[jira] [Commented] (OFBIZ-11535) Convert AutoPaymentTests.xml to Groovy

2020-07-03 Thread Pawan Verma (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151191#comment-17151191
 ] 

Pawan Verma commented on OFBIZ-11535:
-

Works well for me, +1 for commit.

> Convert AutoPaymentTests.xml to Groovy
> --
>
> Key: OFBIZ-11535
> URL: https://issues.apache.org/jira/browse/OFBIZ-11535
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Rohit Hukkeri
>Assignee: Akash Jain
>Priority: Minor
> Attachments: OFBIZ-11535.patch
>
>
> Convert AutoPaymentTests XML file to Groovy.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Closed] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread Michael Brohl (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-11848.
-
Resolution: Fixed

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151037#comment-17151037
 ] 

ASF subversion and git services commented on OFBIZ-11848:
-

Commit b791dca9e7dc63d4ed07d5ca5ea873b173c0645e in ofbiz-framework's branch 
refs/heads/release18.12 from Michael Brohl
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b791dca ]

Fixed: Added missing AJP connector property introduced for Tomcat 9.0.31
(OFBIZ-11848)

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Comment Edited] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread Michael Brohl (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151031#comment-17151031
 ] 

Michael Brohl edited comment on OFBIZ-11848 at 7/3/20, 3:37 PM:


I am proposing the following changes according to the migration guide 
([https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x)]

In 9.0.31 onwards, the default listen address of the AJP Connector was changed 
to the loopback address rather than all addresses.

-> No change necessary in OFBiz

In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was 
deprecated and replaced by the secret attribute.

-> Proposed change: add property with empty value.

In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. 
If set to true, the default, the AJP Connector will not start unless a secret 
has been specified.

-> Proposed change: set to false (default is true) to keep the older state.

In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to 
the AJP Connector. Requests with unrecognised attributes will now be blocked 
with a 403.

-> Proposed change: add property with wildcard pattern set to ".*"


was (Author: mbrohl):
I am proposing the following changes according to the migration guide 
([https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x)]

In 9.0.31 onwards, the default listen address of the AJP Connector was changed 
to the loopback address rather than all addresses.

-> No change necessary in OFBiz, the specified address is 0.0.0.0.

In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was 
deprecated and replaced by the secret attribute.

-> Proposed change: add property with empty value.

In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. 
If set to true, the default, the AJP Connector will not start unless a secret 
has been specified.

-> Proposed change: set to false (default is true) to keep the older state.

In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to 
the AJP Connector. Requests with unrecognised attributes will now be blocked 
with a 403.

-> Proposed change: add property with wildcard pattern set to ".*"

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151036#comment-17151036
 ] 

ASF subversion and git services commented on OFBIZ-11848:
-

Commit accca2d388300a363c3ff49f1c52c4c9da3731b4 in ofbiz-framework's branch 
refs/heads/release17.12 from Michael Brohl
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=accca2d ]

Fixed: Added missing AJP connector property introduced for Tomcat 9.0.31
(OFBIZ-11848)

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11862) BigDecimal casting in Groovy

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150838#comment-17150838
 ] 

ASF subversion and git services commented on OFBIZ-11862:
-

Commit efc016e5c933469d863650c7af307ac4810b8142 in ofbiz-framework's branch 
refs/heads/trunk from Pawan Verma
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=efc016e ]

Fixed: BigDecimal casting in Groovy (OFBIZ-11862)

Sometimes use wrong type castings for BigDecimal:

Used BigDecimal.ZERO and BigDecimal.ONE instead.


> BigDecimal casting in Groovy
> 
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
>  Issue Type: Bug
>  Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute 
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
>  in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding 
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the 
> default type is always 
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>  
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to 
> cast in R18, nothing in R17



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151035#comment-17151035
 ] 

ASF subversion and git services commented on OFBIZ-11848:
-

Commit dfbcf595ca3eab6371ee489dcc746a3350e56956 in ofbiz-framework's branch 
refs/heads/trunk from Michael Brohl
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=dfbcf59 ]

Fixed: Adds missing AJP connector property introduced for Tomcat 9.0.31
(OFBIZ-11848)

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Reopened] (OFBIZ-11862) BigDecimal casting in Groovy

2020-07-03 Thread Pawan Verma (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pawan Verma reopened OFBIZ-11862:
-
  Assignee: Pawan Verma  (was: Jacques Le Roux)

Reopening to use BigDecimal.ZERO instead of 0 as BigDecimal.

