* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement suggestions from Heng Sin
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Fix security warning advised by github/CodeQL
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement an incremental delay in zk when the validation code is wrong (to avoid brute-force attacks)
As suggested by Ricardo Santana:
* ensures one-time only use of an OTP
* Log failures in AuthFailure.log
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
* Log failures in AuthFailure.log - add case for login with email
* Implement incremental delay also for login panel
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
- move oauth libraries and dependency to target platform
- require Tycho 2.3.0+ and Eclipse 2021-03+
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
Fix launch configuration.
* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)
WIP - initial version working on zk with google apps mail using OAuth2 Authorization Code Flow and Client Type = web application
* Enable imap reading with OAuth2 in RequestEMailProcessor
* Simplify the code - tested plain and OAuth2 can use the same methods
* Add +SCOPE parameter to AddAuthorizationForm according to IDEMPIERE-4713
* Rename the form AddAuthorizationMailForm to AddAuthorizationForm as is now more generic
* IDEMPIERE-4713
* Rename migration scripts to make it newer than IDEMPIERE-4713
* Add list of scopes attended by a credential
* Change form to accept other scopes, if no scope parameter is passed, then a list is shown, change the menu to fix the EMail scope
* Add MAuthorizationAccount.refreshAndGetAccessToken
* Add translation for messages
* make call generic oauth, avoid using specific google API
* Tests with microsoft as OAuth2 provider
* Add record for microsoft as provider
* Increase size of tokens
* Define mandatory and secure columns
* Update refresh token when it comes on the refresh call
* Revoke endpoint is optional
* Change the approach to a process instead of a form (WIP)
* Implement servlet to process the OAuth2 code
* Solve context suggestion from hengsin
* Implement the form in an automatic popup approach for running on zkwebui
* i18n - add translations for all messages that are shown to user
* on the form opted for click to avoid the problem with browsers forbidding popups
* clean spaces and tabs on line endings
* avoid logging and copy of the secure columns
* Fix problem reported by @d-ruiz about hidden NPE when SMTP Authentication is disabled
* Add writing to AD_PInstance_Para and AD_PInstance_Log the results of processing the servlet
* Control to avoid using the same authorization URL twice
* IDEMPIERE-4722 Remove constraint that idempiere source folder must be used as Eclipse workspace
use project_loc of org.adempiere.base instead of workspace_loc
integrate additional fix from Carlos
* IDEMPIERE-4620 Improvements for Setup programs
* Allow receiving log level as parameter for setup and console-setup
* Avoid duplication of log file - just leave it in /log
* Implement logging for console-setup too
* mark SilentSetup as deprecated
* add runtime-*.app to .gitignore (sometimes files appear in these folders and can be wrongly committed)
* IDEMPIERE-4620 Improvements for Setup programs
* Add validation for log level parameter
* Implement silent-setup instead of deprecating
* console-setup is prone to errors when redirecting stdin
* Test the debian installer using the silent-setup
hengsin
Carlos Ruiz