* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement suggestions from Heng Sin
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Fix security warning advised by github/CodeQL
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
Implement an incremental delay in zk when the validation code is wrong (to avoid brute-force attacks)
As suggested by Ricardo Santana:
* ensures one-time only use of an OTP
* Log failures in AuthFailure.log
* IDEMPIERE-4782 Multi-factor authentication (FHCA-2034)
* Log failures in AuthFailure.log - add case for login with email
* Implement incremental delay also for login panel
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
- move oauth libraries and dependency to target platform
- require Tycho 2.3.0+ and Eclipse 2021-03+
* IDEMPIERE-4749 Allow to use OAuth2 libraries on plugins
Fix launch configuration.
* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)
WIP - initial version working on zk with google apps mail using OAuth2 Authorization Code Flow and Client Type = web application
* Enable imap reading with OAuth2 in RequestEMailProcessor
* Simplify the code - tested plain and OAuth2 can use the same methods
* Add +SCOPE parameter to AddAuthorizationForm according to IDEMPIERE-4713
* Rename the form AddAuthorizationMailForm to AddAuthorizationForm as is now more generic
* IDEMPIERE-4713
* Rename migration scripts to make it newer than IDEMPIERE-4713
* Add list of scopes attended by a credential
* Change form to accept other scopes, if no scope parameter is passed, then a list is shown, change the menu to fix the EMail scope
* Add MAuthorizationAccount.refreshAndGetAccessToken
* Add translation for messages
* make call generic oauth, avoid using specific google API
* Tests with microsoft as OAuth2 provider
* Add record for microsoft as provider
* Increase size of tokens
* Define mandatory and secure columns
* Update refresh token when it comes on the refresh call
* Revoke endpoint is optional
* Change the approach to a process instead of a form (WIP)
* Implement servlet to process the OAuth2 code
* Solve context suggestion from hengsin
* Implement the form in an automatic popup approach for running on zkwebui
* i18n - add translations for all messages that are shown to user
* on the form opted for click to avoid the problem with browsers forbidding popups
* clean spaces and tabs on line endings
* avoid logging and copy of the secure columns
* Fix problem reported by @d-ruiz about hidden NPE when SMTP Authentication is disabled
* Add writing to AD_PInstance_Para and AD_PInstance_Log the results of processing the servlet
* Control to avoid using the same authorization URL twice
* IDEMPIERE-4722 Remove constraint that idempiere source folder must be used as Eclipse workspace
use project_loc of org.adempiere.base instead of workspace_loc
integrate additional fix from Carlos
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration)
update to default jetty configuration
delete unused configuration (alpn, http2,..)
* IDEMPIERE-4492 update orbit eclipse repository to 4.17
* IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom)
* IDEMPIERE-4492 update jasper to 6.15.0
* IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504)
get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil
note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version)
but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle
workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1
* IDEMPIERE-4492 update atmosphere to 2.6.4
* IDEMPIERE-4492 refine target platform
use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl
+ don't need to care update bundle version when update repository
+ at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository
so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional
so it make target content has more plugins than what we use on project
next step will convert include feature to include plugins to define only what we used
* IDEMPIERE-4492 refine target platform (continue)
don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform
remove some unused feature from idempiere product
* IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
* IDEMPIERE-4492 improve target platform (continue)
provide test bundle require to repository for use on offline
remove some unused bundle
also fix for IDEMPIERE-4475
* IDEMPIERE-4492 improve target platform (continue IDEMPIERE-4475)
add launch for unittest
add more require bundle for unit test
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 update atmosphere to 2.5.15
* IDEMPIERE-4492 update jetty to 9.4.33.v20201020 (update configuration)
update to default jetty configuration
delete unused configuration (alpn, http2,..)
* IDEMPIERE-4492 update orbit eclipse repository to 4.17
* IDEMPIERE-4492 update orbit eclipse repository to 4.17 (on parent pom)
* IDEMPIERE-4492 update jasper to 6.15.0
* IDEMPIERE-4492 update jasper to 6.15.0 (IDEMPIERE-4504)
get rid of bundle "org.w3c.dom.events version 3.0.0" by use old version of org.w3c.dom.smil
note: on target platform a bundle has multi version then tycho can pickup correct version define on feature (tab included plugins, field version)
but on eclipse when sync launching from .product it don't respect that value, always set highest version to bundle
workaround: on target platform manual un-select bundle org.w3c.dom.smil 1.0.1
* IDEMPIERE-4492 update atmosphere to 2.6.4
* IDEMPIERE-4492 refine target platform
use targetplatform-dsl to generate target platform https://github.com/eclipse-cbi/targetplatform-dsl
+ don't need to care update bundle version when update repository
+ at moment org.idempiere.eclipse.platform-feature include some feature form eclipse repository
so target has to include that feature so target platform will include all bundler request by feature and bundle request by plugins of that feature and so on (ever optional
so it make target content has more plugins than what we use on project
next step will convert include feature to include plugins to define only what we used
* IDEMPIERE-4492 refine target platform (continue)
don't include framework feature, use include plugins to void load transitive dependency so minimize target flatform
remove some unused feature from idempiere product
* IDEMPIERE-4492 update c3p0 and database jdbc (patch from Carlos)
update jetty to 12
update almost library to latest version
change org.eclipse.jdt.core.compiler.batch to org.eclipse.jdt.core
change javax.management.j2ee-api to org.apache.geronimo.specs.geronimo-j2ee-management_1.1_spec, reduce dependency and correct dependency of activeMQ
javax.activation to com.sun.activation.javax.activation
lib for service will take from library instea of jdk
groovy to date
maven have beta version of groovy-all, so fix version of groovy-all to help buckminster materialize
new version of org.apache.commons.configuration request org.apache.commons.lang3
correct source bundle of zk and https://github.com/jetty-project/jasper-jsp/issues/5
update launch