[jira] [Commented] (FINERACT-244) New Repayment Schedule Not Populating
[ https://issues.apache.org/jira/browse/FINERACT-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301378#comment-17301378 ] Yemdjih Kaze Nasser commented on FINERACT-244: -- Tried this in the demo server and the view populates properly. If you still facing this issue you try using the latest develop code or the very soon coming 1.5.0 release. > New Repayment Schedule Not Populating > - > > Key: FINERACT-244 > URL: https://issues.apache.org/jira/browse/FINERACT-244 > Project: Apache Fineract > Issue Type: Bug >Reporter: Dayna Harp >Assignee: Yemdjih Kaze Nasser >Priority: Major > Labels: Volunteer, confirm, gsoc > Fix For: 1.5.0 > > > Mifos - View Loan Account - More Drop Down - Reschedule > After complete Reschedule Loan Screen - Press Submit > View Loan reschedule request - then select View new Repayment Schedule > New Repayment Schedule Screen does not populate any information for > verification prior to accepting the change. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-244) New Repayment Schedule Not Populating
[ https://issues.apache.org/jira/browse/FINERACT-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yemdjih Kaze Nasser resolved FINERACT-244. -- Assignee: Yemdjih Kaze Nasser Resolution: Cannot Reproduce > New Repayment Schedule Not Populating > - > > Key: FINERACT-244 > URL: https://issues.apache.org/jira/browse/FINERACT-244 > Project: Apache Fineract > Issue Type: Bug >Reporter: Dayna Harp >Assignee: Yemdjih Kaze Nasser >Priority: Major > Labels: Volunteer, confirm, gsoc > Fix For: 1.5.0 > > > Mifos - View Loan Account - More Drop Down - Reschedule > After complete Reschedule Loan Screen - Press Submit > View Loan reschedule request - then select View new Repayment Schedule > New Repayment Schedule Screen does not populate any information for > verification prior to accepting the change. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-998) Validate Spring Data JPA *Repository methods
[
https://issues.apache.org/jira/browse/FINERACT-998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yemdjih Kaze Nasser updated FINERACT-998:
-
Description:
In [https://github.com/apache/fineract/pull/925] for FINERACT-997, [~saransh]
noticed that, apparently, the {{ProductToGLAccountMappingRepository}} had a
subtle method naming bug which made the query always return empty.
This made me curious if there wasn't something to make Spring Data JPA detect
this kind of problem by itself either (better) at build time, or (also OK)
while it starts up and component scans at runtime, and log a clear (ideally
fatal..) error about it.
Maybe this isn't possible, but it strikes me as a basic check Spring should do.
was:
In [https://github.com/apache/fineract/pull/925] for FINERACT-997, [~saransh]
noticed that, apparently, the {{ProductToGLAccountMappingRepository}} had a
subtle method naming bug which made the query always return empty.
This made me curious if there wasn't something to make Spring Data JPA detect
this kind of problem by itself either (better) at build time, or (also OK)
while it starts up and component scans at runtime, and log a clear (ideally
fatal..) error about it.
Maybe this isn't possible, but it strikes me as a basic check Spring should do.
> Validate Spring Data JPA *Repository methods
>
>
> Key: FINERACT-998
> URL: https://issues.apache.org/jira/browse/FINERACT-998
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Priority: Critical
>
> In [https://github.com/apache/fineract/pull/925] for FINERACT-997, [~saransh]
> noticed that, apparently, the {{ProductToGLAccountMappingRepository}} had a
> subtle method naming bug which made the query always return empty.
> This made me curious if there wasn't something to make Spring Data JPA detect
> this kind of problem by itself either (better) at build time, or (also OK)
> while it starts up and component scans at runtime, and log a clear (ideally
> fatal..) error about it.
