- 08 Sep, 2023 7 commits
-
-
Jérome Perrin authored
- switch to programmatic creation of DOM element using domsugar instead of using handlebars which needs CSP - use gadget_html_viewer to display post contents - more translation support
-
Jérome Perrin authored
To work 100% this needs "style-src: unsafe-inline" in the CSP, without this the popup on hover does not show the series color - which in our case is better than using the CSP. also drop obsolete appcache, browsers no longer use this. reference: https://github.com/apache/echarts/issues/16610
-
Gabriel Monnerat authored
-
Jérome Perrin authored
it was same as testSupportRequestPanelTranslation, but with less assertion, probably I made a mistake in renaming
-
Jérome Perrin authored
Using "Number" was not good for translations and maybe not so good in english either.
-
Jérome Perrin authored
Using verifyImageMatchSnapshot with 20 is sometimes not enough to detect some significant differences
-
Jérome Perrin authored
these are not used anymore
-
- 07 Sep, 2023 2 commits
-
-
Vincent Pelletier authored
Base_callDialogMethod may not provide REQUEST nor RESPONSE, and may provide other arguments. Make the former optional, ignore the latter, and fallback on RequestContainer's magic when REQUEST is None.
-
Yusei Tahara authored
<dtml-sqlvar "None" type=nb> should be 'null'.
-
- 06 Sep, 2023 1 commit
-
-
Jérome Perrin authored
Fixes `Uncaught Error: Language id "vs.editor.nullLanguage" is not configured nor known` errors with html using script type handlebars
-
- 04 Sep, 2023 7 commits
-
-
Vincent Pelletier authored
During the response process (especially setBody), HTTPResponse accesses and updates some response headers in its "headers" property (a dictionary). addHeader puts the response headers in a list which will not be updated by HTTPResponse. This is "more correct" from an RFC perspective, as any header specified as being a sequence of values delimited by commas may be split among multiple headers. So, keep using addHeader by default, but special-case some headers which are accessed and must be successfully updated by HTTPResponse itself so that those headers are set using setHeader, which updates the "headers" property.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For better compatibility, as not all templates may be reconfigured to post in application/x-www-form-urlencoded. Also, tolerate a missing Content-Type request header, treating as an unhandler type instead of raising a KeyError exception.
-
Vincent Pelletier authored
Fernet tokens are urlsafe-base64-encoded, so re-encoding them is useless. This change breaks compabitility with what should be a transient login state (lasting as long as the login form is opened in any browser). So the consequence is that a user failing to authenticate will be redirected to a safe location (ex: the website's home page) instead of getting to the login form again. This should not be worth either a systematic double-decrypting (which could lead to harder to debug decryption errors) or some heuristic trying to guess if the value is in fact double-encoded.
-
Vincent Pelletier authored
For simplicity and readability.
-
Vincent Pelletier authored
When there is no enabled extractor plugin, PAS internally uses the DumbHTTPExtractor class. When installing the OAuth2 resource server plugin, it activates itself as an extractor, disabling this default mechanism. This is most likely unexpected to the admin, so in such situation create & enable the ERP5 plugin which inherits from DumbHTTPExtractor, to preserve basic authentiation. If such plugin exists but is disabled, assume the admin forgot to enable it, and do it for them. If any extraction plugin is already enabled, do nothing new.
-
Jérome Perrin authored
`state_var` is now a compatibility alias calling getStateVariable, which has a default value of `simulation_state`. As a result, this script was attempting to call getSimulationStateTranslatedTitle on credential requests, because they have an interaction workflow in their chain. This fixes by implementing the full logic using new ERP5 workflow API.
-
- 28 Aug, 2023 2 commits
-
-
Rafael Monnerat authored
See merge request nexedi/erp5!1814
-
Léo-Paul Géneau authored
See merge request !1817 Fix loitering trajectory when the drone is closer to the center than the required radius.
-
- 25 Aug, 2023 1 commit
-
-
Yusei Tahara authored
<dtml-sqlvar "None" type=string> should be 'null', not 'None'.
-
- 24 Aug, 2023 4 commits
-
-
Levin Zimmermann authored
When using the public API of pandas (which is partially allowed in restricted python), it can happen that this public API raises the error 'pytz.NonExistentTimeError' [1]. Users should be allowed to import and therefore catch this exception. Before this patch we could only do: >>> try: ... ts.tz_localize(tz) ... except Exception: ... ... After this patch we can do; >>> try: ... ts.tz_localize(tz) ... except pytz.NonExistentTimeError: ... ... pytz delivers more exceptions which are all equally harmless. We can therefore in the same patch also allow them, as they may be useful for similar cases. This patch also comes with tests which ensure that the allowed exceptions can be imported into restricted python and also a test to ensure no other objects in the pytz namespace can be used. --- [1] https://pandas.pydata.org/pandas-docs/version/2.0.3/reference/api/pandas.Series.tz_localize.html /reviewed-by @jerome /reviewed-on !1802
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Vincent Pelletier authored
When an activity failure happens, the SQL row is updated: - date is set to a future value, so the activity does not get retried immediately, in the expectation that what caused the failure may have cleared by that point. - retry is incremented, to allow limiting the total number of retries - priority is incremented This last point seems harder to justify, and seems redundant with the date increase. In the context of processing node families and with a steady influx of similar activities at a base priority level, such priority increment can postpone the victim activity execution to an arbitrarily large amount of time, which is undesirable. So, remove this increment.
-
- 23 Aug, 2023 2 commits
-
-
Roque authored
See merge request nexedi/erp5!1809
-
Léo-Paul Géneau authored
-
- 22 Aug, 2023 1 commit
-
-
Rafael Monnerat authored
The implementation only works with ERP5 Login, since it is the only portal type that holds password in ERP5. Other implementations are password-less: Certificate Login, Google Login and Facebook Login, so they cannot have their password reset anyway. It is overkill split the login on multiple categorization, to use some portal group (ie: getPortalLoginPortalTypeThatCanResetPassord...) until we have a a clear usecase.
-
- 21 Aug, 2023 1 commit
-
-
Jérome Perrin authored
See merge request nexedi/erp5!1796
-
- 18 Aug, 2023 2 commits
-
-
Roque authored
See merge request nexedi/erp5!1810
-
Roque authored
- drop console logs - update api doc - refine init map coordinates - crash drone if logic is empty - jslint
-
- 16 Aug, 2023 1 commit
-
-
Yusei Tahara authored
sqlvar type="nb" was broken by sqlvar patch without being noticed, thus test is required. See commit ebdc34d4.
-
- 15 Aug, 2023 3 commits
-
-
Roque authored
-
Rafael Monnerat authored
See merge request nexedi/erp5!1811
-
Rafael Monnerat authored
See merge request nexedi/erp5!1812
-
- 11 Aug, 2023 1 commit
-
-
Rafael Monnerat authored
Redirect with error level, to display the notification properly displayed as error
-
- 10 Aug, 2023 5 commits
-
-
Rafael Monnerat authored
-
Rafael Monnerat authored
-
Rafael Monnerat authored
rather them use person directly to Manage it. It might allow an user use more them one certificate to authenticate. An Unique reference is set whenever issue a certificate, this prevents conflicts if the transaction is restarted/retry after getNewCertificate is already called, since we cannot rollback the call to openssl. Include and improve test coverage
-
Rafael Monnerat authored
if a duplicated certificate (with same CN) is eventually generated by a bug or external tool (for whatever reason), revoke should revoke them all.
-
Roque authored
See merge request nexedi/erp5!1807
-