* get weight sum along with bills to scale
otherwise, we need to get the weight sum for each displayed bill.
Here, we are much more scalable
* add test
* format
* remove unused import
* oops, restore pagination to 100
* add comments
* format
* rename method to make it clearer
And also, make it static, since it doesn't rely on instance.
* improve comments and naming
* improve naming
* missing article
* Change the way we import datetime
This makes it easier to use datetime.date later.
* Display monthly statistics for the range of months where the project was active
Currently, we display a hard-coded "one year" range of monthly statistics
starting from today. This generally is not the intended behaviour: for
instance, on an archived project, the bills might all be older than one
year, so the table only displays months without any operation.
Instead, display all months between the first and last bills. There might
be empty months in the middle, but that's intended, because we want all
months to be consecutive.
If there are no bills, simply display an empty table.
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
* Do not require a captcha when using the API
This was trickier than expected, due to some side effects : when the
captcha is set to `True` via configuration, it doesn't change the
behavior directly of the ProjectForm class, but does so only when the
project form is used in the `web.py` module.
So, when just using the API (and not using the web.py module, for
instance during tests — manual or functional), no problem was shown,
and everything was working properly.
But at soon as somebody sees the "/" endpoint, the captcha was
required, by both the API and the `web.py` module.
This fixes it by adding a way to bypass the captcha with a new
`bypass_captcha` property on the form.
Prior to this commit, things were done by activating or deactivating a
"captcha" property on the class on-the-fly, which caused side-effects.
This is now using subclasses, which makes the code simpler to
understand, and less prone to side-effects.
Thanks @zorun for the idea.
Fix#780
This a breaking change, the API for authentication is different, as it now requires `project_id`. Token is generated with only the project_id (so it's shorter than before), and signature is done by mixing password with secret key. Thus, it expires on every project code change.
This mock was already applied to all tests, because it was done statically
in the TestCurrencyConverter class definition. But it was really not
clear that it's applied everywhere.
Moving this to the setUp() function makes it much clearer.
Also, remove useless redefinition in other tests.
Most of the tests are using a separate database, but we have a few tests
that are loading default values and are writing to /tmp/ihatemoney.db.
This is annoying because it's also the database used for development:
running the test suite breaks the dev database.
To fix this, always use a separate testing database to avoid interference.
Co-authored-by: Alexis Métaireau <alexis@notmyidea.org>
Currency switching is both simpler and less powerful. This was done primarily for users, to have a clear and logical understanding, but the code is also simpler. The main change is that it is now forbidden to switch a project to "no currency" if bills don't share the same currency.
Also, tests assume that projects are created without currency, as in the web UI.
In one case, we were not catching a family of possible exceptions
(socket.error), and in the two other cases there was no error handling at
all. Sending emails can easily fail if no email server is configured, so
it is really necessary to handle these errors instead of crashing with a
HTTP 500 error.
Refactor email sending code and add proper error handling.
Show alert messages that tell the user if an email was sent or if there
was an error.
When sending a password reminder email or inviting people by email, we
don't proceed to the next step in case of error, because sending emails is
the whole point of these actions.
This fixes#607 and add a test case for this bug.
It also renames participants in test cases to avoid alphabetical ordering.
Inserting participants in alphabetical order is a special case, because ordering by ID will be the same as ordering by name. This is a bad idea in test cases, as #607 has shown.
Now each project can have a currency, default to None.
Each bill can use a different currency, and a conversion to project default currency is done on settle.
Fix#512
Currently the string representation of a Bill is: "<amount> for <description>"
It is used in the History Page to describe changes that were applied to
Bills, for instance:
Bill "42.0 for Test" renamed to "Another Test"
This is inconsistent, not easy to read, and the "for" in the middle is not
translatable.
To solve this issue, simply switch the string representation of a bill to
its description.
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
* Fix user-facing string and update translation catalog
In the flash message confirming member creation, change "member had been
added" into the correct form "member has been added".
No translation has been changed. Some translators seem to have already
spotted the mistake while translating, but I can't tell for all languages.
