[jira] [Commented] (OFBIZ-11158) Enhance the Programmable Export feature for EntityQuery support
[ https://issues.apache.org/jira/browse/OFBIZ-11158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036693#comment-17036693 ] Pawan Verma commented on OFBIZ-11158: - Thanks, [~devanshu.vyas] for the great work, the patch looks good to me. If no one has any objection/feedback about this, I'll commit it in a week. Thanks! > Enhance the Programmable Export feature for EntityQuery support > --- > > Key: OFBIZ-11158 > URL: https://issues.apache.org/jira/browse/OFBIZ-11158 > Project: OFBiz > Issue Type: Improvement > Components: framework/webtools >Affects Versions: Trunk >Reporter: Devanshu Vyas >Assignee: Pawan Verma >Priority: Minor > Attachments: OFBIZ-11158.patch, OFBIZ-11158.patch > > > I recently used the Programmable Export feature in Webtools application and I > thought that this feature can be extended to use the *EntityQuery* for data > fetching. Nowadays, EntityQuery usage to perform data fetching is increasing. > This will be a rather simple enhancement as the Groovy supports EntityQuery > internally. > Along with this, I also felt that the output of the feature should also be > available in *JSON* format. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036639#comment-17036639 ] James Yong commented on OFBIZ-11306: Hi Jacques, Thanks for the explanation. Will look at the tuple issue. I think changes to getRequestUri should be treated as another Jira issue. It also results in error when accessing Entitiy Reference - Interactive. > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Sub-task > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-alternative.patch, OFBIZ-11306-alternative.patch, > OFBIZ-11306-alternative.patch, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036639#comment-17036639 ] James Yong edited comment on OFBIZ-11306 at 2/14/20 2:11 AM: - Hi Jacques, Thanks for the explanation. Will look at the tuple issue. I think changes to getRequestUri should be treated as another Jira issue. It also results in error when accessing Entitiy Reference - Interactive. was (Author: jamesyong): Hi Jacques, Thanks for the explanation. Will look at the tuple issue. I think changes to getRequestUri should be treated as another Jira issue. It also results in error when accessing Entitiy Reference - Interactive. > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Sub-task > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-alternative.patch, OFBIZ-11306-alternative.patch, > OFBIZ-11306-alternative.patch, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11351) Adjust checkstyle configuration
[ https://issues.apache.org/jira/browse/OFBIZ-11351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036370#comment-17036370 ] Michael Brohl commented on OFBIZ-11351: --- Constant names adjustment from ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)+_*_$ to ^[a-zA-Z][a-zA-Z0-9]*(*_*[a-zA-Z0-9])*$ error files / count before: 956 / 34566 after: 952 / 33282 > Adjust checkstyle configuration > --- > > Key: OFBIZ-11351 > URL: https://issues.apache.org/jira/browse/OFBIZ-11351 > Project: OFBiz > Issue Type: Sub-task > Components: Gradle >Affects Versions: Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Minor > Attachments: OFBIZ-11351_constant_names_adjust.patch > > > We should take an approach to fine-tune the configuration so that it better > fits the project style. > As an example, constants are currently not allowed to be named "module", > "resource" etc. which is a common pattern in our code. Changing from > ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$ to ^[a-zA-Z][a-zA-Z0-9]*(_[a-zA-Z0-9]+)*$ would > allow the common naming. > Adjustments should be proposed here and decided upon. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11351) Adjust checkstyle configuration
[ https://issues.apache.org/jira/browse/OFBIZ-11351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-11351: -- Attachment: OFBIZ-11351_constant_names_adjust.patch > Adjust checkstyle configuration > --- > > Key: OFBIZ-11351 > URL: https://issues.apache.org/jira/browse/OFBIZ-11351 > Project: OFBiz > Issue Type: Sub-task > Components: Gradle >Affects Versions: Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Minor > Attachments: OFBIZ-11351_constant_names_adjust.patch > > > We should take an approach to fine-tune the configuration so that it better > fits the project style. > As an example, constants are currently not allowed to be named "module", > "resource" etc. which is a common pattern in our code. Changing from > ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$ to ^[a-zA-Z][a-zA-Z0-9]*(_[a-zA-Z0-9]+)*$ would > allow the common naming. > Adjustments should be proposed here and decided upon. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-10288) Move Accounting Guide into OFBiz Asciidoc Framework
[ https://issues.apache.org/jira/browse/OFBIZ-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz reassigned OFBIZ-10288: -- Assignee: Olivier Heintz > Move Accounting Guide into OFBiz Asciidoc Framework > --- > > Key: OFBIZ-10288 > URL: https://issues.apache.org/jira/browse/OFBIZ-10288 > Project: OFBiz > Issue Type: Task > Components: accounting >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > Labels: accounting, asciidoc, documentation > Fix For: Upcoming Branch > > Attachments: > OFBIZ-10288-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > This is a general umbrella task for the creation and migration of all > accounting related information and documentation into the OFBiz asciidoc > documentation framework. > Subtasks will be created for each area where documentation needs to be > creaated. An initial list is as follows: > # accounting.adoc (already created - may create an issue to track any > additional work_ > # acc-intro.adoc > # acc-agreements.adoc > # acc-tax-authorities.adoc > # acc-invoices.adoc > # acc-billing-accounts.adoc > # acc-payments.adoc > # acc-payment-gateway.adoc > # acc-financial-accounts.adoc > # acc-global-settings.adoc > # acc-glossary.adoc > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10288) Move Accounting Guide into OFBiz Asciidoc Framework
