[jira] [Created] (OFBIZ-11341) Possible NullPointerException in FinAccountServices
Michael Brohl created OFBIZ-11341: - Summary: Possible NullPointerException in FinAccountServices Key: OFBIZ-11341 URL: https://issues.apache.org/jira/browse/OFBIZ-11341 Project: OFBiz Issue Type: Bug Components: accounting Affects Versions: Release Branch 16.11, 17.12.01 Reporter: Michael Brohl Assignee: Michael Brohl In r1828233 I fixed a bug which was not tracked by Jira and needs backporting to 17.12. I also noticed that this is also present in the 16.11 release branch. Should it be backported there also? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11340) Crashed Scheduled jobs are not getting rescheduled with temporal expression
[ https://issues.apache.org/jira/browse/OFBIZ-11340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17031313#comment-17031313 ] Mohammed Rehan Khan commented on OFBIZ-11340: - Thank you so much [~lektran]. I have updated the patch with the suggested changes. > Crashed Scheduled jobs are not getting rescheduled with temporal expression > --- > > Key: OFBIZ-11340 > URL: https://issues.apache.org/jira/browse/OFBIZ-11340 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Mohammed Rehan Khan >Assignee: Nicolas Malin >Priority: Major > Attachments: OFBIZ-11340.patch, OFBIZ-11340.patch, OFBiz_ > JobSandbox_1.png, OFBiz_ JobSandbox_2.png > > > *Scenario:* > # Import Schedule service data with temporal expression id. > # JobManager creates a child Job with temExprId in _pending_ status when the > imported Job is in _running_ status. > # Now the parent Job is in _running_ status and the child Job, which is in > _pending_ status, transitions to _queued_ status if Job Poll size is full. In > this scenario, if we restart the server then both Jobs are Crashed and > JobManager creates child Job without tempExprdId. > > *Example:* Please refer to the attached screenshots. > # Job 32993100 is imported with TempExprId > # When Job 32993100 is in running status, then Job 32993101 is created with > TempExprId in pending status but job 32993101 is moved to Queued status if > job poll size is full. > # If we restart the server then JobPoller runs reloadCrashedJobs() and both > jobs are crashed and JobManager creates two child jobs (32993200, 32993201) > without TempExprId. > So in this case of missing temporal expression id job manager will not be > able to schedule further jobs. > > *Expected:* If Queued Job (32993101) is crashed then its corresponding Job > (32993200) should have TempExprId to continue further scheduling. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11340) Crashed Scheduled jobs are not getting rescheduled with temporal expression
[ https://issues.apache.org/jira/browse/OFBIZ-11340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mohammed Rehan Khan updated OFBIZ-11340: Attachment: OFBIZ-11340.patch > Crashed Scheduled jobs are not getting rescheduled with temporal expression > --- > > Key: OFBIZ-11340 > URL: https://issues.apache.org/jira/browse/OFBIZ-11340 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Mohammed Rehan Khan >Assignee: Nicolas Malin >Priority: Major > Attachments: OFBIZ-11340.patch, OFBIZ-11340.patch, OFBiz_ > JobSandbox_1.png, OFBiz_ JobSandbox_2.png > > > *Scenario:* > # Import Schedule service data with temporal expression id. > # JobManager creates a child Job with temExprId in _pending_ status when the > imported Job is in _running_ status. > # Now the parent Job is in _running_ status and the child Job, which is in > _pending_ status, transitions to _queued_ status if Job Poll size is full. In > this scenario, if we restart the server then both Jobs are Crashed and > JobManager creates child Job without tempExprdId. > > *Example:* Please refer to the attached screenshots. > # Job 32993100 is imported with TempExprId > # When Job 32993100 is in running status, then Job 32993101 is created with > TempExprId in pending status but job 32993101 is moved to Queued status if > job poll size is full. > # If we restart the server then JobPoller runs reloadCrashedJobs() and both > jobs are crashed and JobManager creates two child jobs (32993200, 32993201) > without TempExprId. > So in this case of missing temporal expression id job manager will not be > able to schedule further jobs. > > *Expected:* If Queued Job (32993101) is crashed then its corresponding Job > (32993200) should have TempExprId to continue further scheduling. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11340) Crashed Scheduled jobs are not getting rescheduled with temporal expression
