- 06 Feb, 2020 1 commit
-
-
Vincent Pelletier authored
Also covers traversal (and a lot more).
-
- 05 Feb, 2020 3 commits
-
-
Romain Courteaud authored
-
Romain Courteaud authored
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02 SameSite=None breaks the compatibility with some browser versions. https://www.chromium.org/updates/same-site/incompatible-clients We choose Lax and not Strict so that we can open links to ERP5 from external applications and so that OAuth Logins work. Implementing the "two cookies, one for read one for write" approach suggested in https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-8.8.2 would be too big change at this point. Allow instances to surcharge the SameSite value for some specific domains if needed, by surcharging the ERP5Site_getAuthCookieSameSite script.
-
Vincent Pelletier authored
-
- 04 Feb, 2020 1 commit
-
-
Romain Courteaud authored
-
- 03 Feb, 2020 1 commit
-
-
Jérome Perrin authored
This uses a different approach that what I was using in the past. I'm no longer trying to rename skins that does not match our naming conventions, but just adding them the the "ignore list". This would still allow to detect when new wrongly named scripts are introduced without risking regressions when we rename a script that was used from some places we did not change (like project customisations). /reviewed-on nexedi/erp5!1041
-
- 31 Jan, 2020 8 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
This was a false positive
-
Jérome Perrin authored
-
- 30 Jan, 2020 3 commits
-
-
Jérome Perrin authored
We should be able to configure a group calendar saying that the pattern is "from 9:00 to 12:00, repeat every monday morning" with a group calendar assignment saying "use this pattern from 01/01/2016 until 31/12/2016" and then create another group calendar assignment for 2017 without having to change the periodicity stop date on all presence periods of the group calendar. I think it should repeat from group calendar assignment's start date until min(group calendar assignment's stop date, presence period's periodicity stop date). /reviewed-on !125
-
Jérome Perrin authored
-
Jérome Perrin authored
/reviewed-on nexedi/erp5!940
-
- 29 Jan, 2020 6 commits
-
-
Jérome Perrin authored
- update PresencePeriod.getNextPeriodicalDate with fixes from 6155f7ff - do not use addToDate, but simply DateTime arithmetics that unlike addToDate, works correctly
-
Jérome Perrin authored
-
Jérome Perrin authored
Shared parts received from test node will be passed as SLAPOS_TEST_SHARED_PART_LIST environment variable to egg tests. This will be useful for SLAPOS-SR tests.
-
Jérome Perrin authored
Some test suites who install software during the test, such as SLAPOS-SR tests, could benefit from reusing already installed shared parts. The convention is that --shared_part_list is a os.pathsep (:) separated list of paths of read-only shared parts in which the test is not allowed to write.
-
Jérome Perrin authored
Shared parts speed up compilation time and is becoming the standard in SlapOS software installations, so it makes sense to use it in our test nodes, as it also gives one more opportunity to test this feature. erp5testnode configuration file supports a new shared_part_list option, that can be set to a \n separated list of paths to use for shared parts, following the same rules as slapos.core and slapos.recipe.cmmi (ie. the first ones are read-only and the last one is read-write). This shared_part_list option will be set in slapos.cfg used to compile both the "software for testnode" (ie. selenium-runner) and later the softwares under tests. The software under tests will also use a local directory for each test suite to install shared suite. The directory structure is now: srv/ shared/ (shared parts to install selenium runner) slapos/ soft/ (selenium-runner software) testnode/ foo/ # test suite with reference foo inst/ (partitions of tested software) shared/ (shared parts to install tested software) soft/ (tested software) and in the configuration srv/shared will be set as initial shared_part_list. When installing selenium-runner, srv/shared/ is used to write shared parts. These shared parts are never removed. When installing software under test, srv/shared/ and srv/testnode/foo/shared/ are used. If parts are found in srv/shared they are used, if they are not found, they are installed in srv/testnode/foo/shared/. In practice, this should mean that the shared parts installed by selenium-runner will be reused for all tested softwares and this should speed up initial installation of these softwares. Currently, nothing is implemented regarding removal of unused shared parts, but in our case: - srv/testnode/foo/shared/ will be removed when "foo" is removed. - srv/shared/ should be used only when installing selenium-runner. If this starts to use too much disk space, one quick and dirty workaround could be to destroy the test node instance and re-create it.
-
Jérome Perrin authored
Use monaco editor with https://github.com/joe-re/sql-language-server completion provider bundled in https://lab.nexedi.com/jerome/monaco-editor-sql-completion-provider This completion provider is not perfect, but codemirror's one was not so good either. At least we can use monaco editor. Also add a quick "copy to cliboard" feature, which copies the table as html or in markdown format for text. And also fix Server-Timing header that was an obsolete syntax no longer supported by chrome. /reviewed-on nexedi/erp5!1036
-
- 28 Jan, 2020 1 commit
-
-
Jérome Perrin authored
The fixes from nexedi/erp5!630 were not enough, exceptions set on days were calendar did not repeat were also confusing other exceptions after this. Simplify implementation a lot, instead of keeping track of the next exception date, start by building a set of all exceptions dates and use membership of this set as a criterion to skip exceptions. /reviewed-on nexedi/erp5!1030
-
- 24 Jan, 2020 4 commits
-
-
Jérome Perrin authored
Allow python's cryptographically secure pseudorandom number generator for usage in restricted python and use it where it makes sense. This also change the API of `Person_generatePassword` which no longer allow to control the number of letters and numbers. /reviewed-on nexedi/erp5!847
-
Jérome Perrin authored
This script no longer allow to control the number of letters and digit
-
Jérome Perrin authored
Using same method as python 3.6's secrets module and a bit longer token that what python currently recommends, since we were using very very long tokens until now (so that it does not look like a "regression")
-
Jérome Perrin authored
- use system random - generate longer password with a larger space API change in an incompatible way, it's no longer possible to control the number of alpha and numeric. This was reducing a lot the number of combinations, so it's better to break so that callers stop generating too weak passwords.
-
- 23 Jan, 2020 2 commits
-
-
Georgios Dagkakis authored
to make the difference with other fields more visible
-
Jérome Perrin authored
If we rename a script used as external validator, we don't have way of detecting that this script might be used, so add to the "static checks" a check that for every field referencing an external validator, this validator can actually be traversed. /reviewed-on nexedi/erp5!1031
-
- 22 Jan, 2020 2 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
Check that script exists.
-
- 20 Jan, 2020 4 commits
-
-
Vincent Pelletier authored
Like a real-world user.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
__ac_name & __ac_password are only useful to get a cookie, so only use them when the test is actually expecting a cookie.
-
Vincent Pelletier authored
One inline javascript snippet less.
-
- 17 Jan, 2020 3 commits
-
-
Kazuhiko Shiozaki authored
-
Romain Courteaud authored
-
Arnaud Fontaine authored
-
- 16 Jan, 2020 1 commit
-
-
Jérome Perrin authored
-