> BigDecimal casting in Groovy
> 
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
>  Issue Type: Bug
>  Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute 
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
>  in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding 
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the 
> default type is always 
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>  
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to 
> cast in R18, nothing in R17



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread Michael Brohl (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151034#comment-17151034
 ] 

Michael Brohl commented on OFBIZ-11848:
---

Only the last entry allowedRequestAttributesPattern needs action because we 
already had updated some of the properties before.

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Assigned] (OFBIZ-11541) Convert testDepositWithdrawPaymentsInSingleTrans test from XML to Groovy

2020-07-03 Thread Akash Jain (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Akash Jain reassigned OFBIZ-11541:
--

Assignee: Akash Jain  (was: Anushi Gupta)

> Convert testDepositWithdrawPaymentsInSingleTrans test from XML to Groovy
> 
>
> Key: OFBIZ-11541
> URL: https://issues.apache.org/jira/browse/OFBIZ-11541
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Rohit Hukkeri
>Assignee: Akash Jain
>Priority: Minor
>
> Convert testDepositWithdrawPaymentsInSingleTrans test from XML to Groovy



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Assigned] (OFBIZ-11542) Convert testSetFinAccountTransStatus test from XML to Groovy

2020-07-03 Thread Akash Jain (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Akash Jain reassigned OFBIZ-11542:
--

Assignee: Akash Jain  (was: Anushi Gupta)

> Convert testSetFinAccountTransStatus test from XML to Groovy
> 
>
> Key: OFBIZ-11542
> URL: https://issues.apache.org/jira/browse/OFBIZ-11542
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Rohit Hukkeri
>Assignee: Akash Jain
>Priority: Minor
>
> Convert testSetFinAccountTransStatus test from XML to Groovy



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11837) First Data Payment Gateway Integration

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150983#comment-17150983
 ] 

ASF subversion and git services commented on OFBIZ-11837:
-

Commit c2925a43a46218524ac3004fdc526c4147c46bd5 in ofbiz-plugins's branch 
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=c2925a4 ]

Improved: Adds plugin for integration of 1st Data payment gateway (OFBIZ-11837)

Adds missing ASL2 license headers


> First Data Payment Gateway Integration
> --
>
> Key: OFBIZ-11837
> URL: https://issues.apache.org/jira/browse/OFBIZ-11837
> Project: OFBiz
>  Issue Type: New Feature
>Affects Versions: Trunk
>Reporter: Pritam Kute
>Assignee: Pritam Kute
>Priority: Major
>
> Dev Thread Link: [https://markmail.org/thread/2p5top4idkeiwlih]
> Apache OFBiz has OOTB integrations for most of the widely used payment 
> gateways around the world.
> We are working on integrating First Data Payment Gateway for one of the 
> websites. The First Data payment gateway is quite popular and comes in the 
> list of top payment gateways around the globe. We would like to contribute 
> the basic payment gateway integration of First Data into Apache OFBiz.
> Also as discussed over the DEV list, we will be contributing gateway as a 
> separate plugin.
> We will create the subtasks under this main task to deliver different payment 
> gateway methods.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11848) Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)

2020-07-03 Thread Michael Brohl (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151031#comment-17151031
 ] 

Michael Brohl commented on OFBIZ-11848:
---

I am proposing the following changes according to the migration guide 
([https://tomcat.apache.org/migration-9.html#Upgrading_9.0.x)]

In 9.0.31 onwards, the default listen address of the AJP Connector was changed 
to the loopback address rather than all addresses.

-> No change necessary in OFBiz, the specified address is 0.0.0.0.

In 9.0.31 onwards, the requiredSecret attribute of the AJP Connector was 
deprecated and replaced by the secret attribute.