> Maybe this isn't possible, but it strikes me as a basic check Spring should
> do.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (FINCN-261) The gallery and camera button are not directly opening their respective activities after accepting permission
Kinar Sharma created FINCN-261: -- Summary: The gallery and camera button are not directly opening their respective activities after accepting permission Key: FINCN-261 URL: https://issues.apache.org/jira/browse/FINCN-261 Project: Fineract Cloud Native Issue Type: Improvement Components: fineract-cn-mobile Environment: Android Studio, Ubuntu Reporter: Kinar Sharma Attachments: FINCN-261.mp4 The camera and gallery button are not directly opening their respective functionality after accepting the permission in the edit customer profile activity. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-261) The gallery and camera button are not directly opening their respective activities after accepting permission
[ https://issues.apache.org/jira/browse/FINCN-261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301282#comment-17301282 ] Kinar Sharma commented on FINCN-261: I'm working on this issue > The gallery and camera button are not directly opening their respective > activities after accepting permission > - > > Key: FINCN-261 > URL: https://issues.apache.org/jira/browse/FINCN-261 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Minor > Attachments: FINCN-261.mp4 > > Original Estimate: 2h > Remaining Estimate: 2h > > The camera and gallery button are not directly opening their respective > functionality after accepting the permission in the edit customer profile > activity. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-259) Keyboard issue in New/Edit Group
[ https://issues.apache.org/jira/browse/FINCN-259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301239#comment-17301239 ] Vatsal Patel commented on FINCN-259: Thanks > Keyboard issue in New/Edit Group > - > > Key: FINCN-259 > URL: https://issues.apache.org/jira/browse/FINCN-259 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_225821[1].mp4 > > Original Estimate: 10m > Remaining Estimate: 10m > > When user creates new group or edits group after step 1 if next is clicked > for step2 and 3 is it unnecessary to have keyboard until user wants to edit > members, hence keyboard should go down when next or back is clicked and user > enters 2nd or 3rd step -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINCN-260) Toast missing for FAB in Manage Roles list
Vatsal Patel created FINCN-260: -- Summary: Toast missing for FAB in Manage Roles list Key: FINCN-260 URL: https://issues.apache.org/jira/browse/FINCN-260 Project: Fineract Cloud Native Issue Type: Improvement Components: fineract-cn-mobile Reporter: Vatsal Patel As creating new roles is under construction it is better to add toast message for indication. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301237#comment-17301237 ] Kinar Sharma commented on FINCN-258: No problem:) > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > > As we can't create new roles it unnecessary to keep that fab that doesn't > responds. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-259) Keyboard issue in New/Edit Group
[ https://issues.apache.org/jira/browse/FINCN-259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301236#comment-17301236 ] Kinar Sharma commented on FINCN-259: Now, this is a good issue my friend, go ahead solve it:). > Keyboard issue in New/Edit Group > - > > Key: FINCN-259 > URL: https://issues.apache.org/jira/browse/FINCN-259 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_225821[1].mp4 > > Original Estimate: 10m > Remaining Estimate: 10m > > When user creates new group or edits group after step 1 if next is clicked > for step2 and 3 is it unnecessary to have keyboard until user wants to edit > members, hence keyboard should go down when next or back is clicked and user > enters 2nd or 3rd step -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301234#comment-17301234 ] Vatsal Patel commented on FINCN-258: Sure and thanks [~EGOR-IND] > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > > As we can't create new roles it unnecessary to keep that fab that doesn't > responds. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINCN-259) Keyboard issue in New/Edit Group
Vatsal Patel created FINCN-259: -- Summary: Keyboard issue in New/Edit Group Key: FINCN-259 URL: https://issues.apache.org/jira/browse/FINCN-259 Project: Fineract Cloud Native Issue Type: Bug Components: fineract-cn-mobile Reporter: Vatsal Patel Attachments: 20210314_225821[1].mp4 When user creates new group or edits group after step 1 if next is clicked for step2 and 3 is it unnecessary to have keyboard until user wants to edit members, hence keyboard should go down when next or back is clicked and user enters 2nd or 3rd step -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301233#comment-17301233 ] Kinar Sharma commented on FINCN-258: Yeah, that's a good point that it's not showing a toast, now we got a new issue you can add a toast for that button showing that it's under construction. Would you like to raise this issue and work on it? > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > > As we can't create new roles it unnecessary to keep that fab that doesn't > responds. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vatsal Patel closed FINCN-258. -- Resolution: Invalid > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > > As we can't create new roles it unnecessary to keep that fab that doesn't > responds. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301230#comment-17301230 ] Vatsal Patel commented on FINCN-258: Ok sorry but it was indicated in toast on editing loan and not even roles are opening up so i thought it as mistake. > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > > As we can't create new roles it unnecessary to keep that fab that doesn't > responds. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vatsal Patel updated FINCN-258: --- Description: As we can't create new roles it unnecessary to keep that fab that doesn't responds. > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > > As we can't create new roles it unnecessary to keep that fab that doesn't > responds. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301229#comment-17301229 ] Kinar Sharma commented on FINCN-257: Sorry mate I'm already working:) > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Attachments: FINCN-257.mp4 > > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301228#comment-17301228 ] Kinar Sharma commented on FINCN-258: It's not unnecessary, The thing is that the adding roles functionality is not constructed yet:) > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINCN-258) FAB in Manage Roles list is unnecessary
[ https://issues.apache.org/jira/browse/FINCN-258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vatsal Patel updated FINCN-258: --- Attachment: 20210314_224107[1].mp4 > FAB in Manage Roles list is unnecessary > --- > > Key: FINCN-258 > URL: https://issues.apache.org/jira/browse/FINCN-258 > Project: Fineract Cloud Native > Issue Type: Bug > Components: fineract-cn-mobile >Reporter: Vatsal Patel >Priority: Minor > Attachments: 20210314_224107[1].mp4 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301216#comment-17301216 ] Vatsal Patel edited comment on FINCN-257 at 3/14/21, 5:17 PM: -- [~EGOR-IND] can i work on this issue? was (Author: patelvatsalb21): [~EGOR-IND] can i work on this issue > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Attachments: FINCN-257.mp4 > > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301216#comment-17301216 ] Vatsal Patel commented on FINCN-257: [~EGOR-IND] can i work on this issue > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Attachments: FINCN-257.mp4 > > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINCN-258) FAB in Manage Roles list is unnecessary
Vatsal Patel created FINCN-258: -- Summary: FAB in Manage Roles list is unnecessary Key: FINCN-258 URL: https://issues.apache.org/jira/browse/FINCN-258 Project: Fineract Cloud Native Issue Type: Bug Components: fineract-cn-mobile Reporter: Vatsal Patel -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301211#comment-17301211 ] Kinar Sharma edited comment on FINCN-257 at 3/14/21, 4:59 PM: -- The problem is solved, there is a file size limit of 1MB I compressed my video many times to get it under 1MB XD. was (Author: egor-ind): The problem is solved, there is a file size limit of 1MB I compressed my video many to get it under 1MB XD > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Attachments: FINCN-257.mp4 > > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301211#comment-17301211 ] Kinar Sharma commented on FINCN-257: The problem is solved, there is a file size limit of 1MB I compressed my video many to get it under 1MB XD. > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Attachments: FINCN-257.mp4 > > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kinar Sharma updated FINCN-257: --- Attachment: FINCN-257.mp4 > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Attachments: FINCN-257.mp4 > > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-257) Browse button for uploading new identification card scan is opening camera
[ https://issues.apache.org/jira/browse/FINCN-257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301207#comment-17301207 ] Kinar Sharma commented on FINCN-257: [~jawidMuhammadi] I'm trying to upload a screen recording for this issue but it's showing an error and saying to contact to administrator. Is there any file size limit for upload? My file size is 1.5MB. > Browse button for uploading new identification card scan is opening camera > -- > > Key: FINCN-257 > URL: https://issues.apache.org/jira/browse/FINCN-257 > Project: Fineract Cloud Native > Issue Type: Improvement > Components: fineract-cn-mobile > Environment: Android Studio, Ubuntu >Reporter: Kinar Sharma >Priority: Major > Original Estimate: 3h > Remaining Estimate: 3h > > Browse button in the upload new identification card scan is opening camera > instead image browsing activity. There should be two button one for browsing > and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (FINCN-257) Browse button for uploading new identification card scan is opening camera
Kinar Sharma created FINCN-257: -- Summary: Browse button for uploading new identification card scan is opening camera Key: FINCN-257 URL: https://issues.apache.org/jira/browse/FINCN-257 Project: Fineract Cloud Native Issue Type: Improvement Components: fineract-cn-mobile Environment: Android Studio, Ubuntu Reporter: Kinar Sharma Browse button in the upload new identification card scan is opening camera instead image browsing activity. There should be two button one for browsing and another for taking picture. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1306) Reporting meta-data entry not found - All reports modules
[
https://issues.apache.org/jira/browse/FINERACT-1306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger resolved FINERACT-1306.