[ https://issues.apache.org/jira/browse/OFBIZ-11340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17031146#comment-17031146 ] Scott Gray commented on OFBIZ-11340: Looks good to me [~rehan.khan], my only thought though is that whatever we do to `tempExprId`, we should also do to `recurrenceInfoId` since either field can be used to schedule a recurring job. I imagine the same problem exists with that field cc [~jacopoc] > Crashed Scheduled jobs are not getting rescheduled with temporal expression > --- > > Key: OFBIZ-11340 > URL: https://issues.apache.org/jira/browse/OFBIZ-11340 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Mohammed Rehan Khan >Assignee: Nicolas Malin >Priority: Major > Attachments: OFBIZ-11340.patch, OFBiz_ JobSandbox_1.png, OFBiz_ > JobSandbox_2.png > > > *Scenario:* > # Import Schedule service data with temporal expression id. > # JobManager creates a child Job with temExprId in _pending_ status when the > imported Job is in _running_ status. > # Now the parent Job is in _running_ status and the child Job, which is in > _pending_ status, transitions to _queued_ status if Job Poll size is full. In > this scenario, if we restart the server then both Jobs are Crashed and > JobManager creates child Job without tempExprdId. > > *Example:* Please refer to the attached screenshots. > # Job 32993100 is imported with TempExprId > # When Job 32993100 is in running status, then Job 32993101 is created with > TempExprId in pending status but job 32993101 is moved to Queued status if > job poll size is full. > # If we restart the server then JobPoller runs reloadCrashedJobs() and both > jobs are crashed and JobManager creates two child jobs (32993200, 32993201) > without TempExprId. > So in this case of missing temporal expression id job manager will not be > able to schedule further jobs. > > *Expected:* If Queued Job (32993101) is crashed then its corresponding Job > (32993200) should have TempExprId to continue further scheduling. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10956) Have a service to load records in the CountryDimension
[ https://issues.apache.org/jira/browse/OFBIZ-10956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030986#comment-17030986 ] Pierre Smits commented on OFBIZ-10956: -- The details of the contribution can be found via https://github.com/PierreSmits/ofbiz-plugins/commit/ea214e4842220d7958c903b01be3357e21d02b7d > Have a service to load records in the CountryDimension > -- > > Key: OFBIZ-10956 > URL: https://issues.apache.org/jira/browse/OFBIZ-10956 > Project: OFBiz > Issue Type: Improvement > Components: bi >Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12 >Reporter: Pierre Smits >Assignee: Ankit Joshi >Priority: Major > Labels: CountryDimension, birt, country, dimension, dwh, service > > Depending on [OFBIZ-10954|https://issues.apache.org/jira/browse/OFBIZ-10954] > The service should be invoked on initialisation of the data warehouse. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10297) Add Document Content: acc-global-settings.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030890#comment-17030890 ] Olivier Heintz commented on OFBIZ-10297: Add, not empty help file (previously in docbook format) in the acc-global-settings file [^GlobalGlSetting-Help-Docbook-file-migration-to-asciidoc_diff.patch] > Add Document Content: acc-global-settings.adoc > -- > > Key: OFBIZ-10297 > URL: https://issues.apache.org/jira/browse/OFBIZ-10297 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Reporter: Sharan Foga >Assignee: Sharan Foga >Priority: Minor > Labels: accounting, asciidoc, documentation > Fix For: Upcoming Branch > > Attachments: > GlobalGlSetting-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content for acc-global-settings.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10297) Add Document Content: acc-global-settings.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz updated OFBIZ-10297: --- Attachment: GlobalGlSetting-Help-Docbook-file-migration-to-asciidoc_diff.patch > Add Document Content: acc-global-settings.adoc > -- > > Key: OFBIZ-10297 > URL: https://issues.apache.org/jira/browse/OFBIZ-10297 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Reporter: Sharan Foga >Assignee: Sharan Foga >Priority: Minor > Labels: accounting, asciidoc, documentation > Fix For: Upcoming Branch > > Attachments: > GlobalGlSetting-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content for acc-global-settings.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux closed OFBIZ-11329. --- Fix Version/s: 18.12.01 17.12.01 Resolution: Fixed > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Fix For: 17.12.01, 18.12.01 > > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[
https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030832#comment-17030832
]
Jacques Le Roux edited comment on OFBIZ-11329 at 2/5/20 5:30 PM:
-
Since you are interested in (simple version):
{noformat}
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk)
$ git pull
First, rewinding head to replay your work on top of it...
Applying: Improved: Updated plugins url in release17.12
Using index info to reconstruct a base tree...
M build.gradle
Falling back to patching base and 3-way merge...
Auto-merging build.gradle
CONFLICT (content): Merge conflict in build.gradle
Staged 'build.gradle' using previous resolution.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 Improved: Updated plugins url in release17.12
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
{noformat}
Better solution:
{noformat}
git fetch origin
git reset --hard origin/master
{noformat}
Then I got my stash, previous to backport, clean... pfew...
was (Author: jacques.le.roux):
Since you are interested in:
{noformat}
Since you are interested in:
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk)
$ git pull
First, rewinding head to replay your work on top of it...