-> Proposed change: add property with empty value.

In 9.0.31 onwards, the secretRequired attribute was added to the AJP Connector. 
If set to true, the default, the AJP Connector will not start unless a secret 
has been specified.

-> Proposed change: set to false (default is true) to keep the older state.

In 9.0.31 onwards, the allowedRequestAttributesPattern attribute was added to 
the AJP Connector. Requests with unrecognised attributes will now be blocked 
with a 403.

-> Proposed change: add property with wildcard pattern set to ".*"

> Upgrade Tomcat from 9.0.34 to 9.0.36 (CVE-2020-11996)
> -
>
> Key: OFBIZ-11848
> URL: https://issues.apache.org/jira/browse/OFBIZ-11848
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: 18.12.01, 17.12.03, Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Major
> Fix For: 18.12.01, Release Branch 17.12, Upcoming Branch
>
>
> CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
> Severity: Important
> Vendor: The Apache Software Foundation
> Versions Affected:
> Apache Tomcat 10.0.0-M1 to 10.0.0-M5
> Apache Tomcat 9.0.0.M1 to 9.0.35
> Apache Tomcat 8.5.0 to 8.5.55
> Description:
> A specially crafted sequence of HTTP/2 requests could trigger high CPU
> usage for several seconds. If a sufficient number of such requests were
> made on concurrent HTTP/2 connections, the server could become unresponsive.
> Mitigation:
> - Upgrade to Apache Tomcat 10.0.0-M6 or later
> - Upgrade to Apache Tomcat 9.0.36 or later
> - Upgrade to Apache Tomcat 8.5.56 or later
> Credit:
> This issue was reported publicly via the Apache Tomcat Users mailing
> list without reference to the potential for DoS. The DoS risks were
> identified by the Apache Tomcat Security Team.
> References:
> [1] http://tomcat.apache.org/security-10.html
> [2] http://tomcat.apache.org/security-9.html
> [3] http://tomcat.apache.org/security-8.html



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (OFBIZ-11808) Improve screen engine with decrease technology dependence

2020-07-03 Thread Nicolas Malin (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nicolas Malin updated OFBIZ-11808:
--
Description: 
After different presentation on thinking about how improve the end user 
experience on back office screen, we start a list of issues that cover the 
minimum need.

[chapter 
1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E]
 
 [chapter 
2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E]
 [chapter 
3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E]

[Presentation slides|https://s.apache.org/EmpowerOFBizScreen]

Each improvement is designed to decrease the xml form definition, based on 
functional concept out any technology (relaying to theme).

  was:
After different presentation on thinking about how improve the end user 
experience on back office screen, we start a list of issues that cover the 
minimum need.

[chapter 
1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E]
 
 [chapter 
2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E]
 [chapter 
3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E]

[Presentation slides|[https://s.apache.org/EmpowerOFBizScreen]]

Each improvement is designed to decrease the xml form definition, based on 
functional concept out any technology (relaying to theme).


> Improve screen engine with decrease technology dependence
> -
>
> Key: OFBIZ-11808
> URL: https://issues.apache.org/jira/browse/OFBIZ-11808
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework, framework/widget
>Affects Versions: Trunk
>Reporter: Nicolas Malin
>Assignee: Nicolas Malin
>Priority: Major
>  Labels: screen, widget
>
> After different presentation on thinking about how improve the end user 
> experience on back office screen, we start a list of issues that cover the 
> minimum need.
> [chapter 
> 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E]
>  
>  [chapter 
> 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E]
>  [chapter 
> 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E]
> [Presentation slides|https://s.apache.org/EmpowerOFBizScreen]
> Each improvement is designed to decrease the xml form definition, based on 
> functional concept out any technology (relaying to theme).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (OFBIZ-11808) Improve screen engine with decrease technology dependence

2020-07-03 Thread Nicolas Malin (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nicolas Malin updated OFBIZ-11808:
--
Description: 
After different presentation on thinking about how improve the end user 
experience on back office screen, we start a list of issues that cover the 
minimum need.

