assetmaint

Clone Tools
  • last updated 14 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Corrected some line is longer than 150 characters checkstyle issues. Also fixed some extra spaces and naming conventions related checkstyle issues. (OFBIZ-11921)

  1. … 47 more files in changeset.
Improved: Corrected some single line statements to fix checkstyle issues, also removed some remaining extra spaces from code to avoid checkstyle erros in plugins component. (OFBIZ-11886)

  1. … 36 more files in changeset.
Improved: Use Error.ftl everywhere it's not yet used (OFBIZ-11890)

Removes all error*.jsp reference, no longer used

    • -53
    • +0
    ./webapp/assetmaint/error/error.jsp
    • -27
    • +0
    ./webapp/assetmaint/error/error403.jsp
    • -27
    • +0
    ./webapp/assetmaint/error/error404.jsp
  1. … 16 more files in changeset.
Improved: Corrected all checkstyle formatting issues: 'typecast' is not followed by whitespace in plugins component. (OFBIZ-11887)

  1. … 24 more files in changeset.
Improved: Corrected checkstyle formatting issues, 'is preceded/not preceded with whitespace' for plugins component. (OFBIZ-11874) This fixes following checkstyle issues: '{' is not preceded with whitespace.

'{' is not followed by whitespace.

'}' is not followed by whitespace.

'}' is not preceded with whitespace.

'typecast' is not followed by whitespace.

'try' is not followed by whitespace.

';' is preceded with whitespace.

  1. … 31 more files in changeset.
Improved: Corrected remaining ', is not followed by whitespace' checkstyle errors in plugin component. (OFBIZ-11805)

  1. … 8 more files in changeset.
Improved: Convert FixedAssetMaintTests.xml to groovy (OFBIZ-11444) (#29)

* [Improved] Convert FixedAssetMaintTests.xml to groovy

Done the following

- Removed the xml tests file

- Updated the test suite mappings to point to the groovy test file

- Added Groovy implementation for all the test cases in FixedAssetMaintTests.xml

(OFBIZ-11444)

* [Improved]: Removed the userlogin fetching logic as the userlogin is already available in the groovy context. (OFBIZ-11444)

Co-authored-by: Priya Sharma <priya.sharma@hotwaxsystems.com>

    • -146
    • +0
    ./minilang/test/FixedAssetMaintTests.xml
Improved: Change resources with proper naming convention in all plugin components. (OFBIZ-11739) Also, made MODULE as private data member of class instead of public. Thanks Jacques for review.

  1. … 63 more files in changeset.
Fixed: Application 'ismgr' doesn't show up

(OFBIZ-11704)

fixed: app-bar-display (from 'false' to 'true'

added: OFBTOOLS to base-permission

Improved: replaces module by MODULE everywhere

  1. … 73 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 19 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 19 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 19 more files in changeset.
Improvement: Print and Export of ViewFacilityInventoryByProduct report into new window (OFBIZ-10526)

Thanks, Sourabh Punyani and Pierre Smits for your contribution.

  1. … 1 more file in changeset.
Improved: AssetMaint labels

(OFBIZ-10561)

removed: unused labels

Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

(cherry picked from commit 1158664ba37264fa6b8429033bad768175ff10d5)

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 24 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

  1. … 24 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 24 more files in changeset.
Improved: Remove redundant type declarations (OFBIZ-10937)

Since Java 1.7, when defining generic types it is unnecessary to

redefine those types in the constructor when it is already done in the

declared type.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1860025 13f79535-47bb-0310-9956-ffa450edef68

  1. … 43 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1851073 13f79535-47bb-0310-9956-ffa450edef68

  1. … 21 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1851072 13f79535-47bb-0310-9956-ffa450edef68

  1. … 21 more files in changeset.
Fixed: Add session tracking mode and make cookie secure (OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1851068 13f79535-47bb-0310-9956-ffa450edef68

  1. … 21 more files in changeset.
Improved : Remove all unnecessary boxing and unboxing in Java classes (OFBIZ-10504)

Thanks Taher, Jacques, Mathieu and Rishi for the review

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1837578 13f79535-47bb-0310-9956-ffa450edef68

  1. … 16 more files in changeset.
Improved: ID should be the abbreviation for identity in English (OFBIZ-100131)

Also cover non-English translations

Thanks: Jacques for the additional patch

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1820450 13f79535-47bb-0310-9956-ffa450edef68

  1. … 5 more files in changeset.
Improved: The main logo in screen upper part shows distorted (OFBIZ-9990)

Forgot the plugins :/

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1816932 13f79535-47bb-0310-9956-ffa450edef68

  1. … 15 more files in changeset.
No functional change

Changes the OFBiz logo file name as it has been changed in the site

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1813480 13f79535-47bb-0310-9956-ffa450edef68

  1. … 9 more files in changeset.
Improved: Manage life span of SecurityGroupPermission entity. Applied patch from jira issue(OFBIZ-9801) Thanks Suraj Khurana for your contribution

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1812384 13f79535-47bb-0310-9956-ffa450edef68

    • -4
    • +4
    ./data/AssetMaintSecurityGroupDemoData.xml
    • -1
    • +1
    ./data/AssetMaintSecurityPermissionSeedData.xml
  1. … 22 more files in changeset.
Improved: Add session tracking mode and make cookie secure (OFBIZ-6655)

Programmatically replaces the web.xml <session-config> declarations and uses

the @WebListener annotation to start the process. This avoid to duplicates

things everywhere in web.xml files. Since the web.xml files have precedence

on annotations, the setting can be easily overridden when necessary.

Now that we also use HTTPS in ecommerce the ecommerce session cookie is

also secured.

I also noted that we had 8 weird <session-timeout> declarations:

in solr component: <session-timeout>2</session-timeout>

in themes: <session-timeout>1</session-timeout>

Also in Rainbowstone we lacked the <cookie-config> and <tracking-mode>

declarations. I think it's not good.

I resolve these points by simply removing the <session-config> in web.xml files

of themes and Solr.

Thanks: Pradhan Yash Sharma for review

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1811041 13f79535-47bb-0310-9956-ffa450edef68

  1. … 23 more files in changeset.
Improved:Use from-field pattern instead of value=dollor pattern in 'set' element Apply slightly modified patch from jira issue, fixed some typo (OFBIZ-9607) Thanks Suraj Khurana and Rohit Rai for your contribution.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1806327 13f79535-47bb-0310-9956-ffa450edef68

  1. … 25 more files in changeset.
Implemented: Change all <set> screen and script groovy that call widget.properties values replaced by call to modelTheme (OFBIZ-9138 Create a common theme)

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1806175 13f79535-47bb-0310-9956-ffa450edef68

  1. … 5 more files in changeset.