Applying: Improved: Updated plugins url in release17.12
Using index info to reconstruct a base tree...
M build.gradle
Falling back to patching base and 3-way merge...
Auto-merging build.gradle
CONFLICT (content): Merge conflict in build.gradle
Staged 'build.gradle' using previous resolution.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 Improved: Updated plugins url in release17.12
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$ git rebase --skip
Applying: "Applied fix from trunk for revision: 1819805"
Using index info to reconstruct a base tree...
M themes/rainbowstone/ofbiz-component.xml
M themes/rainbowstone/template/includes/TopAppBar.ftl
Falling back to patching base and 3-way merge...
Auto-merging themes/rainbowstone/template/includes/TopAppBar.ftl
CONFLICT (add/add): Merge conflict in
themes/rainbowstone/config/rainbowstone.properties
Auto-merging themes/rainbowstone/config/rainbowstone.properties
Recorded preimage for 'themes/rainbowstone/config/rainbowstone.properties'
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0002 "Applied fix from trunk for revision: 1819805"
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 2/130)
$ git rebase --abort
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk)
$ git pull
First, rewinding head to replay your work on top of it...
Applying: Improved: Updated plugins url in release17.12
Using index info to reconstruct a base tree...
M build.gradle
Falling back to patching base and 3-way merge...
Auto-merging build.gradle
CONFLICT (content): Merge conflict in build.gradle
Staged 'build.gradle' using previous resolution.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 Improved: Updated plugins url in release17.12
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$ git am --show-current-patch
commit 4c65b791a0db7e2738dd6fd0c56cbd63f147d695
Author: Deepak Dixit
Date: Thu Dec 28 10:11:00 2017 +
Improved: Updated plugins url in release17.12
git-svn-id:
https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/branches/release17.12@1819413
13f79535-47bb-0310-9956-ffa450edef68
diff --git a/build.gradle b/build.gradle
index 05b8e4fca2..8bab70657d 100644
---
[jira] [Comment Edited] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[
https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030832#comment-17030832
]
Jacques Le Roux edited comment on OFBIZ-11329 at 2/5/20 5:27 PM:
-
Since you are interested in:
{noformat}
Since you are interested in:
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk)
$ git pull
First, rewinding head to replay your work on top of it...
Applying: Improved: Updated plugins url in release17.12
Using index info to reconstruct a base tree...
M build.gradle
Falling back to patching base and 3-way merge...
Auto-merging build.gradle
CONFLICT (content): Merge conflict in build.gradle
Staged 'build.gradle' using previous resolution.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 Improved: Updated plugins url in release17.12
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$ git rebase --skip
Applying: "Applied fix from trunk for revision: 1819805"
Using index info to reconstruct a base tree...
M themes/rainbowstone/ofbiz-component.xml
M themes/rainbowstone/template/includes/TopAppBar.ftl
Falling back to patching base and 3-way merge...
Auto-merging themes/rainbowstone/template/includes/TopAppBar.ftl
CONFLICT (add/add): Merge conflict in
themes/rainbowstone/config/rainbowstone.properties
Auto-merging themes/rainbowstone/config/rainbowstone.properties
Recorded preimage for 'themes/rainbowstone/config/rainbowstone.properties'
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0002 "Applied fix from trunk for revision: 1819805"
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 2/130)
$ git rebase --abort
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk)
$ git pull
First, rewinding head to replay your work on top of it...
Applying: Improved: Updated plugins url in release17.12
Using index info to reconstruct a base tree...
M build.gradle
Falling back to patching base and 3-way merge...
Auto-merging build.gradle
CONFLICT (content): Merge conflict in build.gradle
Staged 'build.gradle' using previous resolution.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 Improved: Updated plugins url in release17.12
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$ git am --show-current-patch
commit 4c65b791a0db7e2738dd6fd0c56cbd63f147d695
Author: Deepak Dixit
Date: Thu Dec 28 10:11:00 2017 +
Improved: Updated plugins url in release17.12
git-svn-id:
https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/branches/release17.12@1819413
13f79535-47bb-0310-9956-ffa450edef68
diff --git a/build.gradle b/build.gradle
index 05b8e4fca2..8bab70657d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -754,7 +754,7 @@ task pullPluginSource(group: ofbizPlugin, description:
'Download and install a p
if (project.hasProperty('pluginId')) {
task pullPluginFromSvn(type: SvnCheckout) {
-svnUrl =
"https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk/${pluginId};
+svnUrl =
"https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12/${pluginId};
workspaceDir = "${pluginsDir}/${pluginId}"
}
dependsOn pullPluginFromSvn
@@ -771,7 +771,7 @@ task pullAllPluginsSource(group: ofbizPlugin,
doLast { delete "${pluginsDir}" }
}
task pullPluginsFromSvn(type: SvnCheckout, dependsOn: deleteBeforePulling)
{
-svnUrl = "https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk;
+svnUrl =
"https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12;
workspaceDir = "${pluginsDir}"
}
dependsOn pullPluginsFromSvn
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$
{noformat}
Then I got
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[
https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030832#comment-17030832
]
Jacques Le Roux commented on OFBIZ-11329:
-
Since you are interested in:
{noformat}
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$ git rebase --skip
Applying: "Applied fix from trunk for revision: 1819805"
Using index info to reconstruct a base tree...