[chapter 
1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E]
 
 [chapter 
2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E]
 [chapter 
3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E]

[Presentation slides|[https://s.apache.org/EmpowerOFBizScreen]]

Each improvement is designed to decrease the xml form definition, based on 
functional concept out any technology (relaying to theme).

  was:
After different presentation on thinking about how improve the end user 
experience on back office screen, we start a list of issues that cover the 
minimum need.

[chapter 
1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E]
 
[chapter 
2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E]
[chapter 
3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E]

Each improvement is designed to decrease the xml form definition, based on 
functional concept out any technology (relaying to theme).


> Improve screen engine with decrease technology dependence
> -
>
> Key: OFBIZ-11808
> URL: https://issues.apache.org/jira/browse/OFBIZ-11808
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework, framework/widget
>Affects Versions: Trunk
>Reporter: Nicolas Malin
>Assignee: Nicolas Malin
>Priority: Major
>  Labels: screen, widget
>
> After different presentation on thinking about how improve the end user 
> experience on back office screen, we start a list of issues that cover the 
> minimum need.
> [chapter 
> 1|https://lists.apache.org/thread.html/5dcc8cff9b5413070079d22833b6a10abee55bcfbfb0233019ed09b1%40%3Cdev.ofbiz.apache.org%3E]
>  
>  [chapter 
> 2|https://lists.apache.org/thread.html/r146f2814691e98e2cfc308ed3ac1db77fb6a356a2b73215517d300aa%40%3Cdev.ofbiz.apache.org%3E]
>  [chapter 
> 3|https://lists.apache.org/thread.html/ra5ed191eecbaf8096ddcdcf98048e70ea8c139fcab75c734ff30b6c0%40%3Cdev.ofbiz.apache.org%3E]
> [Presentation slides|[https://s.apache.org/EmpowerOFBizScreen]]
> Each improvement is designed to decrease the xml form definition, based on 
> functional concept out any technology (relaying to theme).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component

2020-07-03 Thread Jacques Le Roux (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-11836:

Description: 
Harshit Shukla [harshit.sh...@gmail.com|mailto:harshit.sh...@gmail.com]reported 
this IDOR vulnerability to the OFBiz security team, and we thank him for that.

Here is Harshit's message slightly edited:
{quote}[https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1]

In the above URL, the parameter 'orderId' has the value 'WSCO1' and after 
incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt 
of other orders which have been placed by other users.

All the available order receipts can be downloaded by running an automated tool 
(Burp Intruder) on the parameter 'orderId=WSCOX'

I have successfully tested this by using 2 different accounts: DemoCustomer and 
DemoCustomer2 ([~jleroux] edited)

An attacker can download order receipts of other users and this could lead to 
information disclosure.

The only real solution to this issue is to implement access control. The user 
needs to be authorized for the requested information before the server provides 
it.

Reference:[https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/]
{quote}
Only ecommerce is affected because we have secure permissions in backorder 
components (ERP)

  was:
Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability 
to the OFBiz security team, and we thank him for that.

I'll later quote here his email message when the vulnerability will be fixed. 
It's a post-auth vulnerability so we did not ask for a CVE.

Here is Harshit's message slightly edited:
{quote}
https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1

In the above URL, the parameter 'orderId' has the value 'WSCO1' and after 
incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt 
of other orders which have been placed by other users.

All the available order receipts can be downloaded by running an automated tool 
(Burp Intruder) on the parameter 'orderId=WSCOX'

I have successfully tested this by using 2 different accounts: DemoCustomer and 
DemoCustomer2 ([~jleroux] edited)

An attacker can download order receipts of other users and this could lead to 
information disclosure.

The only real solution to this issue is to implement access control. The user 
needs to be authorized for the requested information before the server provides 
it.

