webpos

Clone Tools
  • last updated a few minutes ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Improved: Change resources with proper naming convention in all plugin components. (OFBIZ-11739) Also, made MODULE as private data member of class instead of public. Thanks Jacques for review.

  1. … 61 more files in changeset.
Improved: Apply multi-block attr to each application (OFBIZ-11706)

For remaining plugin applications.

  1. … 13 more files in changeset.
Improved: replaces module by MODULE everywhere

  1. … 70 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Fixed: Ensure that the SameSite attribute is set to 'strict' for all cookies.

(OFBIZ-11470)

As reported by OWASP ZAP:

A cookie has been set without the SameSite attribute, which means that the

cookie can be sent as a result of a 'cross-site' request. The SameSite attribute

is an effective counter measure to cross-site request forgery, cross-site script

inclusion, and timing attacks.

The solution was not obvious in OFBiz for 2 reasons:

1. There is no HttpServletResponse::setHeader. So we need to use a filter

(SameSiteFilter) and even that is not enough because of 2:

2. To prevent session fixation we force Tomcat to generates a new jsessionId,

ultimately put in cookie, in LoginWorker::login. So we need to add a call to

SameSiteFilter::addSameSiteCookieAttribute in

UtilHttp::setResponseBrowserDefaultSecurityHeaders.

  1. … 20 more files in changeset.
Implemented: Remove the user login security question.

(OFBIZ-11244)

Thanks Wiebke Pätzold for providing the patch.

  1. … 1 more file in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

(cherry picked from commit 1158664ba37264fa6b8429033bad768175ff10d5)

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

  1. … 25 more files in changeset.
Fixed: Add XML declaration in “web.xml” files (OFBIZ-6993)

These declarations avoid SAXParseException traceback when parsing web.xml

the first time in WebappUtil.parseWebXmlFile

A schema conformance issue has been fixed in ecommerce “web.xml”.

# Conflicts handled by hand

# msggateway/webapp/msggateway/WEB-INF/web.xml

  1. … 25 more files in changeset.
Fixed: Add missing view permissions checks to various screens.

  1. … 3 more files in changeset.
Fixed: Add missing view permissions checks to various screens.

  1. … 3 more files in changeset.
Fixed: Add missing view permissions checks to various screens.

  1. … 3 more files in changeset.
Improved: no functional change

In r1868022 I added the POS_SALES_CHANNEL was suggested in OFBIZ-10965. Actually

that was wrong. Tt's already in PosTypeData.xml though with a wrong sequenceId

This fixes it

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1868023 13f79535-47bb-0310-9956-ffa450edef68

Improved: Do not use ‘UtilMisc#toList’ (OFBIZ-11140)

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1863390 13f79535-47bb-0310-9956-ffa450edef68

Improved: Use Groovy Truth instead of UtilValidate Class in Groovy (OFBIZ-11064)

As we all know, Groovy is a powerful language with great built-in functions.

Groovy Truth[1] is one of them, which is not used properly in our code base.

We have used UtilValidate Class to validate arguments for Empty or NotEmpty,

which can easily be done in groovy with built-in functionality[1].

Current Code: if (UtilValidate.isNotEmpty(locations)) { ... }

Groovy Built-in Code: if (locations) { ... }

[1] - http://groovy-lang.org/semantics.html#Groovy-Truth

We need to careful for some points while we change this:

Like:

maxRetry = 0

if (!maxRetry)

{ // Not set, use a default maxRetry = -1 }

Because groovy evaluates zero to be false, it wouldn't be possible to set

maxRetry to zero. So it's best not to use groovy truth for null-checks on

numbers in some cases.

