1. 16 Jun, 2023 5 commits
    • Jérome Perrin's avatar
      PasswordTool: verify password match confirmation · 05a3390b
      Jérome Perrin authored
      This is supposed to be catched by an external validator on the field,
      but checking the one more time here supports custom dialogs where there
      might not be form level validation.
      05a3390b
    • Jérome Perrin's avatar
      PasswordTool: redirect with portal_status_level · 4cd0f2d8
      Jérome Perrin authored
      to indicate success or failure
      
      Also add a code comment about the changes from e50e45e4 (erp5_core:
      Password Tool should not leak info on users, 2020-12-30), because while
      looking at this code it seems there was a mistake here.
      4cd0f2d8
    • Jérome Perrin's avatar
      PasswordTool: fix password_confirm argument · c6a2c3eb
      Jérome Perrin authored
      It was wrongly named password_confirmation in some places and this was
      silently ignored because the parameter is not used at the moment and
      because of **kw in the signature.
      
      This is a preparatory commit so that we can check that the password and
      the confirmation match
      c6a2c3eb
    • Jérome Perrin's avatar
      testPasswordTool: modernize test · c4999893
      Jérome Perrin authored
      Rewrite to not use legacy "Sequence", some python3 fixes, use urllib
      to assert URLs, use more consistent passwords.
      
      Also extend coverage a bit: check that the email contains the key, check
      that login lookup does not use catalog search syntax.
      c4999893
    • Jérome Perrin's avatar
      PythonScript: fix Zope2 compatibility · b8cbf53d
      Jérome Perrin authored
      There is no zmi_icon on Zope2.
      b8cbf53d
  2. 15 Jun, 2023 1 commit
  3. 07 Jun, 2023 2 commits
  4. 06 Jun, 2023 1 commit
    • Rafael Monnerat's avatar
      erp5_accounting&trade&pdm: Missing set ConstraintType on constraints · 273f273a
      Rafael Monnerat authored
         This is expected that constraints can call getConstraintType() if they are filtered:
      
          return context.checkConsistency(fixit=1, filter={'constraint_type': 'post_upgrade'},)
        Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency
          error_list.extend(obj.fixConsistency(filter=filter, **kw))
        Module Products.ERP5Type.Base, line 2714, in fixConsistency
          return self.checkConsistency(fixit=True, filter=filter, **kw)
        Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency
          error_list.extend(obj.fixConsistency(filter=filter, **kw))
        Module Products.ERP5Type.Base, line 2714, in fixConsistency
          return self.checkConsistency(fixit=True, filter=filter, **kw)
        Module Products.ERP5Type.Core.Folder, line 1462, in checkConsistency
          **kw
        Module Products.ERP5Type.Base, line 2686, in checkConsistency
          for constraint_instance in self._filteredConstraintList(filter):
        Module Products.ERP5Type.Base, line 2739, in _filteredConstraintList
          constraints = [x for x in constraints if x.__of__(self).getConstraintType() in \
      AttributeError: 'RequestContainer' object has no attribute 'getConstraintType'
      273f273a
  5. 02 Jun, 2023 1 commit
  6. 30 May, 2023 1 commit
  7. 29 May, 2023 1 commit
    • Jérome Perrin's avatar
      oauth_google_login: apply a 10 seconds timeout when connecting to google server · e53f712e
      Jérome Perrin authored
      In case of network problems, the http requests made to google during
      login may take too long and cause global unavailability of the ERP5
      instance.
      
      Today we saw in long request logs:
      
          2023-05-29 07:10:35,662 - Thread 140596157511424: Started on 1685336511.6; Running for 524.1 secs; Same.
      
      oauth2client does not expose an API to set a timeout, but it allows
      passing a custom http instance where we can set a timeout.
      e53f712e
  8. 24 May, 2023 1 commit
  9. 18 May, 2023 4 commits
  10. 17 May, 2023 3 commits
  11. 16 May, 2023 4 commits
  12. 15 May, 2023 2 commits
  13. 12 May, 2023 2 commits
  14. 08 May, 2023 2 commits
  15. 03 May, 2023 2 commits
  16. 02 May, 2023 7 commits
    • Jérome Perrin's avatar
      ProcessingNodeTestCase: also setRequest in processing_node · 18deb716
      Jérome Perrin authored
      This is done on the process running test (by
      ERP5TypeTestCaseRequestConnection) and when using timerserver loop (by
      TimerServer which calls publish_module), but this was never set in
      processing_node.
      