* Change "Person" to "Participant" in history view
Currently, the main user-facing term is "Participant", as seen for
instance in the "Add participant" form. "Person" is not used anywhere in
the interface.
See #302 for a more general discussion on choosing the right terminology.
* Fix obsolete translations.
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
Co-authored-by: Rémy HUBSCHER <hubscher.remy@gmail.com>
Co-Authored-By: Glandos <bugs-github@antipoul.fr>
All project activity can be tracked, using SQLAlchemy-continuum.
IP addresses can optionally be recorded.
* Align tables in statistics
The table in sidebar is now aligned with the one in content, to avoid
redundant informations.
All tables are back to normal on small devices.
* fix test
* run black on tests
* Update models: Bill.pay_each()
* Import sql func
* reformatted using black
* Added ModelsTestCase.test_bill_pay_each() in order to test the SQL query change within pay_each.
Had to add Project.ProjectQuery.get_by_name() for the test.
Fix#417
* New tab upload
* Extract data from JSON
* Add users
* Black format
* Try to add bill
* Import bills
* Add french translation msg
* Black reformat missing
* Deactivated users are supported
* Test import
* Remove temp file in upload_json()
* Incomplete tests
* tests import
* Update ihatemoney/translations/fr/LC_MESSAGES/messages.po
Co-Authored-By: Rémy HUBSCHER <hubscher.remy@gmail.com>
* Remove useless variable and check json format
* Use String.IO and test for wrong json
* Remove coma
Co-authored-by: Rémy HUBSCHER <hubscher.remy@gmail.com>
I don't know why, but on my setup (nginx + uwsgi), the `strict_slashes` (default to `True`) was causing an infinite loop.
I think it could be safely removed for this route only.
Clearer data structure, and simpler template
This commit has a side effect: sidebar now hides disabled members.
IMHO, the disabled members should either be hidden or shown consistently between
sidebar and central table. Previous status was: shown in sidebar (if balance ≠
0) and hidden in central table.
* Rename manage.ConfigTemplate → manage.GenerateConfig
To be consistent with the CLI name: `generate-config`.
* Add tests for manage.py commands
* Run tests from pip-installed package
To be able to detect packaging-related issues on test runs.
refs #305
* Fix PUT api/project/:code/members/:id
Before that commit, every PUT *must* change the name of the members, so that was :
- no idempotence,
- no ability to change only weight
fix#295
* Remove redundant comment
* Use token based auth in invitation e-mails
Invitation e-mails no longer contain the clear
text project password
* Skip invite page after project creation
- Replace ``The project identifier is demo, remember it!``
by ``Invite other people to join this project!``
(linking to the invite page)
- Encourage users to share the project password via other
communication means in the reminder email
* Fixed exposed password in session
The project password was set in clear text
in the session cookie. The cookie payload is
only base64 encoded so it must not be used to
store private information. The password is
simply replaced by a boolean.
* Simplify authentication logic
* Update to a more flexible admin authentication
* Admin can now access any project
* Add delete and edit options in the dashboard
* Add a link to the dashboard in the nav bar
This is a rework of the changes proposed by @Olivd, so they can apply on top of
the latest master without trouble. All credit goes to him for the code.
* Protect admin endpoints against brute force attacks
Add a throttling mechanism to prevent a client brute
forcing the authentication form, based on its ip address
Closes#245
* Reset attempt counters if they get memory hungry
In flask's development server, the route handlers
run in a different thread than the main thread
thus an in-memory database created in the main thread
cannot be acccessed by the route handlers.
Switching the default database location to a temporary
file solves the isssue.
See full explanation here:
https://gehrcke.de/2015/05/in-memory-sqlite-database-and-flask-a-threading-trap/
* Use absolute imports and rename package to ihatemoney
* Add a ihatemoney command
* Factorize application creation logic
* Refactor the tests
* Update the wsgi.py module with the new create_app() function
* Fix some styling thanks to Flake8.
* Automate Flake8 check in the CI.