Thanks: Pawan Verma

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1860051 13f79535-47bb-0310-9956-ffa450edef68

  1. … 12 more files in changeset.
Improved: Remove redundant type declarations (OFBIZ-10937)

Since Java 1.7, when defining generic types it is unnecessary to

redefine those types in the constructor when it is already done in the

declared type.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1860025 13f79535-47bb-0310-9956-ffa450edef68

  1. … 40 more files in changeset.
"Applied fix from plugins for revision: 1859012" ------------------------------------------------------------------------ r1859012 | jleroux | 2019-05-09 16:32:35 +0200 (jeu. 09 mai 2019) | 6 lignes

Fixed: Touch F8 in webpos does not work and generate an error

(OFBIZ-11010)

Adds missing data for POS_SALES_CHANNEL fix this issue, was removed in r1754402.

Thanks: Pawan Verma

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1859014 13f79535-47bb-0310-9956-ffa450edef68

"Applied fix from plugins for revision: 1859012" ------------------------------------------------------------------------ r1859012 | jleroux | 2019-05-09 16:32:35 +0200 (jeu. 09 mai 2019) | 6 lignes

Fixed: Touch F8 in webpos does not work and generate an error

(OFBIZ-11010)

Adds missing data for POS_SALES_CHANNEL fix this issue, was removed in r1754402.

Thanks: Pawan Verma

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1859013 13f79535-47bb-0310-9956-ffa450edef68

Fixed: Touch F8 in webpos does not work and generate an error (OFBIZ-11010)

Adds missing data for POS_SALES_CHANNEL fix this issue, was removed in r1754402.

Thanks: Pawan Verma

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1859012 13f79535-47bb-0310-9956-ffa450edef68

Applied fix from trunk for revision: 1858289 ===

Fixed: Shortkeys missing on WebPOS.

(OFBIZ-10961)

It was broken after jQuery update on rev #1850712.

Thanks Padmavati Rawat for reporting and Rohit Koushal for providing the patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1858290 13f79535-47bb-0310-9956-ffa450edef68

    • -1
    • +1
    ./webapp/webpos/images/js/WebPosHotkeys.js
Fixed: Shortkeys missing on WebPOS. (OFBIZ-10961) It was broken after jQuery update on rev #1850712. Thanks Padmavati Rawat for reporting and Rohit Koushal for providing the patch.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1858289 13f79535-47bb-0310-9956-ffa450edef68

    • -1
    • +1
    ./webapp/webpos/images/js/WebPosHotkeys.js
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1851073 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
"Applied fix from plugins for revision: 1851068 " ------------------------------------------------------------------------ r1851068 | jleroux | 2019-01-11 17:12:01 +0100 (ven. 11 janv. 2019) | 12 lignes

Fixed: Add session tracking mode and make cookie secure

(OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1851072 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
Fixed: Add session tracking mode and make cookie secure (OFBIZ-6655)

Following "Session timeout for webapps" discussion on dev ML

https://markmail.org/message/p6fbiojjrwb2ybxd

We decided to put back the session-timeout value in web.xml files and to remove

the line

session.setMaxInactiveInterval(60*60); //in seconds

from ControlEventListener.java

Thanks: Deepak Nigam for report and Girish Vasmatkar for discussion

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1851068 13f79535-47bb-0310-9956-ffa450edef68

  1. … 22 more files in changeset.
Applied fix from trunk for revision: 1850712 ===

Improved: Replace jQuery.bind() with jQuery.on()

(OFBIZ-10758)

As of jQuery 3.0, .bind() has been deprecated. It was superseded by the .on() method for attaching event handlers to a document.

Additional change:

Improved boolean returns with single statement, replacing if blocks with explicit boolean return.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release18.12@1850714 13f79535-47bb-0310-9956-ffa450edef68

