Commits · c1d1176ea53af5c756d6fa83f7ea6e811af608ea · Romain Courteaud / erp5

27 Jan, 2020 12 commits
- [erp5_core] Switch test component editor to a renderJS gadget · c1d1176e
  Romain Courteaud authored May 31, 2018
```
Allow edition in the new UI
```
  c1d1176e
- [HARDCODED] [romain_dev] wip tools · ad13890c
  Romain Courteaud authored Sep 06, 2019
  
  ad13890c
- [HARDCODED] [ERP5Type/component] Desactive python linting when saving · a12f6553
  Romain Courteaud authored Dec 03, 2018
```
This make everything slow as hell and prevent to quickly save.
```
  a12f6553
- [HARDCODED] Reduce zelenium timeout · 7fd3a49c
  Romain Courteaud authored Dec 16, 2016
  
  7fd3a49c
- [HARDCODED] Reduce number of test to run · 6827a2d7
  Romain Courteaud authored Nov 07, 2016
  
  6827a2d7
- erp5_core: parse actual_url · 958ef680
  Romain Courteaud authored Jan 27, 2020
  
  958ef680
- erp5_core: server_url is not in environ · c34b4b2b
  Romain Courteaud authored Jan 24, 2020
  
  c34b4b2b
- erp5_core: coding style · c67b8d52
  Romain Courteaud authored Jan 23, 2020
  
  c67b8d52
- erp5_core: rename · 8e4cf2c9
  Romain Courteaud authored Jan 23, 2020
  
  8e4cf2c9
- core: set SameSite=Lax on authentication cookie · ecf62bfe
  Jérome Perrin authored Nov 19, 2018
```
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02

We choose Lax and not Strict so that we can open links to ERP5 from
external applications and so that OAuth Logins work. Implementing the
"two cookies, one for read one for write" approach suggested in
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-8.8.2
would be too big change at this point.
```
  ecf62bfe
- erp5_core: allow instances to surchage the SameSite value · b74a06d2
  Romain Courteaud authored Jan 16, 2020
  
  b74a06d2
- erp5_core: Use SameSite=Lax cookie · f987eff3
  Romain Courteaud authored Jan 15, 2020
```
SameSite=None breaks the compatibility with some browser versions.
https://www.chromium.org/updates/same-site/incompatible-clients
```
  f987eff3
24 Jan, 2020 4 commits

Jérome Perrin authored Mar 18, 2019

Allow python's cryptographically secure pseudorandom number generator for usage in restricted python and use it where it makes sense.

This also change the API of `Person_generatePassword` which no longer allow to control the number of letters and numbers.

/reviewed-on nexedi/erp5!847

1764c526

credential: follow Person_generatePassword API change · f25ef810
Jérome Perrin authored Jan 24, 2020
```
This script no longer allow to control the number of letters and digit
```
f25ef810

access_token: use os.urandom to generate token · 201a596c

Jérome Perrin authored Jan 16, 2020

Using same method as python 3.6's secrets module and a bit longer token
that what python currently recommends, since we were using very very
long tokens until now (so that it does not look like a "regression")

201a596c

base: generate a stronger passwords in Person_generatePassword · 758fc366

Jérome Perrin authored Jan 16, 2020

- use system random
- generate longer password with a larger space

API change in an incompatible way, it's no longer possible to control
the number of alpha and numeric. This was reducing a lot the number of
combinations, so it's better to break so that callers stop generating
too weak passwords.

758fc366

23 Jan, 2020 2 commits

erp5_web_renderjs_ui: Set label color or required field to black · 487dbafb
Georgios Dagkakis authored Jan 23, 2020
```
to make the difference with other fields more visible
```
487dbafb

Check fields uses existing scripts as external validator · b41f0737

Jérome Perrin authored Jan 17, 2020

If we rename a script used as external validator, we don't have way of detecting that this script might be used, so add to the "static checks" a check that for every field referencing an external validator, this validator can actually be traversed.

