* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement suggestions from Heng Sin
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Fix security warning advised by github/CodeQL
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement an incremental delay in zk when the validation code is wrong (to avoid brute-force attacks)
As suggested by Ricardo Santana:
* ensures one-time only use of an OTP
* Log failures in AuthFailure.log
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
* Log failures in AuthFailure.log - add case for login with email
* Implement incremental delay also for login panel
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
- move oauth libraries and dependency to target platform
- require Tycho 2.3.0+ and Eclipse 2021-03+
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
Fix launch configuration.
* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)
WIP - initial version working on zk with google apps mail using OAuth2 Authorization Code Flow and Client Type = web application
* Enable imap reading with OAuth2 in RequestEMailProcessor
* Simplify the code - tested plain and OAuth2 can use the same methods
* Add +SCOPE parameter to AddAuthorizationForm according to IDEMPIERE-4713
* Rename the form AddAuthorizationMailForm to AddAuthorizationForm as is now more generic
* IDEMPIERE-4713
* Rename migration scripts to make it newer than IDEMPIERE-4713
* Add list of scopes attended by a credential
* Change form to accept other scopes, if no scope parameter is passed, then a list is shown, change the menu to fix the EMail scope
* Add MAuthorizationAccount.refreshAndGetAccessToken
* Add translation for messages
* make call generic oauth, avoid using specific google API
* Tests with microsoft as OAuth2 provider
* Add record for microsoft as provider
* Increase size of tokens
* Define mandatory and secure columns
* Update refresh token when it comes on the refresh call
* Revoke endpoint is optional
* Change the approach to a process instead of a form (WIP)
* Implement servlet to process the OAuth2 code
* Solve context suggestion from hengsin
* Implement the form in an automatic popup approach for running on zkwebui
* i18n - add translations for all messages that are shown to user
* on the form opted for click to avoid the problem with browsers forbidding popups
* clean spaces and tabs on line endings
* avoid logging and copy of the secure columns
* Fix problem reported by @d-ruiz about hidden NPE when SMTP Authentication is disabled
* Add writing to AD_PInstance_Para and AD_PInstance_Log the results of processing the servlet
* Control to avoid using the same authorization URL twice
* IDEMPIERE-4488 Remove .classpath from repository
* IDEMPIERE-4488 Remove .classpath from repository
add ignore for .classpath
* IDEMPIERE-4488 Remove .classpath from repository
remove ".settings/org.eclipse.jdt.core.prefs"
* IDEMPIERE-4488 Remove .classpath from repository
fix false status report for /bin and .project
* IDEMPIERE-4722 Remove constraint that idempiere source folder must be used as Eclipse workspace
use project_loc of org.adempiere.base instead of workspace_loc
integrate additional fix from Carlos
* backward compatible with the previous idempiere.properties and idempiereEnv.properties version
* when the setup/console-setup is executed again the secret keys are stored obfuscated in a different file .idpass
* Secret keys are ADEMPIERE_DB_PASSWORD, ADEMPIERE_DB_SYSTEM, ADEMPIERE_MAIL_PASSWORD
* to add more is just adding keys to array ConfigurationData.secretVars
* the previous (unobfuscated) approach is still preserved passing -DIDEMPIERE_SECURE_PROPERTIES=false to the JVM in setup and server
* the approach just run on Linux - as is implemented using shell script, windows is out of the initial scope, but could be possible to implement .bat files to do similar
* the default approach is to use getVar.sh and setVar.sh that writes in .idpass obfuscated
* is possible to extend and use custom secret managers implementing customSetVar.sh and customGetVar.sh
* samples for amazon AWS secretsmanager are included
* avoid the email sent on setup sending the secret keys
* enclose all variables in myEnvironment.sh within quotes (this avoids problems with variables containing spaces)
* add coreutils as required for debian installer (as we use base64 now to obfuscate passwords)
* swing client is not affected as it saves the idempiere.properties encrypted in user home folder
* IDEMPIERE-4620 Improvements for Setup programs
* Allow receiving log level as parameter for setup and console-setup
* Avoid duplication of log file - just leave it in /log
* Implement logging for console-setup too
* mark SilentSetup as deprecated
* add runtime-*.app to .gitignore (sometimes files appear in these folders and can be wrongly committed)
* IDEMPIERE-4620 Improvements for Setup programs
* Add validation for log level parameter
* Implement silent-setup instead of deprecating
* console-setup is prone to errors when redirecting stdin
* Test the debian installer using the silent-setup
* IDEMPIERE-4611 Replace dependency to sun.security.tools.keytool with Bouncy Castle
* IDEMPIERE-4611 Replace dependency to sun.security.tools.keytool with Bouncy Castle
Fix error with State
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration)
update to default jetty configuration
delete unused configuration (alpn, http2,..)
* IDEMPIERE-4492 update orbit eclipse repository to 4.17
* IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom)
* IDEMPIERE-4492 update jasper to 6.15.0
* IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504)
get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil
note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version)
but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle
workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1
* IDEMPIERE-4492 update atmosphere to 2.6.4
* IDEMPIERE-4492 refine target platform
use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl
+ don't need to care update bundle version when update repository
+ at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository
so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional
so it make target content has more plugins than what we use on project
next step will convert include feature to include plugins to define only what we used
* IDEMPIERE-4492 refine target platform (continue)
don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform
remove some unused feature from idempiere product
* IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
* IDEMPIERE-4492 improve target platform (continue)
provide test bundle require to repository for use on offline
remove some unused bundle
also fix for IDEMPIERE-4475
* IDEMPIERE-4492 improve target platform (continue IDEMPIERE-4475)
add launch for unittest
add more require bundle for unit test
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration)
update to default jetty configuration
delete unused configuration (alpn, http2,..)
* IDEMPIERE-4492 update orbit eclipse repository to 4.17
* IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom)
* IDEMPIERE-4492 update jasper to 6.15.0
* IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504)
get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil
note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version)
but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle
workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1
* IDEMPIERE-4492 update atmosphere to 2.6.4
* IDEMPIERE-4492 refine target platform
use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl
+ don't need to care update bundle version when update repository
+ at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository
so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional
so it make target content has more plugins than what we use on project
next step will convert include feature to include plugins to define only what we used
* IDEMPIERE-4492 refine target platform (continue)
don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform
remove some unused feature from idempiere product
* IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
* IDEMPIERE-4298: remove Bundle-RequiredExecutionEnvironment
when build by tycho value of Bundle-RequiredExecutionEnvironment and jdt need to compatibility
in case we use Bundle-RequiredExecutionEnvironment = 11 then can't build by jdk != 11
so stick on fix value isn't good
eclipse now also support Require-Capability, so don't need Bundle-RequiredExecutionEnvironment anymore
* IDEMPIERE-4298:support update jdk (jdk 12 13 14)
default environment still jdk-11 but you can build for any jdk by below command
export JAVA_HOME=path to jdk
mvn verify -Djdk.version=11
in case on JAVA_HOME is jdk 14 then can set jdk.version for 11, 12, 13, 14 and same for other jdk
at moment java 14 just support on eclipse 2020-03 with install plugin
Java 14 Support for Eclipse 2020-03 (4.15)