[ https://issues.apache.org/jira/browse/OFBIZ-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036368#comment-17036368 ] Olivier Heintz commented on OFBIZ-10288: Add a patch, which contain two minor modifications : * add help about Accounting main screen in intro * remove the last docbook files not used by the acc one and empty [^OFBIZ-10288-Help-Docbook-file-migration-to-asciidoc_diff.patch] Currently AccountingHelpData.xml is not yet remove, I will do when there will be a solution for user screen help to link between a screen and a sub-chapter for user-documentation. > Move Accounting Guide into OFBiz Asciidoc Framework > --- > > Key: OFBIZ-10288 > URL: https://issues.apache.org/jira/browse/OFBIZ-10288 > Project: OFBiz > Issue Type: Task > Components: accounting >Reporter: Sharan Foga >Priority: Minor > Labels: accounting, asciidoc, documentation > Fix For: Upcoming Branch > > Attachments: > OFBIZ-10288-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > This is a general umbrella task for the creation and migration of all > accounting related information and documentation into the OFBiz asciidoc > documentation framework. > Subtasks will be created for each area where documentation needs to be > creaated. An initial list is as follows: > # accounting.adoc (already created - may create an issue to track any > additional work_ > # acc-intro.adoc > # acc-agreements.adoc > # acc-tax-authorities.adoc > # acc-invoices.adoc > # acc-billing-accounts.adoc > # acc-payments.adoc > # acc-payment-gateway.adoc > # acc-financial-accounts.adoc > # acc-global-settings.adoc > # acc-glossary.adoc > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10288) Move Accounting Guide into OFBiz Asciidoc Framework
[ https://issues.apache.org/jira/browse/OFBIZ-10288?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz updated OFBIZ-10288: --- Attachment: OFBIZ-10288-Help-Docbook-file-migration-to-asciidoc_diff.patch > Move Accounting Guide into OFBiz Asciidoc Framework > --- > > Key: OFBIZ-10288 > URL: https://issues.apache.org/jira/browse/OFBIZ-10288 > Project: OFBiz > Issue Type: Task > Components: accounting >Reporter: Sharan Foga >Priority: Minor > Labels: accounting, asciidoc, documentation > Fix For: Upcoming Branch > > Attachments: > OFBIZ-10288-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > This is a general umbrella task for the creation and migration of all > accounting related information and documentation into the OFBiz asciidoc > documentation framework. > Subtasks will be created for each area where documentation needs to be > creaated. An initial list is as follows: > # accounting.adoc (already created - may create an issue to track any > additional work_ > # acc-intro.adoc > # acc-agreements.adoc > # acc-tax-authorities.adoc > # acc-invoices.adoc > # acc-billing-accounts.adoc > # acc-payments.adoc > # acc-payment-gateway.adoc > # acc-financial-accounts.adoc > # acc-global-settings.adoc > # acc-glossary.adoc > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11352) add Document Content acc-organizations-gl-settings
[ https://issues.apache.org/jira/browse/OFBIZ-11352?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz updated OFBIZ-11352: --- Attachment: organization-gl-setting-Help-Docbook-file-migration-to-asciidoc_diff.patch > add Document Content acc-organizations-gl-settings > -- > > Key: OFBIZ-11352 > URL: https://issues.apache.org/jira/browse/OFBIZ-11352 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Minor > Attachments: > organization-gl-setting-Help-Docbook-file-migration-to-asciidoc_diff.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11352) add Document Content acc-organizations-gl-settings
[ https://issues.apache.org/jira/browse/OFBIZ-11352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036359#comment-17036359 ] Olivier Heintz commented on OFBIZ-11352: The acc-organization-gl-settings.adoc file and all the help files, which are included in documentation on the sub-chapter "Help for setting by domain" [^organization-gl-setting-Help-Docbook-file-migration-to-asciidoc_diff.patch] > add Document Content acc-organizations-gl-settings > -- > > Key: OFBIZ-11352 > URL: https://issues.apache.org/jira/browse/OFBIZ-11352 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Reporter: Olivier Heintz >Assignee: Olivier Heintz >Priority: Minor > Attachments: > organization-gl-setting-Help-Docbook-file-migration-to-asciidoc_diff.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OFBIZ-11352) add Document Content acc-organizations-gl-settings
Olivier Heintz created OFBIZ-11352: -- Summary: add Document Content acc-organizations-gl-settings Key: OFBIZ-11352 URL: https://issues.apache.org/jira/browse/OFBIZ-11352 Project: OFBiz Issue Type: Sub-task Components: accounting Reporter: Olivier Heintz Assignee: Olivier Heintz -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OFBIZ-11351) Adjust checkstyle configuration
Michael Brohl created OFBIZ-11351: - Summary: Adjust checkstyle configuration Key: OFBIZ-11351 URL: https://issues.apache.org/jira/browse/OFBIZ-11351 Project: OFBiz Issue Type: Sub-task Components: Gradle Affects Versions: Trunk Reporter: Michael Brohl Assignee: Michael Brohl We should take an approach to fine-tune the configuration so that it better fits the project style. As an example, constants are currently not allowed to be named "module", "resource" etc. which is a common pattern in our code. Changing from ^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$ to ^[a-zA-Z][a-zA-Z0-9]*(_[a-zA-Z0-9]+)*$ would allow the common naming. Adjustments should be proposed here and decided upon. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (OFBIZ-11350) Checkstyle improvements
Michael Brohl created OFBIZ-11350: - Summary: Checkstyle improvements Key: OFBIZ-11350 URL: https://issues.apache.org/jira/browse/OFBIZ-11350 Project: OFBiz Issue Type: Improvement Components: ALL COMPONENTS Affects Versions: Trunk Reporter: Michael Brohl Assignee: Michael Brohl This is an umbrella task for checkstyle improvements. tbd -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036346#comment-17036346 ] Jacques Le Roux commented on OFBIZ-11306: - Thanks James, I'll adapt the test About the cache: I wanted to be sure that I'd not lose any entries during a test and forgot. When in the webtools you are using the data maintenance feature, the list of tokenMap for targetContextPath (webtools) for a party can become quite heavy. Because a token is generated for each entries[1! So for a DB with millions of entries 5000 would be much too short. Nevertheless I confirm 5000 should be fine OOTB, I got around 3000 for "webtools" targetContextPath. IIRW we have around 800 tables OOTB, but it really depends on the number of tuples. I think we should do 2 things: # Definitely separate the caches because of the possible different sizes # Warn users that the partyTokenMap depends on the size of the DB, if the data maintenance feature in webtools is used, and actually depends on the number of tuples. [1] line: partyTokenMap.put(targetContextPath, tokenMap); > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Sub-task > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-alternative.patch, OFBIZ-11306-alternative.patch, > OFBIZ-11306-alternative.patch, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-9350) Deprecate Mini Lang
