libfaketime and python-libfaketime seem to cause our CI to fail when
used in conjunction with `uv`. This changes the way the tests are done
so they don't require libfaketime anymore.
- Replace black by ruff, as it's quicker ;
- Use `uv` wherever possible as a replacement for pip, as it's way faster to run, add an `uv.lock` file which will be synced before the releases and published here ;
- Remove tox, it's too complex for this project and can easily be replaced by `uv` ;
- Apply `ruff` formatting ;
- Update the makefile accordingly ;
- Update the CI accordingly
* Bill types added in Bill and Project Model, Implemented in BillForm
* import and export bill feature updated with bill type, tests modified to reflect the behavior
* eliminating unnecessary bill type
* typo fixed, test cases fixed for the current bill types
* button added
* settle button added
* new changes
* test cases added
* bchen-reimbursement
* tests for different bill types
* test cases fixed
* fixed reimbursement test case
* Replaced assertEqual with assert
* Fixed missing bill_type in unit tests
* Removed commented code
* Reverted unnecessary string edit
* Changed bill_type to an Enum
* Added test checking correct bill_type validation
* Fixed billtype displaying in all caps
* Removed 'Transfer' bill type
* Added migration rule and set default bill_type in alembic
* bill_type is now an optional parameter in the BillForm
* Use enum name instead of value as SQL server_default
SQLAlchemy uses the Enum names in the database, as the values could be
generic python objects.
https://docs.sqlalchemy.org/en/20/core/type_basics.html#sqlalchemy.types.Enum
* Removed bill type from the Bills html table
* Replaced string bill type with enum
* Made "Settlement" translatable
* Manually handle the new Enum creation
Alembic does not handle postgres Enums correctly, so we need to manually
generate the new enum type.
See https://github.com/sqlalchemy/alembic/issues/278
---------
Co-authored-by: Ruitao Li <ruital@andrew.cmu.edu>
Co-authored-by: MelodyZhangYiqun <98992024+MelodyZhangYiqun@users.noreply.github.com>
Co-authored-by: Ruitao Li <49292515+FlowingCloudRTL@users.noreply.github.com>
Co-authored-by: MelodyZhangYiqun <yiqunz@andrew.cmu.edu>
Co-authored-by: Brandan Chen <bychen@andrew.cmu.edu>
Co-authored-by: Emilie Zhou <54161959+ez157@users.noreply.github.com>
Co-authored-by: Tom <tom.roussel@esat.kuleuven.be>
* hotfix: hardcode list of currencies to workaround failing API calls
See https://github.com/spiral-project/ihatemoney/issues/1232 for a discussion on currencies
* Temporarily disable some currency operations to prevent crashes
Here is what is disabled:
- setting or changing the default currency on an existing project
- adding or editing a bill with a currency that differs from the default
currency of the project
---------
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
- replace setUp/tearDown with pytest fixtures
- rename test classes to use the pytest convention
- use pytest assertions
Co-authored-by: Glandos <bugs-github@antipoul.fr>
Adds two configuration parameters that are passed to
generate_password_hash:
- PASSWORD_HASH_METHOD
- PASSWORD_HASH_SALT_LENGTH
The unit tests use high-speed low-security values and
gain 50% speed.
Also move the "invitation link" option first, because it's the preferred
way to give access to people that only need to handle participants and
bills.
Sharing the identifier and private becomes the last option, because it
gives full access to changing settings.
This is something we had documented in our security documentation [1], but
we didn't actually do it...
As mentioned in [1], this has good security properties: you can invite
somebody with an invitation link, and they will be able to access the
project but not change the private code (because they don't know the
current private code).
This new check also applies to all other settings (email address, history
settings, currency), which is desirable. Only somebody with knowledge of
the private code can now change these settings.
[1] https://ihatemoney.readthedocs.io/en/latest/security.html#giving-access-to-a-project
`self.assertTrue(200, resp.status_code)` style are always True
and thus are useless. It looks like the original author wanted
`self.assertEqual` there instead.
Bills with an amount of zero may be useful to remember that a transaction
happened on a specific date, while the amount doesn't matter.
I use that with per-year projects when a reimbursement happens in year N
but is relative to year N-1: I record it with an amount of zero in the
project of year N, and with the real amount in the project of year N-1.
Besides, it's already possible to create such bills: while "0" is refused,
"0.0" is accepted. There are no visible issues with this kind of bills.
This is only needed for unsecure spreadsheet applications (hi Google Docs and MS Excel) that load formulae by default.
See https://owasp.org/www-community/attacks/CSV_Injection for some mitigation explanation. This is not complete, but it should be OK for now.