-
Resolution: Fixed
> Reporting meta-data entry not found - All reports modules
> -
>
> Key: FINERACT-1306
> URL: https://issues.apache.org/jira/browse/FINERACT-1306
> Project: Apache Fineract
> Issue Type: Bug
> Components: Reports
>Affects Versions: 1.5.0
>Reporter: Francis Guchie
>Assignee: Michael Vorburger
>Priority: Major
> Fix For: 1.5.0
>
> Attachments: image-2021-01-27-09-41-45-780.png
>
>
> [https://ipaddress/fineract-provider/api/v1/runreports/reportCategoryList?R_reportCategory=Fund=false=true|https://diprom.biz/fineract-provider/api/v1/runreports/reportCategoryList?R_reportCategory=Fund=false=true]
> One gets the response payload below
> {
> "developerMessage": "The requested resource is not available.",
> "httpStatusCode": "404",
> "defaultUserMessage": "The requested resource is not available.",
> "userMessageGlobalisationCode": "error.msg.resource.not.found",
> "errors": [
> {
> "developerMessage": "Reporting meta-data entry not found.",
> "defaultUserMessage": "Reporting meta-data entry not found.",
> "userMessageGlobalisationCode": "error.msg.report.name.not.found",
> "parameterName": "id",
> "value": null,
> "args": [
> { "value": "Report Name: reportCategoryList" }
> ]
> }
> ]
> }
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (FINERACT-1327) Report Names with trailing and leading spaces
[ https://issues.apache.org/jira/browse/FINERACT-1327?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Vorburger resolved FINERACT-1327. - Resolution: Fixed > Report Names with trailing and leading spaces > - > > Key: FINERACT-1327 > URL: https://issues.apache.org/jira/browse/FINERACT-1327 > Project: Apache Fineract > Issue Type: Bug > Components: Reports >Affects Versions: 1.4.0 >Reporter: Francis Guchie >Assignee: Francis Guchie >Priority: Major > Fix For: 1.5.0 > > > Some report names shipped in fineract under table stretchy report come with > leading or trailing spaces. We need to have a migration script that cleans > any such reports -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-618) Allow for Submitted On Date to be Edited for Groups
[ https://issues.apache.org/jira/browse/FINERACT-618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301170#comment-17301170 ] YEMPABOU SAMUEL ARISTIDE NIDJERGOU commented on FINERACT-618: - Hello all. Am pretty new in the community and Am starting backing developing after 5 years pause. So sorry if my question is a bit silly. Do I deploy the fix buy just : 1. taking the updated java files 2. rebuild .class files 3. replace .class files in my local reposritory by new ones 4. restart tomcat ? > Allow for Submitted On Date to be Edited for Groups > --- > > Key: FINERACT-618 > URL: https://issues.apache.org/jira/browse/FINERACT-618 > Project: Apache Fineract > Issue Type: Improvement > Components: Groups >Affects Versions: 1.1.0 >Reporter: Ed Cable >Assignee: Santosh Math >Priority: Minor > Labels: GCI, Newbie, Volunteer, beginner, gsoc, p1 > Fix For: 1.3.0 > > > Just as one can edit the submitted on date for a client after it's been > created, so should a user be able to edit the submitted on date for a group > after it's been created. > Corresponding UI ticket on Github Issues for Mifos X Web App. > As requested by Diane on the mailing list at -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1034) RSA Encryption
[ https://issues.apache.org/jira/browse/FINERACT-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301160#comment-17301160 ] Aleksandar Vidakovic commented on FINERACT-1034: (y) > RSA Encryption > -- > > Key: FINERACT-1034 > URL: https://issues.apache.org/jira/browse/FINERACT-1034 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj >Assignee: Manoj >Priority: Minor > > Add RSA key generation API and decryption infra for requests that require > encryption from source such as biometric, authentication etc.. Also create a > self expiring keystore -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINCN-256) fineract-cn-docker-compose>provisioner-ms doesn't start
[
https://issues.apache.org/jira/browse/FINCN-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301102#comment-17301102
]
Michael Vorburger commented on FINCN-256:
-
[~bum] you've filed this issue in the wrong Jira project - this needs to be in
FINCN not FINERACT; I've moved it.
> fineract-cn-docker-compose>provisioner-ms doesn't start
> ---
>
> Key: FINCN-256
> URL: https://issues.apache.org/jira/browse/FINCN-256
> Project: Fineract Cloud Native
> Issue Type: Bug
> Components: fineract-cn-docker-compose
> Environment: os: centos 7
> docker: 20.10.3
> java: 1.8.0_282
>Reporter: m
>Priority: Critical
>
> Tried to install
> [fineract-cn-docker-compose|https://github.com/apache/fineract-cn-docker-compose/]
> but
> "docker-compose up provisioner-ms" gives error like(bash start-up.sh also
> gives same error):
>
> {code:java}
> 01:43:59.913 [main] WARN o.eclipse.jetty.webapp.WebAppContext - Failed
> startup of context
> o.s.b.c.e.j.JettyEmbeddedWebAppContext@51acdf2e{/provisioner/v1,file:///tmp/jetty-docbase.8089165777575731020.2020/,UNAVAILABLE}01:43:59.913
> [main] WARN o.eclipse.jetty.webapp.WebAppContext - Failed startup of
> context
> o.s.b.c.e.j.JettyEmbeddedWebAppContext@51acdf2e{/provisioner/v1,file:///tmp/jetty-docbase.8089165777575731020.2020/,UNAVAILABLE}org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'org.apache.fineract.cn.anubis.config.AnubisSecurityConfigurerAdapter':
> Unsatisfied dependency expressed through method 'configureGlobal' parameter
> 1; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.fineract.cn.anubis.security.IsisAuthenticatedAuthenticationProvider':
> Unsatisfied dependency expressed through constructor parameter 1; nested
> exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.fineract.cn.anubis.provider.TenantRsaKeyProvider': Unsatisfied
> dependency expressed through constructor parameter 0; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.fineract.cn.anubis.repository.TenantAuthorizationDataRepository':
> Unsatisfied dependency expressed through constructor parameter 1; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'cassandraSessionProvider' defined in
> org.apache.fineract.cn.cassandra.config.CassandraConnectorConfiguration: Bean
> instantiation via factory method failed; nested exception is
> org.springframework.beans.BeanInstantiationException: Failed to instantiate
> [org.apache.fineract.cn.cassandra.core.CassandraSessionProvider]: Factory
> method 'cassandraSessionProvider' threw exception; nested exception is
> com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s)
> tried for query failed (tried: cassandra:9042
> (com.datastax.driver.core.exceptions.TransportException: [null] Cannot
> connect)) at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:648)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:349)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1219)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> {code}
> Cassandra is working on 9042 by docker, put 127.0.0.1 cassandra in /etc/hosts
> .env file created normally(tried UNIX and SPRING key), docker-compose config
> shows all keys with docker-compose.yml file.