[ https://issues.apache.org/jira/browse/OFBIZ-9350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wiebke Pätzold updated OFBIZ-9350: -- Description: According to the proposal thread in [1] we decided to deprecate mini lang. This issue tracks the next steps proposed in the aformentioned thread, namely: 1. create a Wiki page for the documentation and description of the migration process and how mini lang will be replaced. 2. prominently state in the Wiki that minilang will be deprecated, e.g. in [2] 3. put deprecation tags in the corresponding code 4. kindly ask contributors with open patches written in mini lang to replace them by Groovy code [3] 5. start an initiative to replace existing mini lang code with Groovy code where applicable. This needs some more planning and discussion which parts we'll like to replace with Groovy code and which parts will better be replaced by some kind of DSL. A good starting point can be [4][5][6]. [1] [https://lists.apache.org/thread.html/253b41060a295b8ab68bc78763cc129fc74b712cf776f8716022097f@%3Cdev.ofbiz.apache.org%3E] [2] [https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference] [3] does anyone know a way to batch comment Jira issues like it is possible in Redmine? [4] [https://cwiki.apache.org/confluence/display/OFBIZ/Groovy+DSL+for+OFBiz+business+logic] [5] [https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide] [6] [https://cwiki.apache.org/confluence/display/OFBADMIN/Coding+Conventions] was: According to the proposal thread in [1] we decided to deprecate mini lang. This issue tracks the next steps proposed in the aformentioned thread, namely: 1. create a Wiki page for the documentation and description of the migration process and how mini lang will be replaced. 2. prominently state in the Wiki that minilang will be deprecated, e.g. in [2] 3. put deprecation tags in the corresponding code 4. kindly ask contributors with open patches written in mini lang to replace them by Groovy code [3] 5. start an initiative to replace existing mini lang code with Java code where applicable. This needs some more planning and discussion which parts we'll like to replace with Java code and which parts will better be replaced by some kind of DSL. A good starting point can be [4][5][6]. [1] [https://lists.apache.org/thread.html/253b41060a295b8ab68bc78763cc129fc74b712cf776f8716022097f@%3Cdev.ofbiz.apache.org%3E] [2] [https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference] [3] does anyone know a way to batch comment Jira issues like it is possible in Redmine? [4] [https://cwiki.apache.org/confluence/display/OFBIZ/Groovy+DSL+for+OFBiz+business+logic] [5] [https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide] [6] [https://cwiki.apache.org/confluence/display/OFBADMIN/Coding+Conventions] > Deprecate Mini Lang > --- > > Key: OFBIZ-9350 > URL: https://issues.apache.org/jira/browse/OFBIZ-9350 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS, ALL COMPONENTS >Affects Versions: Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Minor > Labels: documentation > > According to the proposal thread in [1] we decided to deprecate mini lang. > This issue tracks the next steps proposed in the aformentioned thread, namely: > 1. create a Wiki page for the documentation and description of the migration > process and how mini lang will be replaced. > 2. prominently state in the Wiki that minilang will be deprecated, e.g. in [2] > 3. put deprecation tags in the corresponding code > 4. kindly ask contributors with open patches written in mini lang to replace > them by Groovy code [3] > 5. start an initiative to replace existing mini lang code with Groovy code > where applicable. This needs some more planning and discussion which parts > we'll like to replace with Groovy code and which parts will better be > replaced by some kind of DSL. A good starting point can be [4][5][6]. > [1] > [https://lists.apache.org/thread.html/253b41060a295b8ab68bc78763cc129fc74b712cf776f8716022097f@%3Cdev.ofbiz.apache.org%3E] > [2] > [https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference] > [3] does anyone know a way to batch comment Jira issues like it is possible > in Redmine? > [4] > [https://cwiki.apache.org/confluence/display/OFBIZ/Groovy+DSL+for+OFBiz+business+logic] > [5] > [https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide] > [6] [https://cwiki.apache.org/confluence/display/OFBADMIN/Coding+Conventions] -- This message was sent by Atlassian
[jira] [Updated] (OFBIZ-9350) Deprecate Mini Lang
[ https://issues.apache.org/jira/browse/OFBIZ-9350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wiebke Pätzold updated OFBIZ-9350: -- Description: According to the proposal thread in [1] we decided to deprecate mini lang. This issue tracks the next steps proposed in the aformentioned thread, namely: 1. create a Wiki page for the documentation and description of the migration process and how mini lang will be replaced. 2. prominently state in the Wiki that minilang will be deprecated, e.g. in [2] 3. put deprecation tags in the corresponding code 4. kindly ask contributors with open patches written in mini lang to replace them by Groovy code [3] 5. start an initiative to replace existing mini lang code with Java code where applicable. This needs some more planning and discussion which parts we'll like to replace with Java code and which parts will better be replaced by some kind of DSL. A good starting point can be [4][5][6]. [1] [https://lists.apache.org/thread.html/253b41060a295b8ab68bc78763cc129fc74b712cf776f8716022097f@%3Cdev.ofbiz.apache.org%3E] [2] [https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference] [3] does anyone know a way to batch comment Jira issues like it is possible in Redmine? [4] [https://cwiki.apache.org/confluence/display/OFBIZ/Groovy+DSL+for+OFBiz+business+logic] [5] [https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide] [6] [https://cwiki.apache.org/confluence/display/OFBADMIN/Coding+Conventions] was: According to the proposal thread in [1] we decided to deprecate mini lang. This issue tracks the next steps proposed in the aformentioned thread, namely: 1. create a Wiki page for the documentation and description of the migration process and how mini lang will be replaced. 