Tags can now be added in the description of a bill, using a hashtag
symbol (`#tagname`).
There is no way to "manage" the tags, for simplicity, they are part of
the "what" field, and are parsed via a regular expression.
Statistics have been updated to include tags per month.
Under the hood, a new `tag` table has been added.
* Bill types added in Bill and Project Model, Implemented in BillForm
* import and export bill feature updated with bill type, tests modified to reflect the behavior
* eliminating unnecessary bill type
* typo fixed, test cases fixed for the current bill types
* button added
* settle button added
* new changes
* test cases added
* bchen-reimbursement
* tests for different bill types
* test cases fixed
* fixed reimbursement test case
* Replaced assertEqual with assert
* Fixed missing bill_type in unit tests
* Removed commented code
* Reverted unnecessary string edit
* Changed bill_type to an Enum
* Added test checking correct bill_type validation
* Fixed billtype displaying in all caps
* Removed 'Transfer' bill type
* Added migration rule and set default bill_type in alembic
* bill_type is now an optional parameter in the BillForm
* Use enum name instead of value as SQL server_default
SQLAlchemy uses the Enum names in the database, as the values could be
generic python objects.
https://docs.sqlalchemy.org/en/20/core/type_basics.html#sqlalchemy.types.Enum
* Removed bill type from the Bills html table
* Replaced string bill type with enum
* Made "Settlement" translatable
* Manually handle the new Enum creation
Alembic does not handle postgres Enums correctly, so we need to manually
generate the new enum type.
See https://github.com/sqlalchemy/alembic/issues/278
---------
Co-authored-by: Ruitao Li <ruital@andrew.cmu.edu>
Co-authored-by: MelodyZhangYiqun <98992024+MelodyZhangYiqun@users.noreply.github.com>
Co-authored-by: Ruitao Li <49292515+FlowingCloudRTL@users.noreply.github.com>
Co-authored-by: MelodyZhangYiqun <yiqunz@andrew.cmu.edu>
Co-authored-by: Brandan Chen <bychen@andrew.cmu.edu>
Co-authored-by: Emilie Zhou <54161959+ez157@users.noreply.github.com>
Co-authored-by: Tom <tom.roussel@esat.kuleuven.be>
Adds two configuration parameters that are passed to
generate_password_hash:
- PASSWORD_HASH_METHOD
- PASSWORD_HASH_SALT_LENGTH
The unit tests use high-speed low-security values and
gain 50% speed.
* get weight sum along with bills to scale
otherwise, we need to get the weight sum for each displayed bill.
Here, we are much more scalable
* add test
* format
* remove unused import
* oops, restore pagination to 100
* add comments
* format
* rename method to make it clearer
And also, make it static, since it doesn't rely on instance.
* improve comments and naming
* improve naming
* missing article
* Change the way we import datetime
This makes it easier to use datetime.date later.
* Display monthly statistics for the range of months where the project was active
Currently, we display a hard-coded "one year" range of monthly statistics
starting from today. This generally is not the intended behaviour: for
instance, on an archived project, the bills might all be older than one
year, so the table only displays months without any operation.
Instead, display all months between the first and last bills. There might
be empty months in the middle, but that's intended, because we want all
months to be consecutive.
If there are no bills, simply display an empty table.
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
Fix#780
This a breaking change, the API for authentication is different, as it now requires `project_id`. Token is generated with only the project_id (so it's shorter than before), and signature is done by mixing password with secret key. Thus, it expires on every project code change.
The previous query was working fine on sqlite and mariadb, but not on
postgresql :
return self.get_bills_unordered().group_by(Bill.original_currency).count() > 1
psycopg2.errors.GroupingError: column "bill.id" must appear in the GROUP BY clause or be used in an aggregate function
The failing SQL query was:
[SQL: SELECT count(*) AS count_1
FROM (SELECT bill.id AS bill_id, ...
FROM bill JOIN person ON person.id = bill.payer_id JOIN project ON project.id = person.project_id
WHERE bill.payer_id = person.id AND person.project_id = project.id AND project.id = %(id_1)s GROUP BY bill.original_currency) AS anon_1]
The problem is that sqlalchemy creates a subquery for postgresql, and the
internal query does not make sense.
GROUP BY is not actually useful, we simply need to count the number of
distinct currencies in the list of bills.
Co-authored-by: Alexis Métaireau <alexis@notmyidea.org>
Currency switching is both simpler and less powerful. This was done primarily for users, to have a clear and logical understanding, but the code is also simpler. The main change is that it is now forbidden to switch a project to "no currency" if bills don't share the same currency.
Also, tests assume that projects are created without currency, as in the web UI.
This was hidden by the CVE-2020-15120 issue: now that we no longer return
members from the wrong project, we need to handle the case where there is
nothing to return.
An authenticated member of one project can modify and delete members of
another project, without knowledge of this other project's private
code. This can be further exploited to access all bills of another project
without knowledge of this other project's private code.
With the default configuration, anybody is allowed to create a new
project. An attacker can create a new project and then use it to become
authenticated and exploit this flaw. As such, the exposure is similar to
an unauthenticated attack, because it is trivial to become authenticated.
This issue was caused by a wrong database queries in PersonQuery.
For more details, see https://github.com/spiral-project/ihatemoney/security/advisories/GHSA-67j9-c52g-w2q9
Now each project can have a currency, default to None.
Each bill can use a different currency, and a conversion to project default currency is done on settle.
Fix#512
Currently the string representation of a Bill is: "<amount> for <description>"
It is used in the History Page to describe changes that were applied to
Bills, for instance:
Bill "42.0 for Test" renamed to "Another Test"
This is inconsistent, not easy to read, and the "for" in the middle is not
translatable.
To solve this issue, simply switch the string representation of a bill to
its description.
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
Co-Authored-By: Glandos <bugs-github@antipoul.fr>
All project activity can be tracked, using SQLAlchemy-continuum.
IP addresses can optionally be recorded.
* Update models: Bill.pay_each()
* Import sql func
* reformatted using black
* Added ModelsTestCase.test_bill_pay_each() in order to test the SQL query change within pay_each.
Had to add Project.ProjectQuery.get_by_name() for the test.
An optional field has been added to the bill form to add a link to a real bill. A new action button allow user to see this bill. Breaking change with Bill model update for database, a migration is needed.
See issue #429.
* Use token based auth in invitation e-mails
Invitation e-mails no longer contain the clear
text project password
* Skip invite page after project creation
- Replace ``The project identifier is demo, remember it!``
by ``Invite other people to join this project!``
(linking to the invite page)
- Encourage users to share the project password via other
communication means in the reminder email
* Use absolute imports and rename package to ihatemoney
* Add a ihatemoney command
* Factorize application creation logic
* Refactor the tests
* Update the wsgi.py module with the new create_app() function
* Fix some styling thanks to Flake8.
* Automate Flake8 check in the CI.