>
> Working images:
> * cassandra:3.11
> * rmohr/activemq:5.14.5
> * postgres:11
> * anh3h/eureka-server:latest
>
[jira] [Moved] (FINCN-256) fineract-cn-docker-compose>provisioner-ms doesn't start
[
https://issues.apache.org/jira/browse/FINCN-256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger moved FINERACT-1318 to FINCN-256:
---
Component/s: (was: Build)
fineract-cn-docker-compose
Key: FINCN-256 (was: FINERACT-1318)
Workflow: Default workflow, editable Closed status (was: Fineract Copy
of jira)
Project: Fineract Cloud Native (was: Apache Fineract)
> fineract-cn-docker-compose>provisioner-ms doesn't start
> ---
>
> Key: FINCN-256
> URL: https://issues.apache.org/jira/browse/FINCN-256
> Project: Fineract Cloud Native
> Issue Type: Bug
> Components: fineract-cn-docker-compose
> Environment: os: centos 7
> docker: 20.10.3
> java: 1.8.0_282
>Reporter: m
>Priority: Critical
>
> Tried to install
> [fineract-cn-docker-compose|https://github.com/apache/fineract-cn-docker-compose/]
> but
> "docker-compose up provisioner-ms" gives error like(bash start-up.sh also
> gives same error):
>
> {code:java}
> 01:43:59.913 [main] WARN o.eclipse.jetty.webapp.WebAppContext - Failed
> startup of context
> o.s.b.c.e.j.JettyEmbeddedWebAppContext@51acdf2e{/provisioner/v1,file:///tmp/jetty-docbase.8089165777575731020.2020/,UNAVAILABLE}01:43:59.913
> [main] WARN o.eclipse.jetty.webapp.WebAppContext - Failed startup of
> context
> o.s.b.c.e.j.JettyEmbeddedWebAppContext@51acdf2e{/provisioner/v1,file:///tmp/jetty-docbase.8089165777575731020.2020/,UNAVAILABLE}org.springframework.beans.factory.UnsatisfiedDependencyException:
> Error creating bean with name
> 'org.apache.fineract.cn.anubis.config.AnubisSecurityConfigurerAdapter':
> Unsatisfied dependency expressed through method 'configureGlobal' parameter
> 1; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.fineract.cn.anubis.security.IsisAuthenticatedAuthenticationProvider':
> Unsatisfied dependency expressed through constructor parameter 1; nested
> exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.fineract.cn.anubis.provider.TenantRsaKeyProvider': Unsatisfied
> dependency expressed through constructor parameter 0; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.fineract.cn.anubis.repository.TenantAuthorizationDataRepository':
> Unsatisfied dependency expressed through constructor parameter 1; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'cassandraSessionProvider' defined in
> org.apache.fineract.cn.cassandra.config.CassandraConnectorConfiguration: Bean
> instantiation via factory method failed; nested exception is
> org.springframework.beans.BeanInstantiationException: Failed to instantiate
> [org.apache.fineract.cn.cassandra.core.CassandraSessionProvider]: Factory
> method 'cassandraSessionProvider' threw exception; nested exception is
> com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s)
> tried for query failed (tried: cassandra:9042
> (com.datastax.driver.core.exceptions.TransportException: [null] Cannot
> connect)) at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:648)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:349)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1219)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> {code}
> Cassandra is working on 9042 by docker, put 127.0.0.1 cassandra in /etc/hosts
> .env file created normally(tried UNIX and SPRING key), docker-compose config
> shows all keys
[jira] [Updated] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Vorburger updated FINERACT-1058: Fix Version/s: (was: 1.5.0) > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Priority: Major > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Vorburger reassigned FINERACT-1058: --- Assignee: (was: Manthan Surkar) > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Priority: Major > Fix For: 1.5.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1058) Add support for "limit" and "order by" query in SQLBuilder