2. prominently state in the Wiki that minilang will be deprecated, e.g. in [2] 3. put deprecation tags in the corresponding code 4. kindly ask contributors with open patches written in mini lang to replace them by Java code [3] 5. start an initiative to replace existing mini lang code with Java code where applicable. This needs some more planning and discussion which parts we'll like to replace with Java code and which parts will better be replaced by some kind of DSL. A good starting point can be [4][5][6]. [1] https://lists.apache.org/thread.html/253b41060a295b8ab68bc78763cc129fc74b712cf776f8716022097f@%3Cdev.ofbiz.apache.org%3E [2] https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference [3] does anyone know a way to batch comment Jira issues like it is possible in Redmine? [4] https://cwiki.apache.org/confluence/display/OFBIZ/Groovy+DSL+for+OFBiz+business+logic [5] https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide [6] https://cwiki.apache.org/confluence/display/OFBADMIN/Coding+Conventions > Deprecate Mini Lang > --- > > Key: OFBIZ-9350 > URL: https://issues.apache.org/jira/browse/OFBIZ-9350 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS, ALL COMPONENTS >Affects Versions: Trunk >Reporter: Michael Brohl >Assignee: Michael Brohl >Priority: Minor > Labels: documentation > > According to the proposal thread in [1] we decided to deprecate mini lang. > This issue tracks the next steps proposed in the aformentioned thread, namely: > 1. create a Wiki page for the documentation and description of the migration > process and how mini lang will be replaced. > 2. prominently state in the Wiki that minilang will be deprecated, e.g. in [2] > 3. put deprecation tags in the corresponding code > 4. kindly ask contributors with open patches written in mini lang to replace > them by Groovy code [3] > 5. start an initiative to replace existing mini lang code with Java code > where applicable. This needs some more planning and discussion which parts > we'll like to replace with Java code and which parts will better be replaced > by some kind of DSL. A good starting point can be [4][5][6]. > [1] > [https://lists.apache.org/thread.html/253b41060a295b8ab68bc78763cc129fc74b712cf776f8716022097f@%3Cdev.ofbiz.apache.org%3E] > [2] > [https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference] > [3] does anyone know a way to batch comment Jira issues like it is possible > in Redmine? > [4] > [https://cwiki.apache.org/confluence/display/OFBIZ/Groovy+DSL+for+OFBiz+business+logic] > [5] > [https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide] > [6] [https://cwiki.apache.org/confluence/display/OFBADMIN/Coding+Conventions] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11347) Add GraphQL component
[ https://issues.apache.org/jira/browse/OFBIZ-11347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036339#comment-17036339 ] Pierre Smits commented on OFBIZ-11347: -- Or, you may choose to point the links to your repo ([https://github.com/girishvasmatkar/ofbiz-graphql)]. If and when you're concerned with perceived impropriety > Add GraphQL component > - > > Key: OFBIZ-11347 > URL: https://issues.apache.org/jira/browse/OFBIZ-11347 > Project: OFBiz > Issue Type: New Feature > Components: ALL PLUGINS >Affects Versions: Trunk >Reporter: Girish Vasmatkar >Assignee: Girish Vasmatkar >Priority: Minor > > Here's the relevant discussion around having a GraphQL component for OFBiz- > [https://lists.apache.org/thread.html/r2fd1decca7a71ae2270a0e2d1f03ed69a69253f68f957626c386a11a%40%3Cdev.ofbiz.apache.org%3E] > Also, add the capability for OFBiz to communicate with a GraphQL endpoint. > Below repository contains GraphQL endpoint configuration for OFBiz. Further > details can be found in README. > [https://github.com/hotwax/ofbiz-graphql] > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036253#comment-17036253 ] Jacques Le Roux edited comment on OFBIZ-10833 at 2/13/20 4:23 PM: -- [~sberg], the patch is just fine for me to test and review, thanks. [~pierresmits] we are aware of the different ways of contributing, no need to reiterate in the Jira issues, we have the mailing list discussions for it. Thanks. was (Author: mbrohl): [~sberg], the patch is just fine for me to test and review, thanks. [~pierresmits] we are aware of the different ways of contributing, no need to reiterate in the Jira issues, we have the mailing list discussions for it. Thanks. > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17028326#comment-17028326 ] Jacques Le Roux edited comment on OFBIZ-10833 at 2/13/20 4:23 PM: -- Hi [~mbrohl], Thank you for showing kind interest, please feel free to go ahead. Thank you! was (Author: swapnilmmane): Hi [~mbrohl], Thank you for showing kind interest, please feel free to go ahead. Thank you! > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16824981#comment-16824981 ] Jacques Le Roux edited comment on OFBIZ-10833 at 2/13/20 4:23 PM: -- Fixed the issue in which the parameters are not available to the next response type when form of enctype="multipart/form-data" type is submitted. Changes committed in trunk at rev 1858035 release18.12 at rev 1858036 release17.12 at rev 1858037 Issue does not exist in release16.11 Thanks! was (Author: swapnilmmane): Fixed the issue in which the parameters are not available to the next response type when form of enctype="multipart/form-data" type is submitted. Changes committed in trunk at rev 1858035 release18.12 at rev 1858036 release17.12 at rev 1858037 Issue does not exist in release16.11 Thanks! > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16785241#comment-16785241 ] Jacques Le Roux edited comment on OFBIZ-10833 at 2/13/20 4:22 PM: -- Thanks [~iwolf] and [~jacques.le.roux] for your comments. The changes in the patch are not committed yet, this is why you might be getting the issue on trunk demo. Dear [~iwolf], Thanks for trying the patch, I hope you have applied the patch and restart the server. It will be helpful for me if you can share the detailed steps you followed (after applying the patch) and issue faced. I will have a look into this over the weekend. Thanks! was (Author: swapnilmmane): Thanks [~iwolf] and [~jacques.le.roux] for your comments. The changes