M themes/rainbowstone/ofbiz-component.xml
M themes/rainbowstone/template/includes/TopAppBar.ftl
Falling back to patching base and 3-way merge...
Auto-merging themes/rainbowstone/template/includes/TopAppBar.ftl
CONFLICT (add/add): Merge conflict in
themes/rainbowstone/config/rainbowstone.properties
Auto-merging themes/rainbowstone/config/rainbowstone.properties
Recorded preimage for 'themes/rainbowstone/config/rainbowstone.properties'
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0002 "Applied fix from trunk for revision: 1819805"
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 2/130)
$ git rebase --abort
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk)
$ git pull
First, rewinding head to replay your work on top of it...
Applying: Improved: Updated plugins url in release17.12
Using index info to reconstruct a base tree...
M build.gradle
Falling back to patching base and 3-way merge...
Auto-merging build.gradle
CONFLICT (content): Merge conflict in build.gradle
Staged 'build.gradle' using previous resolution.
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch' to see the failed patch
Patch failed at 0001 Improved: Updated plugins url in release17.12
Resolve all conflicts manually, mark them as resolved with
"git add/rm ", then run "git rebase --continue".
You can instead skip this commit: run "git rebase --skip".
To abort and get back to the state before "git rebase", run "git rebase
--abort".
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
$ git am --show-current-patch
commit 4c65b791a0db7e2738dd6fd0c56cbd63f147d695
Author: Deepak Dixit
Date: Thu Dec 28 10:11:00 2017 +
Improved: Updated plugins url in release17.12
git-svn-id:
https://svn.apache.org/repos/asf/ofbiz/ofbiz-framework/branches/release17.12@1819413
13f79535-47bb-0310-9956-ffa450edef68
diff --git a/build.gradle b/build.gradle
index 05b8e4fca2..8bab70657d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -754,7 +754,7 @@ task pullPluginSource(group: ofbizPlugin, description:
'Download and install a p
if (project.hasProperty('pluginId')) {
task pullPluginFromSvn(type: SvnCheckout) {
-svnUrl =
"https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk/${pluginId};
+svnUrl =
"https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12/${pluginId};
workspaceDir = "${pluginsDir}/${pluginId}"
}
dependsOn pullPluginFromSvn
@@ -771,7 +771,7 @@ task pullAllPluginsSource(group: ofbizPlugin,
doLast { delete "${pluginsDir}" }
}
task pullPluginsFromSvn(type: SvnCheckout, dependsOn: deleteBeforePulling)
{
-svnUrl = "https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk;
+svnUrl =
"https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12;
workspaceDir = "${pluginsDir}"
}
dependsOn pullPluginsFromSvn
Jacques@LDLC MINGW64 /c/projectsASF/Git/ofbiz-framework (trunk|REBASE 1/130)
{noformat}
At this stage better solution:
{noformat}
git fetch origin
git reset --hard origin/master
{noformat}
Then I got my stash, previous to backport, clean... pfew...