[ https://issues.apache.org/jira/browse/FINERACT-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301100#comment-17301100 ] Michael Vorburger commented on FINERACT-1058: - [~aleks] as this issue has not been worked on in ~9 months, it should not block the 1.5.0 release; I've removed the Fix Version and removed the FINERACT-1305 link. I've also Stopped Progress, and un-assigned it from [~manthan] to make it clear that this is open to be picked up by anyone else interested. This is NOT completed, [https://github.com/apache/fineract/pull/1123] was just a first step on this. It would need FINERACT-1095 and more. > Add support for "limit" and "order by" query in SQLBuilder > --- > > Key: FINERACT-1058 > URL: https://issues.apache.org/jira/browse/FINERACT-1058 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manthan Surkar >Assignee: Manthan Surkar >Priority: Major > Fix For: 1.5.0 > > Attachments: screenshot-1.png > > > This is in continuation of the work done by [~vorburger] in > https://github.com/apache/fineract/pull/725 > The SQL builder currently does not support limit and order by operation. We > can either keep the operations independent of SQLbuilder (which is certainly > not recommended imo) or add it as a part of it. > WDYT [~vorburger] [~awasum] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (FINERACT-1034) RSA Encryption
[ https://issues.apache.org/jira/browse/FINERACT-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Vorburger updated FINERACT-1034: Fix Version/s: (was: 1.5.0) > RSA Encryption > -- > > Key: FINERACT-1034 > URL: https://issues.apache.org/jira/browse/FINERACT-1034 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj >Assignee: Manoj >Priority: Minor > > Add RSA key generation API and decryption infra for requests that require > encryption from source such as biometric, authentication etc.. Also create a > self expiring keystore -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FINERACT-1034) RSA Encryption
[ https://issues.apache.org/jira/browse/FINERACT-1034?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301099#comment-17301099 ] Michael Vorburger commented on FINERACT-1034: - [~aleks] as this issue has not been worked on in ~9 months, it should not block the 1.5.0 release; I've removed the Fix Version and removed the FINERACT-1305 link. > RSA Encryption > -- > > Key: FINERACT-1034 > URL: https://issues.apache.org/jira/browse/FINERACT-1034 > Project: Apache Fineract > Issue Type: Improvement >Reporter: Manoj >Assignee: Manoj >Priority: Minor > Fix For: 1.5.0 > > > Add RSA key generation API and decryption infra for requests that require > encryption from source such as biometric, authentication etc.. Also create a > self expiring keystore -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (FINERACT-1156) SQL injection error with Run Reports
[
https://issues.apache.org/jira/browse/FINERACT-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger resolved FINERACT-1156.
-
Resolution: Fixed
> SQL injection error with Run Reports
>
>
> Key: FINERACT-1156
> URL: https://issues.apache.org/jira/browse/FINERACT-1156
> Project: Apache Fineract
> Issue Type: Bug
>Reporter: Manthan Surkar
>Assignee: Manthan Surkar
>Priority: Major
> Fix For: 1.5.0
>
> Attachments: screenshot-1.png
>
>
> As reported by Matt
> He faced the SQL injection error while trying to run reports for Active Loans
> (Pentaho).
> After investigating a bit, I found all the report names that had a "(" faced
> this issue, this turns out to be a problem with the regex that was designed
> to accept the report names.
> !screenshot-1.png!
> Unrelated:
> This module has a lot of SQL string concatenation and a good place to use our
> SQLbuilder module ( I will take this)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301098#comment-17301098
]
Michael Vorburger commented on FINERACT-1095:
-
[~aleks] as this issue has not been worked on in ~9 months, it should not block
the 1.5.0 release; I've removed the Fix Version and removed the FINERACT-1305
link.
I've also Stopped Progress, and un-assigned it from [~manthan] to make it clear
that this is open to be picked up by anyone else interested.
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
> Fix For: 1.5.0
>
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in
[jira] [Assigned] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger reassigned FINERACT-1095:
---
Assignee: (was: Manthan Surkar)
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Priority: Major
> Fix For: 1.5.0
>
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly defend
> {{sqlSearch}}. If not, let's just completely remove it. We do have to first
> replace the small current use in the community-app.