in the patch are not committed yet, this is why you might be getting the issue on trunk demo. Dear [~iwolf], Thanks for trying the patch, I hope you have applied the patch and restart the server. It will be helpful for me if you can share the detailed steps you followed (after applying the patch) and issue faced. I will have a look into this over the weekend. Thanks! > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16771703#comment-16771703 ] Jacques Le Roux edited comment on OFBIZ-10833 at 2/13/20 4:21 PM: -- Thanks Swapnil, It seems you nailed it, now we need to fix it :) was (Author: jacques.le.roux): Thanks Swapnil, It seems you nailed it, now we need to fix it :) > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-10833: Description: On demo: content --> "CmsSite" --> CMS: Right click on one of the items to add "New Long Text" or "Image". After saving the new content: Edit WebSite CMS For: [] "There is no Content PUBLISH_POINT for this WebSite!" Having the same problem on a 17.12 local installation. was: On demo: content --> "CmsSite" --> CMS: Right click on one of the items to add "New Long Text" or "Image". After saving the new content: Edit WebSite CMS For: [] "There is no Content PUBLISH_POINT for this WebSite!" Having the same problem on a 17.12 local installation. h1. > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036330#comment-17036330 ] Pierre Smits commented on OFBIZ-10833: -- [~mbrohl] There is no need to scold and/or dictate a fellow contributor how, where and when he/she choses to contribute. There is also no need to speak for others or use the 'royal we'. Furthermore, I suggest not to use the flag field to set the 'patch' option. Patches are visible to all right after the moment of upload. And notifications thereabout are sent to the appropriate ml. Plus, in Jira overviews it is shown through the field 'attachments' and the status 'Patch Available'. See also: https://cwiki.apache.org/confluence/display/OFBIZ/Guidelines+For+Using+JIRA > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. > h1. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (OFBIZ-11215) Email password is not working
[ https://issues.apache.org/jira/browse/OFBIZ-11215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036284#comment-17036284 ] Sebastian Berg edited comment on OFBIZ-11215 at 2/13/20 3:47 PM: - Hi, I did some testing and for me this works fine on R17. Maybe someone else can confirm this? was (Author: sberg): Hi, I did some testing and for me this works fine on R17. Maybe someone else can test it as well. > Email password is not working > - > > Key: OFBIZ-11215 > URL: https://issues.apache.org/jira/browse/OFBIZ-11215 > Project: OFBiz > Issue Type: Bug >Affects Versions: Release Branch 16.11 >Reporter: Rashi Dhagat >Assignee: Michael Brohl >Priority: Major > Labels: backport-needed > Fix For: 18.12.01 > > > Steps to regenerate: > # User should be on the login page > [https://demo-stable.ofbiz.apache.org/ecommerce/control/login] > # Enter username > # Click on email password > Actual: Email is not received. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10792) When shopping list is added to cart only one of the item is added to cart instead of all items in the list
[ https://issues.apache.org/jira/browse/OFBIZ-10792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036294#comment-17036294 ] Sebastian Berg commented on OFBIZ-10792: As mentioned before configurable products are not added to the shopping cart. Maybe we should implement a notification for the user, that not all products have been added and leave it there. What do you think? > When shopping list is added to cart only one of the item is added to cart > instead of all items in the list > -- > > Key: OFBIZ-10792 > URL: https://issues.apache.org/jira/browse/OFBIZ-10792 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Reporter: Rashi Dhagat >Assignee: Michael Brohl >Priority: Minor > Attachments: Shopping List.gif > > > Steps to regenerate: > # Open URL [https://demo-trunk.ofbiz.apache.org/ > |https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] > [ecomseo/editShoppingList|https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] > # Create a new shopping list > # Add items in the list > # Click on "Add List To Cart". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10792) When shopping list is added to cart only one of the item is added to cart instead of all items in the list
[ https://issues.apache.org/jira/browse/OFBIZ-10792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sebastian Berg updated OFBIZ-10792: --- Description: Steps to regenerate: # Open URL [https://demo-trunk.ofbiz.apache.org/ |https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] [ecomseo/editShoppingList|https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] # Create a new shopping list # Add items in the list # Click on "Add List To Cart". was: Steps to regenerate: # Open URL [https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] # Create a new shopping list # Add items in the list # Click on "Add List To Cart". > When shopping list is added to cart only one of the item is added to cart > instead of all items in the list > -- > > Key: OFBIZ-10792 > URL: https://issues.apache.org/jira/browse/OFBIZ-10792 > Project: OFBiz > Issue Type: Bug > Components: ecommerce >Reporter: Rashi Dhagat >Assignee: Michael Brohl >Priority: Minor > Attachments: Shopping List.gif > > > Steps to regenerate: > # Open URL [https://demo-trunk.ofbiz.apache.org/ > |https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] > [ecomseo/editShoppingList|https://demo-trunk.ofbiz.apache.org/ecomseo/editShoppingList] > # Create a new shopping list > # Add items in the list > # Click on "Add List To Cart". -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11215) Email password is not working
[ https://issues.apache.org/jira/browse/OFBIZ-11215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036284#comment-17036284 ] Sebastian Berg commented on OFBIZ-11215: Hi, I did some testing and for me this works fine on R17. Maybe someone else can test it as well. > Email password is not working > - > > Key: OFBIZ-11215 > URL: https://issues.apache.org/jira/browse/OFBIZ-11215 > Project: OFBiz > Issue Type: Bug >Affects Versions: Release Branch 16.11 >Reporter: Rashi Dhagat >Assignee: Michael Brohl >Priority: Major > Labels: backport-needed > Fix For: 18.12.01 > > > Steps to regenerate: > # User should be on the login page > [https://demo-stable.ofbiz.apache.org/ecommerce/control/login] > # Enter username > # Click on email password > Actual: Email is not received. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11342) Error in user impersonation with sub permission