> setUserTimeZone should ran only once based on error
> ---
>
> Key: OFBIZ-11329
> URL: https://issues.apache.org/jira/browse/OFBIZ-11329
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework, webpos
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: James Yong
>Priority: Minor
> Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch,
> OFBIZ-11329.patch
>
>
> This will be useful when committing CSRF solution as explained in OFBIZ-11306
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-6436) Different price Order vs. Invoice due rounding
[ https://issues.apache.org/jira/browse/OFBIZ-6436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030802#comment-17030802 ] James Yong commented on OFBIZ-6436: --- Hi [~iwolf], Can update the patch for trunk again? Would like to look into this issue. Regards, James > Different price Order vs. Invoice due rounding > -- > > Key: OFBIZ-6436 > URL: https://issues.apache.org/jira/browse/OFBIZ-6436 > Project: OFBiz > Issue Type: Bug >Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Attachments: ofbiz.patch, priceservices.patch > > > When creating an order with the following data, invoice and order calculates > different prices due to different rounding strategies: > Example: > Net price: 8,70 > Price Rule: 2 % > Calc price: 8,526 > Order quantity: 2 > Rounding order: 2 dec > Rounding invoice: 2 dec > Both: ROUND_HALF_UP > Calculation for order price: > 8,526 * 2 = 17,052 --> Rouning = 17,05 (rounding takes place after multipying > with the order quantity ) > Calculation for invoice price: > 8,53 * 2 = 17,06 (rounding takes place before multipying with the order > quantity) > Rounding takes place on different places and leads to (from my understanding) > misscalculation. > I create a patch that applies rounding on PriceCalculation level. Therefore: > 1) get singe unit price and do all calculations on it (Price rules ...) > 2) before forwarding the price, apply rounding (ORDER SETTINGS) on single > unit price > As the invoice calculation uses the unit price (if invoice is associate with > order) from ORDER_ITEM it will calculate with the already rounded value. > Result: Order Price = Invoice Price > I would appreciate any thought on it. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030769#comment-17030769 ] Jacques Le Roux commented on OFBIZ-11329: - It's about stashes. For a reason I did not understand I got changes from R17 in a trunk stash after cherry picking from trunk to R17. I had not this problem with R18. I think it's dues to a duplicate window I opened in Tortoise, but even that makes no sense. Anyway I guess it will not help any other so better forget it. I "just" have to clean the trunk stash :/ > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11335) Add CommonForms as template pattern configured by theme
[
https://issues.apache.org/jira/browse/OFBIZ-11335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030759#comment-17030759
]
James Yong commented on OFBIZ-11335:
Thanks for the improvement. Tested ok with the patch.
Given a form widget, how do I know whether to extend with CommonSimpleSingle or
CommonBasicSingle ?
> Add CommonForms as template pattern configured by theme
> ---
>
> Key: OFBIZ-11335
> URL: https://issues.apache.org/jira/browse/OFBIZ-11335
> Project: OFBiz
> Issue Type: New Feature
> Components: framework, themes
>Affects Versions: Trunk
>Reporter: Nicolas Malin
>Assignee: Nicolas Malin
>Priority: Major
> Attachments: OFBIZ-11335.patch
>
>
> Currently on OFBiz we implemented a process to define some different screen
> and menu that can be implemented by the theming
> But for the form we have nothing. All style are hard coded on each
> {code:java}
> odd-row-style="alternate-row" default-table-style="basic-table
> hover-bar">{code}
>
> I propose to extend the theming implementation principle to forms element.
> To start low, I define seven form tempates :
> * grid CommonSimpleGrid
> * grid CommonBasicGrid
> * form CommonSimpleList
> * form CommonBasicList
> * form CommonInLineEditList
> * form CommonSimpleSingle
> * form CommonBasicSingle
>
> We can use its like :
> {code:java}
> extends-resource="component://common/widget/CommonForms.xml"{code}
> The main difficulty raise to this task was propage the visualTheme during the
> ModelForm intanciation, because we need to load wiget style (and some other
> information wanted on the template) on model load in memory.
> With the linked patch I improved form present on screen
> [https://localhost:8443/webtools/control/WebtoolsLayoutDemo]
>
> Finally with this we can extend style form (pagination, header, line and so
> on ...) direclty by your theme without change the framework
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030644#comment-17030644 ] Michael Brohl commented on OFBIZ-11329: --- How can a backport to another branch screw the trunk? Can you say more about this issue? > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11269) Update pages of ofbiz website