/reviewed-on nexedi/erp5!1031

b41f0737

22 Jan, 2020 2 commits
- testXHTML: check external validators on fields · c685c027
  Jérome Perrin authored Jan 17, 2020
  
  c685c027
- administration: add utility script to check external validators on fields · ac49cc24
  Jérome Perrin authored Jan 17, 2020
```
Check that script exists.
```
  ac49cc24
20 Jan, 2020 4 commits
- ERP5TypeFunctionalTestCase: Use login_form to get authentication cookie. · bea28e78
  Vincent Pelletier authored Jan 17, 2020
```
Like a real-world user.
```
  bea28e78
- tests: Make cookie generation request a bit more realistic. · cf7b8110
  Vincent Pelletier authored Jan 17, 2020
  
  cf7b8110
- tests: Use self.request(..., basic='...') to simulate authentication. · 6940b138
  Vincent Pelletier authored Jan 17, 2020
```
__ac_name & __ac_password are only useful to get a cookie, so only use them
when the test is actually expecting a cookie.
```
  6940b138
- erp5_xhtml_style: Move main form's onsubmit handler to javascript file. · bd9c5836
  Vincent Pelletier authored Jan 16, 2020
```
One inline javascript snippet less.
```
  bd9c5836
17 Jan, 2020 3 commits
- fixup! rewrite anonymous support in selection. · 56ccb491
  Kazuhiko Shiozaki authored Jan 15, 2020
  
  56ccb491
- erp5_document_scanner_ui_test: add missing bt5 dependency · 1cc2c2db
  Romain Courteaud authored Jan 17, 2020
  
  1cc2c2db
- ERP5: Remove security definition on function not existing anymore. · 2688dfb8
  Arnaud Fontaine authored Jan 16, 2020
  
  2688dfb8
16 Jan, 2020 2 commits
- patches/Restricted: allow os.urandom · f4777c63
  Jérome Perrin authored Mar 18, 2019
  
  f4777c63
- patches/Restricted: allow random.SystemRandom · 0972d806
  Jérome Perrin authored Mar 18, 2019
  
  0972d806
15 Jan, 2020 6 commits
- erp5_document_scanner: handle more asynchronous methods from cropper · 110d9931
  Romain Courteaud authored Jan 15, 2020
  
  110d9931
- erp5_document_scanner_ui_test: check generated pdf · aa2c92ce
  Romain Courteaud authored Jan 13, 2020
  
  aa2c92ce
- erp5_web_renderjs_ui_test: check that filter menu is used by jump action · 1116ad5b
  Romain Courteaud authored Jan 15, 2020
  
  1116ad5b
- erp5_jio: remove as not used and confusing · 6218c4c8
  Romain Courteaud authored Jan 14, 2020
  
  6218c4c8
- ZODB Components: Preparation of erp5_base migration from FS: Fix pylint... · 26e3c68b
  Arnaud Fontaine authored Jan 15, 2020
```
ZODB Components: Preparation of erp5_base migration from FS: Fix pylint no-name-in-module on newTempXXX (04b49859).
```
  26e3c68b
- upgrader: make upgrader pass coding style test · 062d17ca
  Jérome Perrin authored Dec 24, 2019
```
Change upgrader internal API to use `filter_dict` instead of `filter`
which is a builtin.
Remove a lot of unused code in extensions

/reviewed-on nexedi/erp5!1014
```
  062d17ca
14 Jan, 2020 5 commits
- ZODB Components: erp5_open_trade_periodicity_line: Migrate PeriodicityLine from FS. · 21cd9c2f
  Arnaud Fontaine authored Jan 14, 2020
  
  21cd9c2f
- ZODB Components: Preparation of erp5_base migration from FS: Fix pylint... · db0e6131
  Arnaud Fontaine authored Dec 25, 2019
```
ZODB Components: Preparation of erp5_base migration from FS: Fix pylint no-name-in-module on newTempXXX (04b49859).
```
  db0e6131
- ZODB Components: Preparation of erp5_base migration from FS: Fix pylint bad-indentation warnings. · 8c1669e6
  Arnaud Fontaine authored Dec 27, 2019
  
  8c1669e6
- ZODB Components: Preparation of erp5_base migration from FS: Fix pylint redefined-builtin warnings. · 232d4b45
  Arnaud Fontaine authored Dec 27, 2019
  
  232d4b45
- ZODB Components: Preparation of erp5_base migration from FS: Fix pylint unused-import warnings. · 5bb99fe1
  Arnaud Fontaine authored Dec 27, 2019
  
  5bb99fe1