Reference:https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/
{quote}

Only ecommerce is affected because we have secure permissions in backorder 
components (ERP)



> IDOR vulnerability in the order processing feature in ecommerce component
> -
>
> Key: OFBIZ-11836
> URL: https://issues.apache.org/jira/browse/OFBIZ-11836
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ecommerce, order
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 18.12.01, 17.12.04
>
>
> Harshit Shukla 
> [harshit.sh...@gmail.com|mailto:harshit.sh...@gmail.com]reported this IDOR 
> vulnerability to the OFBiz security team, and we thank him for that.
> Here is Harshit's message slightly edited:
> {quote}[https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1]
> In the above URL, the parameter 'orderId' has the value 'WSCO1' and after 
> incrementing the value to 'WSCO10001' or 'WSCO10002' will download the 
> receipt of other orders which have been placed by other users.
> All the available order receipts can be downloaded by running an automated 
> tool (Burp Intruder) on the parameter 'orderId=WSCOX'
> I have successfully tested this by using 2 different accounts: DemoCustomer 
> and DemoCustomer2 ([~jleroux] edited)
> An attacker can download order receipts of other users and this could lead to 
> information disclosure.
> The only real solution to this issue is to implement access control. The user 
> needs to be authorized for the requested information before the server 
> provides it.
> Reference:[https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/]
> {quote}
> Only ecommerce is affected because we have secure permissions in backorder 
> components (ERP)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (OFBIZ-11869) Convert ProductionRunTests.xml to Groovy

2020-07-03 Thread Akash Jain (Jira)
Akash Jain created OFBIZ-11869:
--

 Summary: Convert ProductionRunTests.xml to Groovy
 Key: OFBIZ-11869
 URL: https://issues.apache.org/jira/browse/OFBIZ-11869
 Project: OFBiz
  Issue Type: Sub-task
  Components: manufacturing
Affects Versions: Trunk
Reporter: Akash Jain
Assignee: Akash Jain


Convert ProductionRunTests XML file to Groovy.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Closed] (OFBIZ-11862) BigDecimal casting in Groovy

2020-07-03 Thread Pawan Verma (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pawan Verma closed OFBIZ-11862.
---
Resolution: Implemented

> BigDecimal casting in Groovy
> 
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
>  Issue Type: Bug
>  Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute 
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
>  in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding 
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the 
> default type is always 
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>  
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to 
> cast in R18, nothing in R17



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Closed] (OFBIZ-11862) BigDecimal casting in Groovy

2020-07-03 Thread Pawan Verma (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pawan Verma closed OFBIZ-11862.
---
Resolution: Fixed

> BigDecimal casting in Groovy
> 
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
>  Issue Type: Bug
>  Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute 
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
>  in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding 
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the 
> default type is always 
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>  
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to 
> cast in R18, nothing in R17



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Reopened] (OFBIZ-11862) BigDecimal casting in Groovy

2020-07-03 Thread Pawan Verma (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pawan Verma reopened OFBIZ-11862:
-

> BigDecimal casting in Groovy
> 
>
> Key: OFBIZ-11862
> URL: https://issues.apache.org/jira/browse/OFBIZ-11862
> Project: OFBiz
>  Issue Type: Bug
>  Components: bi, order, product
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Pawan Verma
>Priority: Major
> Fix For: 18.12.01
>
>
> [Pritam Kute 
> noticed|https://issues.apache.org/jira/browse/OFBIZ-11843?focusedCommentId=17146911&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17146911]
>  in OFBIZ-11843 that we sometimes use wrong type castings for BigDecimal:
> {quote}
> I have observed that for typecasting in groovy, we have used the wrong coding 
> pattern like
> {code:java}
> (BigDecimal) -0.01
> {code}
> It should be like
> {code:java}
> -0.01 as BigDecimal
> {code}
> {quote}
> Actually in this case we don't need to cast, [because in case of decimal, the 
> default type is always 
> BigDecimal|https://www.logicbig.com/tutorials/misc/groovy/numbers-types-suffix.html].
>  
> But there are Integers in trunk (mostly 0) and 2 cases where it's useless to 
> cast in R18, nothing in R17



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11535) Convert AutoPaymentTests.xml to Groovy

2020-07-03 Thread Akash Jain (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150963#comment-17150963
 ] 

Akash Jain commented on OFBIZ-11535:


Attached patch for this improvement.

