- 27 Jan, 2020 7 commits
-
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Jérome Perrin authored
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02 We choose Lax and not Strict so that we can open links to ERP5 from external applications and so that OAuth Logins work. Implementing the "two cookies, one for read one for write" approach suggested in https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-8.8.2 would be too big change at this point.
-
Romain Courteaud authored
-
Romain Courteaud authored
SameSite=None breaks the compatibility with some browser versions. https://www.chromium.org/updates/same-site/incompatible-clients
-
- 24 Jan, 2020 4 commits
-
-
Jérome Perrin authored
Allow python's cryptographically secure pseudorandom number generator for usage in restricted python and use it where it makes sense. This also change the API of `Person_generatePassword` which no longer allow to control the number of letters and numbers. /reviewed-on nexedi/erp5!847
-
Jérome Perrin authored
This script no longer allow to control the number of letters and digit
-
Jérome Perrin authored
Using same method as python 3.6's secrets module and a bit longer token that what python currently recommends, since we were using very very long tokens until now (so that it does not look like a "regression")
-
Jérome Perrin authored
- use system random - generate longer password with a larger space API change in an incompatible way, it's no longer possible to control the number of alpha and numeric. This was reducing a lot the number of combinations, so it's better to break so that callers stop generating too weak passwords.
-
- 23 Jan, 2020 2 commits
-
-
Georgios Dagkakis authored
to make the difference with other fields more visible
-
Jérome Perrin authored
If we rename a script used as external validator, we don't have way of detecting that this script might be used, so add to the "static checks" a check that for every field referencing an external validator, this validator can actually be traversed. /reviewed-on nexedi/erp5!1031
-
- 22 Jan, 2020 2 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
Check that script exists.
-
- 20 Jan, 2020 4 commits
-
-
Vincent Pelletier authored
Like a real-world user.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
__ac_name & __ac_password are only useful to get a cookie, so only use them when the test is actually expecting a cookie.
-
Vincent Pelletier authored
One inline javascript snippet less.
-
- 17 Jan, 2020 3 commits
-
-
Kazuhiko Shiozaki authored
-
Romain Courteaud authored
-
Arnaud Fontaine authored
-
- 16 Jan, 2020 2 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
-
- 15 Jan, 2020 6 commits
-
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Arnaud Fontaine authored
ZODB Components: Preparation of erp5_base migration from FS: Fix pylint no-name-in-module on newTempXXX (04b49859).
-
Jérome Perrin authored
Change upgrader internal API to use `filter_dict` instead of `filter` which is a builtin. Remove a lot of unused code in extensions /reviewed-on nexedi/erp5!1014
-
- 14 Jan, 2020 10 commits
-
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
ZODB Components: Preparation of erp5_base migration from FS: Fix pylint no-name-in-module on newTempXXX (04b49859).
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
ZODB Components: BusinessTemplate: On migration dialog, ignore source files not available anymore (ex: change branch).
-