[ https://issues.apache.org/jira/browse/OFBIZ-11342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036274#comment-17036274 ] ASF subversion and git services commented on OFBIZ-11342: - Commit 8653b6374ed5a12acb0da41a1637faee01dd574c in ofbiz-framework's branch refs/heads/trunk from Gil Portenseigne [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=8653b63 ] Improved: Error in user impersonation with sub permission (OFBIZ-11342) Improved javadoc Set 'checkMultiLevelAdminPermissionValidity' visibility to default Add another test verifying that hierarchy in permission is respected Thanks Mathieu for your review > Error in user impersonation with sub permission > --- > > Key: OFBIZ-11342 > URL: https://issues.apache.org/jira/browse/OFBIZ-11342 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Upcoming Branch, Release Branch 18.12 >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Trunk, 18.12.01 > > Attachments: > 0001-Add-a-new-unit-test-to-validate-adminPermissionTesti.patch, > 0002-Add-a-new-test-for-multi-level-permission.patch, > 0003-Implements-multiLevel-permission-control.patch > > > When impersonating user with sub permission such as : PARTYMGR_PCM_CREATE, > with an admin user that only has PARTYMGR_ADMIN, the impersonation is refused > stating that the impersonated user has more permission than the impersonator. > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11342) Error in user impersonation with sub permission
[ https://issues.apache.org/jira/browse/OFBIZ-11342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036275#comment-17036275 ] ASF subversion and git services commented on OFBIZ-11342: - Commit 767e17d02d3246a483c083078fc9245d3ea7076b in ofbiz-framework's branch refs/heads/release18.12 from Gil Portenseigne [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=767e17d ] Improved: Error in user impersonation with sub permission (OFBIZ-11342) Improved javadoc Set 'checkMultiLevelAdminPermissionValidity' visibility to default Add another test verifying that hierarchy in permission is respected Thanks Mathieu for your review > Error in user impersonation with sub permission > --- > > Key: OFBIZ-11342 > URL: https://issues.apache.org/jira/browse/OFBIZ-11342 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Upcoming Branch, Release Branch 18.12 >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Trunk, 18.12.01 > > Attachments: > 0001-Add-a-new-unit-test-to-validate-adminPermissionTesti.patch, > 0002-Add-a-new-test-for-multi-level-permission.patch, > 0003-Implements-multiLevel-permission-control.patch > > > When impersonating user with sub permission such as : PARTYMGR_PCM_CREATE, > with an admin user that only has PARTYMGR_ADMIN, the impersonation is refused > stating that the impersonated user has more permission than the impersonator. > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-5426) mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes
[ https://issues.apache.org/jira/browse/OFBIZ-5426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036258#comment-17036258 ] Gil Portenseigne commented on OFBIZ-5426: - Hello [~pawan], {{Please use :}} {{ ./gradlew checkstyleMain}} {{to detect style warnings of your added code, i see some 120+ lines length in java.}} {{There is also unused import : HashedMap}} {{Thanks for the work}} > mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 > bytes > -- > > Key: OFBIZ-5426 > URL: https://issues.apache.org/jira/browse/OFBIZ-5426 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Leon >Assignee: Deepak Dixit >Priority: Major > Attachments: OFBIZ-5426.patch, OFBIZ-5426.patch, OFBIZ-5426.patch, > OFBIZ-5426.patch > > > Due to revision 1529838, the length of data type "email" was increased from > 254 to 320. But It makes the ofbiz failed to create tables such as > "PRODUCT_PROMO_CODE_EMAIL" which includes an email fields as its primary key. > The database is mysql, innodb engine and utf8 charset. The error msg: > ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes. > I suggest to revert change of r1529838. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl updated OFBIZ-10833: -- Flags: Patch > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. > h1. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036253#comment-17036253 ] Michael Brohl commented on OFBIZ-10833: --- [~sberg], the patch is just fine for me to test and review, thanks. [~pierresmits] we are aware of the different ways of contributing, no need to reiterate in the Jira issues, we have the mailing list discussions for it. Thanks. > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. > h1. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-5426) mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes
[ https://issues.apache.org/jira/browse/OFBIZ-5426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036244#comment-17036244 ] Pierre Smits commented on OFBIZ-5426: - Hi [~pawan], Is this patch also somewhere implemented in a development/feature branch in a publicly available git repo (e.g. on Github)? If so, it may be beneficial to fellow community members to use that for review (and other collaboration) purposes. And if everything checks out, the project can/may decide to use a pull request to establish an officially endorsed 'OFBiz feature branch' to make it available to the entire community, or directly merge it into another branch (trunk and or release branch). IMO, providing enhancement contributions (bug fixes, improvements and new features) through development branches in public git repos is more favourable as it leverages key feature(s) of git. It avoids you to upload additional enhancements to the solution to this tickets, but also to have reviewing community members to download these enhancements and apply them to their review branch. See also:https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=145724011 > mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 > bytes > -- > > Key: OFBIZ-5426 > URL: https://issues.apache.org/jira/browse/OFBIZ-5426 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Leon >Assignee: Deepak Dixit >Priority: Major > Attachments: OFBIZ-5426.patch, OFBIZ-5426.patch, OFBIZ-5426.patch, > OFBIZ-5426.patch > > > Due to revision 1529838, the length of data type "email" was increased from > 254 to 320. But It makes the ofbiz failed to create tables such as > "PRODUCT_PROMO_CODE_EMAIL" which includes an email fields as its primary key. > The database is mysql, innodb engine and utf8 charset. The error msg: > ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes. > I suggest to revert change of r1529838. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-5426) mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes
[ https://issues.apache.org/jira/browse/OFBIZ-5426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036240#comment-17036240 ] Pawan Verma commented on OFBIZ-5426: Attached patch with the changes suggested by Deepak. Please have a look, thanks! > mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 > bytes > -- > > Key: OFBIZ-5426 > URL: https://issues.apache.org/jira/browse/OFBIZ-5426 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Leon >Assignee: Deepak Dixit >Priority: Major > Attachments: OFBIZ-5426.patch, OFBIZ-5426.patch, OFBIZ-5426.patch, > OFBIZ-5426.patch > > > Due to revision 1529838, the length of data type "email" was increased from > 254 to 320. But It makes the ofbiz failed to create tables such as > "PRODUCT_PROMO_CODE_EMAIL" which includes an email fields as its primary key. > The database is mysql, innodb engine and utf8 charset. The error msg: > ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes. > I suggest to revert change of r1529838. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-5426) mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes
[ https://issues.apache.org/jira/browse/OFBIZ-5426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pawan Verma updated OFBIZ-5426: --- Attachment: OFBIZ-5426.patch > mysql: ERROR 1071 (42000): Specified key was too long; max key length is 767 > bytes > -- > > Key: OFBIZ-5426 > URL: https://issues.apache.org/jira/browse/OFBIZ-5426 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Trunk >Reporter: Leon >Assignee: Deepak Dixit >Priority: Major > Attachments: OFBIZ-5426.patch, OFBIZ-5426.patch, OFBIZ-5426.patch, > OFBIZ-5426.patch > > > Due to revision 1529838, the length of data type "email" was increased from > 254 to 320. But It makes the ofbiz failed to create tables such as > "PRODUCT_PROMO_CODE_EMAIL" which includes an email fields as its primary key. > The database is mysql, innodb engine and utf8 charset. The error msg: > ERROR 1071 (42000): Specified key was too long; max key length is 767 bytes. > I suggest to revert change of r1529838. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10295) Add Document Content: acc-payment-gateway.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz updated OFBIZ-10295: --- Attachment: (was: Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch) > Add Document Content: acc-payment-gateway.adoc > -- > > Key: OFBIZ-10295 > URL: https://issues.apache.org/jira/browse/OFBIZ-10295 > Project: OFBiz > Issue Type: Sub-task >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > Attachments: > Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content acc-payment-gateway.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10295) Add Document Content: acc-payment-gateway.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036238#comment-17036238 ] Olivier Heintz commented on OFBIZ-10295: For payment-gateway there are two subject config and transaction, in previous patch I have migrated only transaction, now config is also included [^Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch] > Add Document Content: acc-payment-gateway.adoc > -- > > Key: OFBIZ-10295 > URL: https://issues.apache.org/jira/browse/OFBIZ-10295 > Project: OFBiz > Issue Type: Sub-task >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > Attachments: > Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch, > Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content acc-payment-gateway.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10295) Add Document Content: acc-payment-gateway.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz updated OFBIZ-10295: --- Attachment: Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch > Add Document Content: acc-payment-gateway.adoc > -- > > Key: OFBIZ-10295 > URL: https://issues.apache.org/jira/browse/OFBIZ-10295 > Project: OFBiz > Issue Type: Sub-task >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > Attachments: > Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch, > Payment-gateway-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content acc-payment-gateway.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036225#comment-17036225 ] Pierre Smits commented on OFBIZ-10833: -- HI [~sberg], Is this patch also somewhere implemented in a development/feature branch in a publicly available git repo (e.g. on Github)? If so, it may be beneficial to fellow community members to use that for review (and other collaboration) purposes. And if everything checks out, the project can/may decide to use a pull request to establish an officially endorsed 'OFBiz feature branch' to make it available to the entire community, or directly merge it into another branch (trunk and or release branch). IMO, providing enhancement contributions (bug fixes, improvements and new features) through development branches in public git repos is more favourable as it leverages key feature(s) of git. It avoids you to upload additional enhancements to the solution to this tickets, but also to have reviewing community members to download these enhancements and apply them to their review branch. > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. > h1. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036221#comment-17036221 ] Sebastian Berg commented on OFBIZ-10833: Hi, I created a patch containing the missing contentAssoc and the revert so that by updating the child the parent is no longer updated. This should fix the issue. > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. > h1. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10833) CMS add content not working