> Convert AutoPaymentTests.xml to Groovy
> --
>
> Key: OFBIZ-11535
> URL: https://issues.apache.org/jira/browse/OFBIZ-11535
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Rohit Hukkeri
>Assignee: Akash Jain
>Priority: Minor
> Attachments: OFBIZ-11535.patch
>
>
> Convert AutoPaymentTests XML file to Groovy.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11456) MacroFormRenderer refactoring

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150793#comment-17150793
 ] 

ASF subversion and git services commented on OFBIZ-11456:
-

Commit 3bc59aeb140da99ee74a9c5a8232889587b0b8ed in ofbiz-framework's branch 
refs/heads/trunk from Daniel Watford
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=3bc59ae ]

Improved: Added new MacroFormRenderer unit tests (OFBIZ-11456) (#213)

Improved: Suppress deprecation warning on test method used to ensure behaviour 
is preserved until the deprecated method is removed. (OFBIZ-11456)

* Improved: Unit Tests for MacroFormRenderer

As part of refactoring MacroFormRender, unit tests have been created for
the main render methods to help ensure consistent behaviour is
maintained when MacroFormRender is changed.

More in-depth unit testing may be added when the more complex parts of
MacroFormRenderer are modified in the future.

> MacroFormRenderer refactoring
> -
>
> Key: OFBIZ-11456
> URL: https://issues.apache.org/jira/browse/OFBIZ-11456
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework/widget
>Affects Versions: Trunk
>Reporter: Daniel Watford
>Assignee: Daniel Watford
>Priority: Minor
>
> Class MacroFormRender is 3400 lines long and performs the following:
>  * Renders the various form structure parts and field widgets to FTL macros 
> calls.
>  * Configures the FTL environment.
>  * Executes the FTL macro calls to generate HTML and write it to a caller 
> provided Appendable.
> Implementing the above means that MacroFormRenderer does not meet the Single 
> Responsibility Principle. The current implementation of multiple 
> responsibilities makes unit testing difficult.
> As discussed on the dev mailing list 
> https://markmail.org/message/adtkk6cb6o7mmy7f it is proposed that 
> MacroFormRenderer is refactored.
> Refactoring should separate the rendering of form structure parts and field 
> widgets to FTL macro calls from the execution of those macros.
> To support the refactoring effort JMockit is being introduced (OFBIZ-4035) to 
> allow test creation against the current implementation of MacroFormRenderer, 
> helping to ensure functionality is preserved once refactoring is complete.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11456) MacroFormRenderer refactoring

2020-07-03 Thread Jacques Le Roux (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150795#comment-17150795
 ] 

Jacques Le Roux commented on OFBIZ-11456:
-

Thanks Daniel, PR#213 is in. I let open since there is more work to do here. I 
suggest to create subtasks to not have too much comments here only.

> MacroFormRenderer refactoring
> -
>
> Key: OFBIZ-11456
> URL: https://issues.apache.org/jira/browse/OFBIZ-11456
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework/widget
>Affects Versions: Trunk
>Reporter: Daniel Watford
>Assignee: Daniel Watford
>Priority: Minor
>
> Class MacroFormRender is 3400 lines long and performs the following:
>  * Renders the various form structure parts and field widgets to FTL macros 
> calls.
>  * Configures the FTL environment.
>  * Executes the FTL macro calls to generate HTML and write it to a caller 
> provided Appendable.
> Implementing the above means that MacroFormRenderer does not meet the Single 
> Responsibility Principle. The current implementation of multiple 
> responsibilities makes unit testing difficult.
> As discussed on the dev mailing list 
> https://markmail.org/message/adtkk6cb6o7mmy7f it is proposed that 
> MacroFormRenderer is refactored.
> Refactoring should separate the rendering of form structure parts and field 
> widgets to FTL macro calls from the execution of those macros.
> To support the refactoring effort JMockit is being introduced (OFBIZ-4035) to 
> allow test creation against the current implementation of MacroFormRenderer, 
> helping to ensure functionality is preserved once refactoring is complete.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (OFBIZ-11456) MacroFormRenderer refactoring

2020-07-03 Thread ASF subversion and git services (Jira)


[ 
https://issues.apache.org/jira/browse/OFBIZ-11456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150794#comment-17150794
 ] 