> PS: Nota bene that this issue isn't stating that a REST API with query
> capabilities is bad per se. The point here is that an "SQL pass-through" is
>
[jira] [Updated] (FINERACT-1095) Remove direct sqlSearch support from /clients and all other APIs [Security & Performance]
[
https://issues.apache.org/jira/browse/FINERACT-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger updated FINERACT-1095:
Fix Version/s: (was: 1.5.0)
> Remove direct sqlSearch support from /clients and all other APIs [Security &
> Performance]
> -
>
> Key: FINERACT-1095
> URL: https://issues.apache.org/jira/browse/FINERACT-1095
> Project: Apache Fineract
> Issue Type: Improvement
>Reporter: Michael Vorburger
>Priority: Major
>
> While code reviewing PRs from [~Manthan] such as
> [https://github.com/apache/fineract/pull/1171/files] and
> [https://github.com/apache/fineract/pull/1123/files] re. FINERACT-854, I've
> learnt about Fineract's support for an {{sqlSearch}} parameter on a number of
> its APIs, such as {{/clients}} (and others).
> According to
> [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm] :
> {quote}_sqlSearch
> String optional
> Use an sql fragment valid for the underlying client schema to filter
> results. e.g. display_name like %K%
> {quote}
> [https://github.com/apache/fineract/search?p=2=sqlSearch_q=sqlSearch]
> shows all current occurrences. There are a number, but not THAT many either.
> (By far not every API supports this, only a handful.)
> This can be used e.g. like this:
> [https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true=c.account_no=3=default]
> To me, this is an egregious violation of "layering architecture". Basically,
> the REST API gives you direct SQL database access! You apparently have to
> know the exact name of not the SQL table but the alias used in the respective
> internally hard-coded query (note the use of {{c.}} in the example above, NOT
> {{m_client}}), and the internal SQL column name (note the use of
> {{account_no}}, NOT {{accountNo}}). There is no real documentation how to use
> this, and even if there were, in my tests I've noticed its fairly easy to
> provoke _500 Internal Server Errors_ when using {{sqlSearch}} with a slightly
> wrong syntax.
> From a security point of view, it's not quite as bad as it looks, because
> there is code with heuristics to "validate" the {{sqlSearch}} and prevent SQL
> Injections. But that could have holes (I don't want to know!), so... this
> still isn't great, at all, IMHO.
> From a performance point of view, permitting clients to run arbitrary queries
> isn't great either. You can't really reliable offer performance guarantees,
> or offer tuning with indices, if at the end of the day the wide open API just
> lets a client "query whatever they want" anyway.
> Use of {{sqlSearch}} by (public) API clients isn't that hard to find. I did
> some digging, and:
> * The new web-app UI doesn't use sqlSearch (or not yet), see
> [https://github.com/openMF/web-app/search?q=sqlSearch_q=sqlSearch]
> * The old community-app UI does use sqlSearch, see
> [https://github.com/openMF/community-app/search?p=1=sqlSearch_q=sqlSearch].
> But only in 2 very specific places, for Loans' {{l.loan_status_id in
> (100,200)}} and Clients' {{c.status_enum=100}}. This was apparently
> introduced by [~vishwasbabu] in
> [https://github.com/openMF/community-app/pull/1582|https://github.com/openMF/community-app/pull/1582/files]
> for [MIFOSX-2712.|https://mifosforge.jira.com/browse/MIFOSX-2712.] It's
> noteworthy that the Find on
> [https://cui.fineract.dev/.../clients|https://cui.fineract.dev/?baseApiUrl=https://demo.fineract.dev=default#/clients]
> does NOT use {{sqlSearch}} but the [/search
> API|https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#search]
> * other repos on openMF, such as Mobile Apps & Co, don't realy seem to
> actively use {{sqlSearch}}, looking at
> [https://github.com/search?p=7=org%3AopenMF+sqlSearch=Code]
> Other than that, I don't know if anyone actively using {{sqlSearch}} would
> have any major objections to... just simply altogether removing this
> entirely? Folks may of course be using this in their own client UIs, but...
> they really shouldn't, this is a "bad" API. If you are missing a query
> facility, just contribute to the upstream project and raise a pull request to
> add whatever query option you are missing to whatever Fineract API (such as
> e.g. by status for Loans and Clients).
> Let's further discuss on the developer mailing list on thread "Use of
> sqlSearch argument in Groups/Clients List" if anyone wants to strongly defend
> {{sqlSearch}}. If not, let's just completely remove it. We do have to first
> replace the small current use in the community-app.
> PS: Nota bene that this issue isn't stating that a REST API with query
> capabilities is bad per se. The point here is that an "SQL pass-through" is
> wrong. We can, and to replace current
[jira] [Commented] (FINERACT-854) Use prepared statements instead of string concatenated SQL everywhere
[
https://issues.apache.org/jira/browse/FINERACT-854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301097#comment-17301097
]
Michael Vorburger commented on FINERACT-854:
[~aleks] as this issue has not been worked on in ~9 months, it should not block
the 1.5.0 release; I've removed the Fix Version and removed the FINERACT-1305
link.