      Before 3b874e49 (ERP5Type/tests: review requests in tests, 2023-04-19)
      getRequest could find a request anyway, because the test pached
      getRequest to find a request from the app, but after this change
      executing activities in an instance running with runUnitTest without
      test specified failed with:
      
          Module importlib, line 37, in import_module
            __import__(name)
          Module Products.ERP5Type.dynamic.component_package, line 412, in load_module
            return self.__load_module(fullname)
          Module Products.ERP5Type.dynamic.component_package, line 379, in __load_module
            erp5.component.ref_manager.add_module(module)
          Module Products.ERP5Type.dynamic.dynamic_module, line 75, in add_module
            self.add_request(get_request())
          Module Products.ERP5Type.dynamic.dynamic_module, line 53, in add_request
            self.setdefault(last_sync, (WeakSet(), set()))[0].add(request_obj)
          Module _weakrefset, line 86, in add
            self.data.add(ref(item, self._remove))
        TypeError: cannot create weak reference to 'NoneType' object
      
      ( maybe we remove processing_node and use only timerserver, these two
      methods are more or less equivalent for simple cases and timerserver is
      closer to what a "real" zope does )
      18deb716
    • Xiaowu Zhang's avatar
      a6f74a19
    • Jérome Perrin's avatar
      tests: execute `addCleanup` cleanups with ZODB connection · 25eb8920
      Jérome Perrin authored
      unittest executes the cleanups after `tearDown`, after the ZODB
      connection is closed, so accessing database objects cause errors.
      
      According to python unittest documentation, it is safe to call
      `doCleanups` ourselves when we need the cleanup to be executed earlier,
      this is a typical case where we want the cleanup to be called before
      closing the database connections.
      25eb8920
    • Jérome Perrin's avatar
      core: "better" default columns in Base_viewRelatedObjectListBase · 4350a316
      Jérome Perrin authored
      ID is not something we like to show to users, modification date and
      validation state can be better - this assumes that most of the
      relation are made to nodes, which typically have a validation state
      and not a simulation state.
      4350a316
    • Jérome Perrin's avatar
      ERP5Type/tests: review requests in tests · 3b874e49
      Jérome Perrin authored
      The general idea of this patch is that now that we are using
      zope.globalrequest, we no longer need to patch get_request, we can
      simply call zope.globalrequest.setRequest with the request from the
      test and restore the "real" request afterwards.
      
      To achieve this, we reuse Testing.ZopeTestCase.connections.registry,
      which already has the logic of cleaning up resources in the right place
      and use a "Request" resource that calls setRequest(test_request) and
      setRequest(real_request) when closed, so that:
       - test runs with an independant request
       - this test request is closed at the end
       - the real request is restored at the end
      
      This also fixes a bug with self.publish when runnning
      ERP5TypeLiveTestCase from portal_components of a running instance,
      after a call to self.publish the current request was lost.
      
      The testing for this revealed that ERP5TypeLiveTestCase.publish way
      of dealing with zope.security interaction was not always correct: when
      running a live test inside runUnitTest (like we do here in
      testDynamicClassGeneration), there is no security interaction. This
      was reviewed to use the high level API instead of changing directly the
      internal storage.
      3b874e49
    • Jérome Perrin's avatar
      core: expose `is_source` on `MovementHistoryListBrain` · e1ae4c69
      Jérome Perrin authored
      This can be useful when making a report on movements and when we list
      properties of the movements that depend on the side but are not
      directly exposed on MovementHistoryListBrain. One use case was
      `Movement_getSpecificReference`, which shows `source_reference` when
      the brain is for the source and `destination_reference` otherwise.
      
      With this new approach, instead of guessing we record the "is_source"
      information at indexing time, when we know this for sure.
      
      This also simplifies `MovementHistoryListBrain.date` and
      `MovementHistoryListBrain.mirror_date` which no longer need to guess
      the side and fix a problem that because this guessing was done using
      `movement.getSourceUid()` - which cause security errors when users can
      not access the source of the movement.
      e1ae4c69
    • Jérome Perrin's avatar
      worklfow: save state permissions sorted · f4cd9eb2
      Jérome Perrin authored
      When editing a state permission mapping the roles were not sorted,
      because WorkflowState_getPermissionMatrixContext uses a set. Sort
      before setting the attribute, to prevent useless diffs in ZODB history
      and business template.
      f4cd9eb2
  17. 27 Apr, 2023 1 commit