ASF subversion and git services commented on OFBIZ-11456:
-

Commit 3bc59aeb140da99ee74a9c5a8232889587b0b8ed in ofbiz-framework's branch 
refs/heads/trunk from Daniel Watford
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=3bc59ae ]

Improved: Added new MacroFormRenderer unit tests (OFBIZ-11456) (#213)

Improved: Suppress deprecation warning on test method used to ensure behaviour 
is preserved until the deprecated method is removed. (OFBIZ-11456)

* Improved: Unit Tests for MacroFormRenderer

As part of refactoring MacroFormRender, unit tests have been created for
the main render methods to help ensure consistent behaviour is
maintained when MacroFormRender is changed.

More in-depth unit testing may be added when the more complex parts of
MacroFormRenderer are modified in the future.

> MacroFormRenderer refactoring
> -
>
> Key: OFBIZ-11456
> URL: https://issues.apache.org/jira/browse/OFBIZ-11456
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework/widget
>Affects Versions: Trunk
>Reporter: Daniel Watford
>Assignee: Daniel Watford
>Priority: Minor
>
> Class MacroFormRender is 3400 lines long and performs the following:
>  * Renders the various form structure parts and field widgets to FTL macros 
> calls.
>  * Configures the FTL environment.
>  * Executes the FTL macro calls to generate HTML and write it to a caller 
> provided Appendable.
> Implementing the above means that MacroFormRenderer does not meet the Single 
> Responsibility Principle. The current implementation of multiple 
> responsibilities makes unit testing difficult.
> As discussed on the dev mailing list 
> https://markmail.org/message/adtkk6cb6o7mmy7f it is proposed that 
> MacroFormRenderer is refactored.
> Refactoring should separate the rendering of form structure parts and field 
> widgets to FTL macro calls from the execution of those macros.
> To support the refactoring effort JMockit is being introduced (OFBIZ-4035) to 
> allow test creation against the current implementation of MacroFormRenderer, 
> helping to ensure functionality is preserved once refactoring is complete.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (OFBIZ-11535) Convert AutoPaymentTests.xml to Groovy

2020-07-03 Thread Akash Jain (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Akash Jain updated OFBIZ-11535:
---
Attachment: OFBIZ-11535.patch

> Convert AutoPaymentTests.xml to Groovy
> --
>
> Key: OFBIZ-11535
> URL: https://issues.apache.org/jira/browse/OFBIZ-11535
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Rohit Hukkeri
>Assignee: Akash Jain
>Priority: Minor
> Attachments: OFBIZ-11535.patch
>
>
> Convert AutoPaymentTests XML file to Groovy.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Assigned] (OFBIZ-11868) Convert EmailServices.xml mini lang to groovy

2020-07-03 Thread Harutyun Farajyan (Jira)


 [ 
https://issues.apache.org/jira/browse/OFBIZ-11868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Harutyun Farajyan reassigned OFBIZ-11868:
-

Assignee: Harutyun Farajyan

> Convert EmailServices.xml mini lang to groovy
> -
>
> Key: OFBIZ-11868
> URL: https://issues.apache.org/jira/browse/OFBIZ-11868
> Project: OFBiz
>  Issue Type: Sub-task
>Reporter: Harutyun Farajyan
>Assignee: Harutyun Farajyan
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (OFBIZ-11868) Convert EmailServices.xml mini lang to groovy

2020-07-03 Thread Harutyun Farajyan (Jira)
Harutyun Farajyan created OFBIZ-11868:
-

 Summary: Convert EmailServices.xml mini lang to groovy
 Key: OFBIZ-11868
 URL: https://issues.apache.org/jira/browse/OFBIZ-11868
 Project: OFBiz
  Issue Type: Sub-task
Reporter: Harutyun Farajyan






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[GitHub] [ofbiz-framework] JacquesLeRoux merged pull request #213: Improved: Added new MacroFormRenderer unit tests (OFBIZ-11456)

2020-07-03 Thread GitBox


JacquesLeRoux merged pull request #213:
URL: https://github.com/apache/ofbiz-framework/pull/213


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org