I've also Stopped Progress, and un-assigned it from [~manthan] to make it clear
that this is open to be picked up by anyone else interested.
> Use prepared statements instead of string concatenated SQL everywhere
> -
>
> Key: FINERACT-854
> URL: https://issues.apache.org/jira/browse/FINERACT-854
> Project: Apache Fineract
> Issue Type: Improvement
> Components: Security
>Reporter: Michael Vorburger
>Assignee: Manthan Surkar
>Priority: Major
> Labels: beginner, scalability, security, technical
> Fix For: 1.5.0
>
>
> The Fineract code base in many places creates SQL statements through String
> concatenation. This is prone to SQL injection. This is mitigated by the use
> of helpers utilities such as
> {{org.apache.fineract.infrastructure.core.api.ApiParameterHelper.sqlEncodeString(String)}}
> and
> {{org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput(String)}}
> but I opine that those are workarounds... the better solution, both for
> security and likely also helping with performance (at least a little bit,
> knowing how much would require measuring it...), would be to use JDBC
> prepared statements with '?' placeholders and passing all raw arguments,
> instead of embedding them in the query String.
> FINERACT-808 root cause analysis brought this up, and I'm about to raise a PR
> for FINERACT-808 which makes a start; the goal of this issue is to use the
> new {{org.apache.fineract.infrastructure.security.utils.SQLBuilder}}
> everywhere, and eventually be able to get completely rid of
> {{ApiParameterHelper}} and {{SQLInjectionValidator}}.
> This issue should also include work to scan the code base for places where
> SQL Strings are concatenated without even using the existing helpers.
> FINERACT-853 could potentially help with that.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (FINERACT-854) Use prepared statements instead of string concatenated SQL everywhere
[
https://issues.apache.org/jira/browse/FINERACT-854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger reassigned FINERACT-854:
--
Assignee: (was: Manthan Surkar)
> Use prepared statements instead of string concatenated SQL everywhere
> -
>
> Key: FINERACT-854
> URL: https://issues.apache.org/jira/browse/FINERACT-854
> Project: Apache Fineract
> Issue Type: Improvement
> Components: Security
>Reporter: Michael Vorburger
>Priority: Major
> Labels: beginner, scalability, security, technical
> Fix For: 1.5.0
>
>
> The Fineract code base in many places creates SQL statements through String
> concatenation. This is prone to SQL injection. This is mitigated by the use
> of helpers utilities such as
> {{org.apache.fineract.infrastructure.core.api.ApiParameterHelper.sqlEncodeString(String)}}
> and
> {{org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator.validateSQLInput(String)}}
> but I opine that those are workarounds... the better solution, both for
> security and likely also helping with performance (at least a little bit,
> knowing how much would require measuring it...), would be to use JDBC
> prepared statements with '?' placeholders and passing all raw arguments,
> instead of embedding them in the query String.
> FINERACT-808 root cause analysis brought this up, and I'm about to raise a PR
> for FINERACT-808 which makes a start; the goal of this issue is to use the
> new {{org.apache.fineract.infrastructure.security.utils.SQLBuilder}}
> everywhere, and eventually be able to get completely rid of
> {{ApiParameterHelper}} and {{SQLInjectionValidator}}.
> This issue should also include work to scan the code base for places where
> SQL Strings are concatenated without even using the existing helpers.
> FINERACT-853 could potentially help with that.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (FINERACT-1274) A standard email field should be included on the client creation form
[ https://issues.apache.org/jira/browse/FINERACT-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17301096#comment-17301096 ] Michael Vorburger commented on FINERACT-1274: - [~wmkalema] I'm not sure - you could/should check, if you are interested in working on this! You don't have to ask me, you just... go ahead, and "do, don't ask". :P Looking at "Client" on [https://demo.fineract.dev/fineract-provider/swagger-ui/index.html], I do see an "emailAddress" there. (I'm not sure what "writeOnly: true" refers to there - can it only be set, not read?!) [https://demo.fineract.dev/fineract-provider/api-docs/apiLive.htm#clients_create] does not document an "emailAddress". > A standard email field should be included on the client creation form > - > > Key: FINERACT-1274 > URL: https://issues.apache.org/jira/browse/FINERACT-1274 > Project: Apache Fineract > Issue Type: New Feature > Components: Client >Reporter: Javier Borkenztain >Priority: Major > > A standard email field should be included on the client creation form so we > can have an email where to send notifications. > > Related with this issue: https://issues.apache.org/jira/browse/FINERACT-1273 -- This message was sent by Atlassian Jira (v8.3.4#803005)