[ https://issues.apache.org/jira/browse/OFBIZ-10833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sebastian Berg updated OFBIZ-10833: --- Attachment: OFBIZ-10833.patch > CMS add content not working > --- > > Key: OFBIZ-10833 > URL: https://issues.apache.org/jira/browse/OFBIZ-10833 > Project: OFBiz > Issue Type: Bug > Components: content >Affects Versions: Trunk, 17.12.01 >Reporter: Ingo Wolfmayr >Assignee: Michael Brohl >Priority: Major > Fix For: 17.12.01, 18.12.01 > > Attachments: LogCreateContent.txt, OFBIZ-10833.patch, > OFBIZ-10833.patch, cms_addImage.patch > > > On demo: content --> "CmsSite" --> CMS: > Right click on one of the items to add "New Long Text" or "Image". > After saving the new content: > Edit WebSite CMS For: [] > "There is no Content PUBLISH_POINT for this WebSite!" > Having the same problem on a 17.12 local installation. > h1. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-10291) Add Document Content: acc-tax-authorities.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz updated OFBIZ-10291: --- Attachment: tax-authorities-Help-Docbook-file-migration-to-asciidoc_diff.patch > Add Document Content: acc-tax-authorities.adoc > -- > > Key: OFBIZ-10291 > URL: https://issues.apache.org/jira/browse/OFBIZ-10291 > Project: OFBiz > Issue Type: Sub-task >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > Attachments: > tax-authorities-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content for acc-tax-authorities.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10291) Add Document Content: acc-tax-authorities.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036195#comment-17036195 ] Olivier Heintz commented on OFBIZ-10291: The acc-taxe-authorities.adoc file and all the help files, which are included in documentation on the sub-chapter "Tax Authorities management in User Interface" [^tax-authorities-Help-Docbook-file-migration-to-asciidoc_diff.patch] > Add Document Content: acc-tax-authorities.adoc > -- > > Key: OFBIZ-10291 > URL: https://issues.apache.org/jira/browse/OFBIZ-10291 > Project: OFBiz > Issue Type: Sub-task >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > Attachments: > tax-authorities-Help-Docbook-file-migration-to-asciidoc_diff.patch > > > Add content for acc-tax-authorities.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-10291) Add Document Content: acc-tax-authorities.adoc
[ https://issues.apache.org/jira/browse/OFBIZ-10291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Olivier Heintz reassigned OFBIZ-10291: -- Assignee: Olivier Heintz > Add Document Content: acc-tax-authorities.adoc > -- > > Key: OFBIZ-10291 > URL: https://issues.apache.org/jira/browse/OFBIZ-10291 > Project: OFBiz > Issue Type: Sub-task >Reporter: Sharan Foga >Assignee: Olivier Heintz >Priority: Minor > > Add content for acc-tax-authorities.adoc -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036159#comment-17036159 ] James Yong commented on OFBIZ-11306: Hi Jacques, Encountered the following error when running tests: {code:java} Task :test org.apache.ofbiz.webapp.control.RequestHandlerTests$ResolveURITests > resolveURIBasicOverrideView FAILED java.lang.AssertionError at RequestHandlerTests.java:197 195 tests completed, 1 failed, 1 skipped {code} Cache size in properties seems large: {code:java} csrf.cache.size=5 {code} > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Sub-task > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: CsrfTokenAjaxTransform.java, CsrfTokenTransform.java, > CsrfUtil.java, OFBIZ-11306-alternative.patch, OFBIZ-11306-alternative.patch, > OFBIZ-11306-alternative.patch, OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using SecureRandom class (maybe later a JWT with a > "time out"). > They are stored in the user sessions (for AJAX calls and unauthenticated HTTP > calls) or OFBiz UtilCache (for authenticated HTTP calls), and verified during > POST request. > # In *controllers* a new csrf-token attribute is added to the security tag to > exempt or force CSRF token check. > # In *Widget Forms* a hidden token field is auto-generated. > # In *FTL form* a CSRF token is passed through <@ofbizUrl> to automatise the > change. Using <@ofbizUrl> macro to generate the CSRF token means there is no > need to manually add the CSRF token field to each form in the ftl files. It > will save time for users doing custom implementation and maintenance. While > there is CSRF token in the form URL, the token is invalidated during form > submission. So it's uniqueand harmless even though the CSRF token of the form > submission is shown in the browser address bar. > # For *Ajax calls* an ajaxPrefilter function (observer on DOM ready) is added > through OfbizUtil.js (itself called at start in decorators and such) > # The html metadata is storing the csrf token used by JQuery AJAX. This token > will not change to another value after it is consumed > # Csrf tokens for the user are removed from the UtilCache when the user logs > out or session invalidated. > The general rule are as follows: > * RequestMap configured with 'get' method will be exempted from CSRF token > check. > * RequestMap configured with 'post' or 'all' method will be subjected to CSRF > token check. (Note there are discussions that RequestMap with ‘all’ method > should also not be subjected to CSRF token check. This will be done after > ensuring a separate uri is used when posting changes.) > * "main" request URIs are exempted from CSRF token check. > * Setting csrf-token to false or true on the Request Map will override the > general rules above. > To implement: > * -Allow token map size to be configurable in properties.- OK that's done > locally > To Discuss: > * Invalidate authenticated user session when CSRF token check fails. > * Configure the general rules in a Service method (which will be run inside > the constructor of RequestMap class) when determining the final > securityCsrfToken value. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11347) Add GraphQL component
[ https://issues.apache.org/jira/browse/OFBIZ-11347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17036051#comment-17036051 ] Michael Brohl commented on OFBIZ-11347: --- Hotwax has filed an CCLA so no problems here. > Add GraphQL component > - > > Key: OFBIZ-11347 > URL: https://issues.apache.org/jira/browse/OFBIZ-11347 > Project: OFBiz > Issue Type: New Feature > Components: ALL PLUGINS >Affects Versions: Trunk >Reporter: Girish Vasmatkar >Assignee: Girish Vasmatkar >Priority: Minor > > Here's the relevant discussion around having a GraphQL component for OFBiz- > [https://lists.apache.org/thread.html/r2fd1decca7a71ae2270a0e2d1f03ed69a69253f68f957626c386a11a%40%3Cdev.ofbiz.apache.org%3E] > Also, add the capability for OFBiz to communicate with a GraphQL endpoint. > Below repository contains GraphQL endpoint configuration for OFBiz. Further > details can be found in README. > [https://github.com/hotwax/ofbiz-graphql] > -- This message was sent by Atlassian Jira (v8.3.4#803005)