[ https://issues.apache.org/jira/browse/OFBIZ-11269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030563#comment-17030563 ] Jacques Le Roux commented on OFBIZ-11269: - Pierre, >Will the upcoming release (17.11.01) be tagged - or made available - in the >git repo? I guess it will be simply tagged >How are we to deal with older release branches on this page (especially the >16.11, and its releases) now that we're advocating git over svn and those >branches not being available in git? Should we NOT mention them at all? What >if we're going to get more from that branch before we have a release from 17? It's most likely that 16.12.07 will be the last release of R16 and then R16 will no longer be supported (think security). >The repositories A Github/Apache are the project's official repositories. Nope the official ones are https://gitbox.apache.org/repos/asf/ofbiz-framework.git and https://gitbox.apache.org/repos/asf/ofbiz-plugins.git. GitHub is only a convenient mirror. > Update pages of ofbiz website > - > > Key: OFBIZ-11269 > URL: https://issues.apache.org/jira/browse/OFBIZ-11269 > Project: OFBiz > Issue Type: Sub-task > Components: site >Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12 >Reporter: Deepak Dixit >Assignee: Pierre Smits >Priority: Major > > Update pages of the website to reflect the migration from svn to git/Github. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030559#comment-17030559 ] Jacques Le Roux commented on OFBIZ-11329: - Thanks Git, The R17 backport was a complete disaster and I'm still recovering from it. I mean it completely screwed the trunk :/ I need to check all before closing here > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030539#comment-17030539 ] ASF subversion and git services commented on OFBIZ-11306: - Commit 91cdc817e1c6b4d45b4b9fcbc4bb1ecc28f0de23 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=91cdc81 ] Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329) This will be notably useful when committing CSRF solution as explained in OFBIZ-11306: SetTimeZoneFromBrowser when starting gives a RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting. Thanks: James Yong for review > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030538#comment-17030538 ] ASF subversion and git services commented on OFBIZ-11329: - Commit 91cdc817e1c6b4d45b4b9fcbc4bb1ecc28f0de23 in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=91cdc81 ] Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329) This will be notably useful when committing CSRF solution as explained in OFBIZ-11306: SetTimeZoneFromBrowser when starting gives a RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting. Thanks: James Yong for review > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030537#comment-17030537 ] ASF subversion and git services commented on OFBIZ-11329: - Commit 218d5a07a27492b155331bca8f95eedcc470cbfe in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=218d5a0 ] Fixed: impersonateLogin (OFBIZ-5409) I reopended this old issue because, while working on OFBIZ-11329, I found that userLogin and impersonateLogin should be removed from jsonResponseFromRequestAttributes Thanks: James Yong for pointing that out > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-5409) JSON Response does not set http status on error
[ https://issues.apache.org/jira/browse/OFBIZ-5409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030536#comment-17030536 ] ASF subversion and git services commented on OFBIZ-5409: Commit 218d5a07a27492b155331bca8f95eedcc470cbfe in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=218d5a0 ] Fixed: impersonateLogin (OFBIZ-5409) I reopended this old issue because, while working on OFBIZ-11329, I found that userLogin and impersonateLogin should be removed from jsonResponseFromRequestAttributes Thanks: James Yong for pointing that out > JSON Response does not set http status on error > --- > > Key: OFBIZ-5409 > URL: https://issues.apache.org/jira/browse/OFBIZ-5409 > Project: OFBiz > Issue Type: Bug > Components: ALL APPLICATIONS >Affects Versions: Release Branch 11.04, Release Branch 12.04, Release > Branch 13.07, Trunk >Reporter: Gareth Carter >Assignee: Jacques Le Roux >Priority: Major > Fix For: Release Branch 11.04, Release Branch 12.04, Release > Branch 13.07, 17.12.01, 18.12.01 > > Attachments: CommonEvents.patch, OFBIZ-5409 - Remove internal > attributes for security reason and secure json get.patch, OFBIZ-5409 - Remove > internal attributes for security reason.patch, OFBIZ-5409 - Remove internal > attributes for security reason.patch, before-after.diff > > > When a json response is sent and there was an error in the service called, it > does not set the http status. Currently status code is always 200 but it > might be more appropriate to send an error code such as 500. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030534#comment-17030534 ] ASF subversion and git services commented on OFBIZ-11329: - Commit 6ce10278a391a5c588d7a97f6e779c4e4256f5d2 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=6ce1027 ] Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329) This will be notably useful when committing CSRF solution as explained in OFBIZ-11306: SetTimeZoneFromBrowser when starting gives a RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting. Thanks: James Yong for review (cherry picked from commit 350c71f4df45cbe5671b54e61f74f9a352d78e05) # Conflicts: # framework/common/groovyScripts/SetLocaleFromBrowser.groovy # themes/common-theme/webapp/common/js/util/setUserTimeZone.js replaced by setUserLocale.js modified by hand I can compile locally but I can see a reason why and certainly not related to these changes > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030533#comment-17030533 ] ASF subversion and git services commented on OFBIZ-11329: - Commit b2e3cc717dcea74110d4b152ae46a9a2b2c62a89 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b2e3cc7 ] Fixed: impersonateLogin (OFBIZ-5409) I reopended this old issue because, while working on OFBIZ-11329, I found that userLogin and impersonateLogin should be removed from