- 06 Nov, 2024 1 commit
-
-
Vincent Pelletier authored
Malevolent users may decide to only - and repeatedly - present an otherwise valid refresh token, causing the issuance of a new access tokens everytime, likely along with new refresh tokens, causing many ZODB writes. Avoid this by pushing the token expiration date by one lifespan accuracy, so there can only be one write per session per lifespan accuracy period.
-
- 05 Nov, 2024 6 commits
-
-
Jérome Perrin authored
This partially reverts 8a336dc5 (erp5_accounting: Allow Assignor manage Accounting Periods, 2024-09-16) for the restart transition, it is intentional that only Assignor can restart an accounting period that have been closed. The idea was to support a scenario where re-opening a period that was closed can not be done directly by the Assignee but needs validation from the assignor.
-
Jérome Perrin authored
The check was made on the blob response type, which is set from the Content-Type header returned by the server, but Safari has a different interpretation of the charset parameter from the mime type, with a content type set to application/json;charset=utf-8 like Base_redirect does today, safari creates a blob with type application/json;charset=utf-8 and this was not detected as redirection and the json returned by Base_redirect was downloaded. Fix this by checking only the essence of the type. This also revealed a potential problem when actually downloading json files, in that case we also check that we have the X-Location header, that is supposed to be set by Base_redirect before interpreting the json and when it's not present we force download.
-
Jérome Perrin authored
Follow up of ff624fd2 (ERP5Workflow: newly added permission should be acquired for all existing states., 2024-11-04) and cbef6282 (ERP5Workflow: make sure not create duplicate permissions, 2024-11-05)
-
Jérome Perrin authored
Fix a problem introduced in ff624fd2 (ERP5Workflow: newly added permission should be acquired for all existing states., 2024-11-04), visible in a test failure
-
Jérome Perrin authored
-
Jérome Perrin authored
-
- 04 Nov, 2024 4 commits
-
-
Roque authored
-
Kazuhiko Shiozaki authored
before, all permissions became acquired in all states once we update permission list.
-
Kazuhiko Shiozaki authored
-
- 01 Nov, 2024 2 commits
- 30 Oct, 2024 1 commit
-
-
Rafael Monnerat authored
Don't add to total_contribution_relief if employer price is not set (None).
-
- 29 Oct, 2024 1 commit
-
-
Jérome Perrin authored
It was not running because we had two methods with same name
-
- 28 Oct, 2024 1 commit
-
-
Jérome Perrin authored
This reverts commit 5e21f77f. This was done too quickly based on a wrong assumption that simulation movements to build would always be in planned state and that we could have an efficient way of selecting them by catalog with index on portal_type and simulation state, but it does not work this way. Maybe the change is useful for something else, but since we don't have any use case for now, let's just revert.
-
- 25 Oct, 2024 1 commit
-
-
Jérome Perrin authored
See merge request nexedi/erp5!2001
-
- 24 Oct, 2024 7 commits
-
-
Jérome Perrin authored
See merge request !2003
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
In 1b555dbf (py2/py3: Make Products code compatible with both python2 and python3 (!1751)., 2024-07-16) we changed the code in a way that on python2 it would first node text to a python2 str and only later convert it to unicode, but setting text to a str during the first step can fail with: ValueError: All strings must be XML compatible: Unicode or ASCII, no NULL bytes or control characters This change to set directly unicode on py2.
-
- 23 Oct, 2024 4 commits
-
-
Romain Courteaud authored
-
Jérome Perrin authored
and move the implementation of SimulationMovement.getSimulationState here. This makes it possible for rules to generate simulation movements that are not necessary planned.
-
Jérome Perrin authored
Applied rules must have a rule as specialise
-
Jérome Perrin authored
-
- 16 Oct, 2024 5 commits
-
-
Jérome Perrin authored
`sender@customer.com <sender@customer.com>` used in the test is not a valid email address. We have updated to python3.9.20 which comes with a fix for CVE-2023-27043 and no longer allow this kind of broken addresses. Replace the address with a similar valid address, `"sender@customer.com" <sender@customer.com>`, that was probably the original intention of this test.
-
Jérome Perrin authored
On python3, the type of selected columns depend on the data type from mariadb side, VARCHAR will be str, BINARY/BLOB will be bytes, etc These SQL method select path that is first evaluated from a variable that is NULL and in that case, mariadb seems to select LONGBLOB as data type: MariaDB [test]> set @defined_as_null=null; drop table if exists tmp; create table tmp as (select @defined_as_null); show create table tmp; +-------+------------------------------------------------------------------------------------------------------------------------------------+ | Table | Create Table | +-------+------------------------------------------------------------------------------------------------------------------------------------+ | tmp | CREATE TABLE `tmp` ( `@defined_as_null` longblob DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci | +-------+------------------------------------------------------------------------------------------------------------------------------------+ By casting to CHAR in SQL, on the python side we always have the str that we expect here, because this is used as path attribute of a SQL brain.