    • -14
    • +14
    ./template/shortcuts/Shortcuts.ftl
    • -4
    • +4
    ./webapp/webpos/images/js/ChooseVariant.js
    • -7
    • +7
    ./webapp/webpos/images/js/CloseTerminal.js
    • -2
    • +2
    ./webapp/webpos/images/js/EditAddress.js
    • -3
    • +3
    ./webapp/webpos/images/js/OpenTerminal.js
    • -4
    • +4
    ./webapp/webpos/images/js/PaidOutAndIn.js
    • -12
    • +12
    ./webapp/webpos/images/js/PayCreditCard.js
    • -5
    • +5
    ./webapp/webpos/images/js/PayGiftCard.js
    • -3
    • +3
    ./webapp/webpos/images/js/PromoCode.js
    • -6
    • +6
    ./webapp/webpos/images/js/SearchParties.js
    • -6
    • +6
    ./webapp/webpos/images/js/SearchPartiesResults.js
  1. … 7 more files in changeset.
Improved: Replace jQuery.bind() with jQuery.on() (OFBIZ-10758) As of jQuery 3.0, .bind() has been deprecated. It was superseded by the .on() method for attaching event handlers to a document. Additional change: Improved boolean returns with single statement, replacing if blocks with explicit boolean return.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1850712 13f79535-47bb-0310-9956-ffa450edef68

    • -14
    • +14
    ./template/shortcuts/Shortcuts.ftl
    • -4
    • +4
    ./webapp/webpos/images/js/ChooseVariant.js
    • -7
    • +7
    ./webapp/webpos/images/js/CloseTerminal.js
    • -2
    • +2
    ./webapp/webpos/images/js/EditAddress.js
    • -3
    • +3
    ./webapp/webpos/images/js/OpenTerminal.js
    • -4
    • +4
    ./webapp/webpos/images/js/PaidOutAndIn.js
    • -12
    • +12
    ./webapp/webpos/images/js/PayCreditCard.js
    • -5
    • +5
    ./webapp/webpos/images/js/PayGiftCard.js
    • -3
    • +3
    ./webapp/webpos/images/js/PromoCode.js
    • -6
    • +6
    ./webapp/webpos/images/js/SearchParties.js
    • -6
    • +6
    ./webapp/webpos/images/js/SearchPartiesResults.js
  1. … 7 more files in changeset.
Improved: Themes can't be changed in webpos (OFBIZ-10767)

Following this discussion on dev ML I decided to test it on Ubuntu in my Windows

7 VM and it works there.

Just that you don't automatically get back to the webpos page when changing theme

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1850552 13f79535-47bb-0310-9956-ffa450edef68

    • -0
    • +14
    ./webapp/webpos/WEB-INF/controller.xml
"Applied fix from plugins for revision: 1845558 " ------------------------------------------------------------------------ r1845558 | jleroux | 2018-11-02 10:46:42 +0100 (ven. 02 nov. 2018) | 15 lignes

Fixed: Correct behaviour of Autologin cookies

(OFBIZ-10635)

Renames "keep-autologin-cookie" to "use-autologin-cookie", and only create

Autologin cookies when needed. No need to create Autologin cookies in

applications that don't need it.

Don't pass webAppName to LoginWorker::getSecuredUserLoginId, that can be handled

with improved LoginWorker::getSecuredLoginIdCookieName

Removes LoginWorker::autoLogoutCleanCookies, no longer needed since only those

needed are created and kept (1 year at least after creation).

For both autoLogin and securedLoginId cookies sets the path to the application.

------------------------------------------------------------------------

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/branches/release17.12@1845569 13f79535-47bb-0310-9956-ffa450edef68

  1. … 1 more file in changeset.
Fixed: Correct behaviour of Autologin cookies (OFBIZ-10635)

Renames "keep-autologin-cookie" to "use-autologin-cookie", and only create

Autologin cookies when needed. No need to create Autologin cookies in

applications that don't need it.

Don't pass webAppName to LoginWorker::getSecuredUserLoginId, that can be handled

with improved LoginWorker::getSecuredLoginIdCookieName

Removes LoginWorker::autoLogoutCleanCookies, no longer needed since only those

needed are created and kept (1 year at least after creation).

For both autoLogin and securedLoginId cookies sets the path to the application.

git-svn-id: https://svn.apache.org/repos/asf/ofbiz/ofbiz-plugins/trunk@1845558 13f79535-47bb-0310-9956-ffa450edef68

  1. … 1 more file in changeset.