jsonResponseFromRequestAttributes Thanks: James Yong for pointing that out # Conflicts: # framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030535#comment-17030535 ] ASF subversion and git services commented on OFBIZ-11306: - Commit 6ce10278a391a5c588d7a97f6e779c4e4256f5d2 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=6ce1027 ] Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329) This will be notably useful when committing CSRF solution as explained in OFBIZ-11306: SetTimeZoneFromBrowser when starting gives a RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting. Thanks: James Yong for review (cherry picked from commit 350c71f4df45cbe5671b54e61f74f9a352d78e05) # Conflicts: # framework/common/groovyScripts/SetLocaleFromBrowser.groovy # themes/common-theme/webapp/common/js/util/setUserTimeZone.js replaced by setUserLocale.js modified by hand I can compile locally but I can see a reason why and certainly not related to these changes > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-5409) JSON Response does not set http status on error
[ https://issues.apache.org/jira/browse/OFBIZ-5409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030532#comment-17030532 ] ASF subversion and git services commented on OFBIZ-5409: Commit b2e3cc717dcea74110d4b152ae46a9a2b2c62a89 in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b2e3cc7 ] Fixed: impersonateLogin (OFBIZ-5409) I reopended this old issue because, while working on OFBIZ-11329, I found that userLogin and impersonateLogin should be removed from jsonResponseFromRequestAttributes Thanks: James Yong for pointing that out # Conflicts: # framework/common/src/main/java/org/apache/ofbiz/common/CommonEvents.java > JSON Response does not set http status on error > --- > > Key: OFBIZ-5409 > URL: https://issues.apache.org/jira/browse/OFBIZ-5409 > Project: OFBiz > Issue Type: Bug > Components: ALL APPLICATIONS >Affects Versions: Release Branch 11.04, Release Branch 12.04, Release > Branch 13.07, Trunk >Reporter: Gareth Carter >Assignee: Jacques Le Roux >Priority: Major > Fix For: Release Branch 11.04, Release Branch 12.04, Release > Branch 13.07, 17.12.01, 18.12.01 > > Attachments: CommonEvents.patch, OFBIZ-5409 - Remove internal > attributes for security reason and secure json get.patch, OFBIZ-5409 - Remove > internal attributes for security reason.patch, OFBIZ-5409 - Remove internal > attributes for security reason.patch, before-after.diff > > > When a json response is sent and there was an error in the service called, it > does not set the http status. Currently status code is always 200 but it > might be more appropriate to send an error code such as 500. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11269) Update pages of ofbiz website
[ https://issues.apache.org/jira/browse/OFBIZ-11269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits updated OFBIZ-11269: - Summary: Update pages of ofbiz website (was: Update source-repositories page of ofbiz website.) > Update pages of ofbiz website > - > > Key: OFBIZ-11269 > URL: https://issues.apache.org/jira/browse/OFBIZ-11269 > Project: OFBiz > Issue Type: Sub-task > Components: site >Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12 >Reporter: Deepak Dixit >Assignee: Pierre Smits >Priority: Major > > source-repositories page using svn url for checkout, > Update it and use the gitbox url -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11269) Update pages of ofbiz website
[ https://issues.apache.org/jira/browse/OFBIZ-11269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits updated OFBIZ-11269: - Description: Update pages of the website to reflect the migration from svn to git/Github. (was: source-repositories page using svn url for checkout, Update it and use the gitbox url ) > Update pages of ofbiz website > - > > Key: OFBIZ-11269 > URL: https://issues.apache.org/jira/browse/OFBIZ-11269 > Project: OFBiz > Issue Type: Sub-task > Components: site >Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12 >Reporter: Deepak Dixit >Assignee: Pierre Smits >Priority: Major > > Update pages of the website to reflect the migration from svn to git/Github. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11339) Getting error on allocation plan approval
[ https://issues.apache.org/jira/browse/OFBIZ-11339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030490#comment-17030490 ] Pierre Smits commented on OFBIZ-11339: -- Thanks. See comment in OFBIZ-11338. > Getting error on allocation plan approval > - > > Key: OFBIZ-11339 > URL: https://issues.apache.org/jira/browse/OFBIZ-11339 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Yashwant Dhakad >Priority: Minor > Attachments: > screenshot-demo-trunk.ofbiz.apache.org-2020.02.04-15_39_48.png > > > When we approve the allocation plan then it is showing error like facility id > is missing. I have attached the screenshot for reference. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11338) Error showing on Allocation Plan screen
[ https://issues.apache.org/jira/browse/OFBIZ-11338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030489#comment-17030489 ] Pierre Smits commented on OFBIZ-11338: -- Thanks [~yashwant.dhakad], just making sure that we didn't somehow include this feature (OFBIZ-10518) during the overlapping period. > Error showing on Allocation Plan screen > --- > > Key: OFBIZ-11338 > URL: https://issues.apache.org/jira/browse/OFBIZ-11338 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Aman Mishra >Priority: Minor > Attachments: > screenshot-demo-trunk.ofbiz.apache.org-2020.02.04-15_30_53.png > > > On the Allocation plan screen an error occurs on the summary section. I have > attached the screen for reference. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11339) Getting error on allocation plan approval