-
Jérome Perrin authored
-
Jérome Perrin authored
This is similar to 18deb716 (ProcessingNodeTestCase: also setRequest in processing_node, 2023-05-02), as said in that commit message, timerserver loop calls setRequest, but before entering the loop, we wait for the portal to be created with: 447 │ try: 448 │ self.portal = self.app[self.app.test_portal_name] 449 │ except (AttributeError, KeyError): 450 │ continue While accessing like this, this will load classes and initialize dynamic modules, on python2 this was OK, but on python3 this was raising an error because `getRequest` returned None: File "./parts/erp5/product/ERP5Type/dynamic/component_package.py", line 449, in load_module return self.__load_module(fullname) File "./parts/erp5/product/ERP5Type/dynamic/component_package.py", line 416, in __load_module erp5.component.ref_manager.add_module(module) File "./parts/erp5/product/ERP5Type/dynamic/dynamic_module.py", line 86, in add_module self.add_request(get_request()) File "./parts/erp5/product/ERP5Type/dynamic/dynamic_module.py", line 64, in add_request self.setdefault(last_sync, (WeakSet(), set()))[0].add(request_obj) File "./lib/python3.9/_weakrefset.py", line 89, in add self.data.add(ref(item, self._remove)) TypeError: cannot create weak reference to 'NoneType' object On python2, this was actually raising as well, but this error is hidden by a `hasattr`, because on python2 `hasattr` ignores all exceptions and on python3 it only ignores only `AttributeError`. File "./parts/erp5/product/ERP5Type/Core/PropertySheet.py", line 61, in createAccessorHolder self.applyOnAccessorHolder(accessor_holder, expression_context, portal) File "./parts/erp5/product/ERP5Type/Core/PropertySheet.py", line 175, in applyOnAccessorHolder for property_definition in self.contentValues(): File "./parts/erp5/product/ERP5Type/Core/Folder.py", line 1570, in contentValues portal_type_id_list = self._getTypesTool().listContentTypes() File "./parts/erp5/product/ERP5Type/Tool/TypesTool.py", line 173, in listContentTypes provider_value = _getOb(provider, None) File "./eggs/Zope-4.8.7-py2.7.egg/OFS/ObjectManager.py", line 323, in _getOb if id[:1] != '_' and hasattr(aq_base(self), id): File "./parts/erp5/product/ERP5Type/dynamic/lazy_class.py", line 120, in __getattribute__ self.__class__.loadClass()
-
Nicolas Wavrant authored
-
- 15 Oct, 2024 7 commits
-
-
Nicolas Wavrant authored
And simplify just a bit the code
-
Jérome Perrin authored
FutureWarning: This search incorrectly ignores the root element, and will be fixed in a future version. If you rely on the current behaviour, change it to './/role'.
-
Arnaud Fontaine authored
py3: TestTradeModelLineMixin inherited from UserDict() to store values on the class direcly (nexedi/erp5!1751). This does not work with py3: File "parts/erp5/Products/ERP5Type/tests/runUnitTest.py", line 941, in main result = runUnitTestList(test_list=args, File "parts/erp5/Products/ERP5Type/tests/runUnitTest.py", line 703, in runUnitTestList result = TestRunner(verbosity=verbosity).run(suite) [...] File "parts/python3/lib/python3.9/unittest/runner.py", line 184, in run test(result) [...] File "parts/python3/lib/python3.9/unittest/suite.py", line 84, in __call__ return self.run(*args, **kwds) File "parts/python3/lib/python3.9/unittest/suite.py", line 111, in run if _isnotsuite(test): File "parts/python3/lib/python3.9/unittest/suite.py", line 369, in _isnotsuite iter(test) File "parts/python3/lib/python3.9/collections/__init__.py", line 1067, in __iter__ return iter(self.data) AttributeError: 'TestComplexTradeModelLineUseCaseSale' object has no attribute 'data' Use a dedicated dict() to store these values as there was no strong reasons to inherit from UserDict() here and this makes test implementation easier too...
-
Jérome Perrin authored
group_id is used as key of OOBtree and as documented, it's not possible to mix keys that can not be compared, so we can not have a mix of string and bytes, for consistency with other BTrees, such as the ones used for OFS. group_id is also used in a SQL column which is BINARY, this is problematic on py3 because the selected values will be returned as bytes, but we expect str here. Because we don't want to run a data migration, we adjust the select methods to convert to str while selecting. Since years there was a warning that id_group must be a string, now we make it a bit stricter, we also enforce that the id_group is valid UTF-8. A few more tests and assertions were also added.
-
Jérome Perrin authored
Since Zope commit 020685087 (`Allow ZPublisher to handle a query string together with a request body (#1124)`, 2023-05-15) Zope tries to process all XML HTTP requests as XML-RPC and we need to tell that these SOAP requests are not XML-RPC.
-
Kazuhiko Shiozaki authored
py2/py3: Base64 encode inventory cache, as Shared.DC.ZRDB.DA.SQL tries to decode bytes to str (nexedi/erp5!1751).
-
Jérome Perrin authored
-