINERACT-1047: -- [~vorburger] Can you please guide me on the following doubts: 1. To test each operation like limit, sortBy, orderBY it is expected to have some audits. The audits are already created(And verified) In the creation test. Am I expected to use the same audits(by somehow making that test run first) or to create new audits again? 2. For OrderBy -> The route OrderBy="somethingnotallowed" gives a error and OrderBy="somethingallowed" gives a 200, in this case, am I expected to check if the received data is in order or just verifying that the code is 200 would work. > Integration tests for audit trails > -- > > Key: FINERACT-1047 > URL: https://issues.apache.org/jira/browse/FINERACT-1047 > Project: Apache Fineract > Issue Type: Test >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.4.0 > > > Related to FINERACT-799 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1049) Shares account delete gives 405
[ https://issues.apache.org/jira/browse/FINERACT-1049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146195#comment-17146195 ] Manthan Surkar commented on FINERACT-1049: -- [~vorburger] I had a discussion with [~karantakalkar] on this issue, I am taking this up. > Shares account delete gives 405 > --- > > Key: FINERACT-1049 > URL: https://issues.apache.org/jira/browse/FINERACT-1049 > Project: Apache Fineract > Issue Type: Bug > Components: Shares >Reporter: Karan >Priority: Minor > Labels: beginner > Attachments: Screenshot from 2020-06-23 16-27-59.png, > screenshot(7).png, screenshot(8).png > > > Shares account delete support is required. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1049) Shares account delete gives 405
[ https://issues.apache.org/jira/browse/FINERACT-1049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manthan Surkar reassigned FINERACT-1049: Assignee: Manthan Surkar > Shares account delete gives 405 > --- > > Key: FINERACT-1049 > URL: https://issues.apache.org/jira/browse/FINERACT-1049 > Project: Apache Fineract > Issue Type: Bug > Components: Shares >Reporter: Karan >Assignee: Manthan Surkar >Priority: Minor > Labels: beginner > Attachments: Screenshot from 2020-06-23 16-27-59.png, > screenshot(7).png, screenshot(8).png > > > Shares account delete support is required. -- This message was sent by Atlassian Jira (v8.3.4#803005)