[ https://issues.apache.org/jira/browse/OFBIZ-11339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030456#comment-17030456 ] Yashwant Dhakad commented on OFBIZ-11339: - Hi Pierre, This feature recently added so it is available in the trunk only. > Getting error on allocation plan approval > - > > Key: OFBIZ-11339 > URL: https://issues.apache.org/jira/browse/OFBIZ-11339 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Yashwant Dhakad >Priority: Minor > Attachments: > screenshot-demo-trunk.ofbiz.apache.org-2020.02.04-15_39_48.png > > > When we approve the allocation plan then it is showing error like facility id > is missing. I have attached the screenshot for reference. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030455#comment-17030455 ] Jacques Le Roux commented on OFBIZ-11329: - Hi James, I agree. What about my point on RequestHandlerExceptionAllowExternalRequests? > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Issue Comment Deleted] (OFBIZ-11338) Error showing on Allocation Plan screen
[ https://issues.apache.org/jira/browse/OFBIZ-11338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yashwant Dhakad updated OFBIZ-11338: Comment: was deleted (was: Hi Pierre, This feature recently added so it is available in the trunk only.) > Error showing on Allocation Plan screen > --- > > Key: OFBIZ-11338 > URL: https://issues.apache.org/jira/browse/OFBIZ-11338 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Aman Mishra >Priority: Minor > Attachments: > screenshot-demo-trunk.ofbiz.apache.org-2020.02.04-15_30_53.png > > > On the Allocation plan screen an error occurs on the summary section. I have > attached the screen for reference. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11338) Error showing on Allocation Plan screen
[ https://issues.apache.org/jira/browse/OFBIZ-11338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030453#comment-17030453 ] Yashwant Dhakad commented on OFBIZ-11338: - Hi Pierre, This feature recently added so it is available in the trunk only. > Error showing on Allocation Plan screen > --- > > Key: OFBIZ-11338 > URL: https://issues.apache.org/jira/browse/OFBIZ-11338 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Aman Mishra >Priority: Minor > Attachments: > screenshot-demo-trunk.ofbiz.apache.org-2020.02.04-15_30_53.png > > > On the Allocation plan screen an error occurs on the summary section. I have > attached the screen for reference. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11338) Error showing on Allocation Plan screen
[ https://issues.apache.org/jira/browse/OFBIZ-11338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030454#comment-17030454 ] Yashwant Dhakad commented on OFBIZ-11338: - Hi Pierre, This feature recently added so it is available in the trunk only. > Error showing on Allocation Plan screen > --- > > Key: OFBIZ-11338 > URL: https://issues.apache.org/jira/browse/OFBIZ-11338 > Project: OFBiz > Issue Type: Bug > Components: order >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Aman Mishra >Priority: Minor > Attachments: > screenshot-demo-trunk.ofbiz.apache.org-2020.02.04-15_30_53.png > > > On the Allocation plan screen an error occurs on the summary section. I have > attached the screen for reference. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11329) setUserTimeZone should ran only once based on error
[ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030443#comment-17030443 ] ASF subversion and git services commented on OFBIZ-11329: - Commit 350c71f4df45cbe5671b54e61f74f9a352d78e05 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=350c71f ] Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329) This will be notably useful when committing CSRF solution as explained in OFBIZ-11306: SetTimeZoneFromBrowser when starting gives a RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting. Thanks: James Yong for review > setUserTimeZone should ran only once based on error > --- > > Key: OFBIZ-11329 > URL: https://issues.apache.org/jira/browse/OFBIZ-11329 > Project: OFBiz > Issue Type: Sub-task > Components: framework, webpos >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: James Yong >Priority: Minor > Attachments: OFBIZ-11329-plugins.patch, OFBIZ-11329.patch, > OFBIZ-11329.patch > > > This will be useful when committing CSRF solution as explained in OFBIZ-11306 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030444#comment-17030444 ] ASF subversion and git services commented on OFBIZ-11306: - Commit 350c71f4df45cbe5671b54e61f74f9a352d78e05 in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=350c71f ] Fixed: setUserTimeZone should ran only once based on error (OFBIZ-11329) This will be notably useful when committing CSRF solution as explained in OFBIZ-11306: SetTimeZoneFromBrowser when starting gives a RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting. Thanks: James Yong for review > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030442#comment-17030442 ] Jacques Le Roux commented on OFBIZ-11306: - Hi James, I have changed my mind. We need to OOTB deliver a safe system. And it's easier for a developer to change once a property than for an user to not forget to enable CSRF. So by default our users are secured. For the demo we can use a smalll patch. > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
