[Merge] Merge develop into sdp-multitenant
#190
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SDP-902 - Release 1.0.0 to main
…ypes (#113) What API endpoint to get the verification types GET receiver/verification-types Why Add dropdown for choosing Verification Type when creating new disbursements on FE
…ndpoint. (#104) What Add sort and direction parameters to sort GET /users endpoint. Why Sort users according to query parameters.
* Update docker-compose-sdp-anchor.yml Had to remove depends_on entries from services in order to install. This error typically occurs when a service defined in a Docker Compose file attempts to extend another service that has depends_on attributes. According to Docker Compose's documentation, a service that uses depends_on cannot be extended. * Update docker-compose-frontend.yml Removed depends_on references. This error typically occurs when a service defined in a Docker Compose file attempts to extend another service that has depends_on attributes. According to Docker Compose's documentation, a service that uses depends_on cannot be extended * Update docker-compose-tss.yml Removed depends_on references This error typically occurs when a service defined in a Docker Compose file attempts to extend another service that has depends_on attributes. According to Docker Compose's documentation, a service that uses depends_on cannot be extended * Update docker-compose-frontend.yml Moves depends_on to main docker.compose. * Update docker-compose-sdp-anchor.yml Moves depends_on to main docker.compose. * Update docker-compose-tss.yml Moves depends_on to main docker.compose. * Update docker-compose.yml Moves 'depends_on' sections from service definitions to top-level docker-compose.yml https://docs.docker.com/compose/compose-file/05-services/#restrictions * Update docker-compose.yml Corrects typo in version number.
### What Add missing space when building the query ### Why The previous code was creating the string `%sGROUP BY...` instead of `%s GROUP BY`.
### What Make `POST /assets` idempotent. ### Why The previous implementation was causing a hassle with a partner that had seeded their database before using the frontend application.
### What
Add the client_domain when logging the message where the user with the {phone_number, client_domain} pair could not be found.
Also, updated a log from error to warn.
### Why
Better debuggability.
### What Update client_domain on Vibrant Assist from api.vibrantapp.com to vibrantapp.com. ### Why It was incorrect.
… on Disbursement's verification type (#116) Modify the SEP-24 flow to perform verification for an entered phone number based on the latest verification type. The current SEP-24 flow is hardcoded to only accept date of birth but we will have disbursement files that will include pin and national id, and the front-end will need to change to be able to parse those values.
…#130) What Implement a new endpoint PATCH /payments/{id}/status that allows the user to change the status of an individual payment Why UNHCR asked for the ability to cancel individual payments.
… an optional field (#131) - allow insert of optional field external_payment_id when performing a disbursement upload via /disbursement/{id}/instructions - allow retrieval of external_payment_id if it exists on a payment, otherwise omit field via /payments and /payments/{id}
…Password (OTP) Usage (#138) Add a disclaimer to the SMS message warning users about the risk of sharing their wallet registration OTP with a third party
What Log the user activity when updating users' info (updating roles, creating users through CLI). Why Security review.
- All password handlers already use the same pw validation utility function. Increased min pw length to 12 as we agreed. - Added as part of the same pw validation utility function the ability to determine whether the pw is too common resulting in a validation error. common_passwords.txt.gz contains a list of strings that meet our set of requirements out of this master list.
…on profile (#145) ### What Start logging important changes on user or organization profiles, for traceability. Here are the functions that are now being logged: - Changes made through `PatchOrganizationProfile` - Log message: `log.Ctx(ctx).Warnf("[PatchOrganizationProfile] - userID %s will update the organization fields %v", user.ID, nonEmptyKeys)` - Changes made through `PatchUserProfile` - Log message: `log.Ctx(ctx).Warnf("[PatchUserProfile] - Will update email for userID %s to %s", user.ID, utils.TruncateString(reqBody.Email, 3))` - Changes made through `PatchUserPassword` - Log message: `log.Ctx(ctx).Warnf("[UpdateUserPassword] - Will update password for user account ID %s", user.ID)` Also, refactored some tests. ### Why So we can better track changes made in user profiles or Organization profiles, for accountability.
… validation reqs (#147)
…nt (#146) What Adds a new field in disbursement table to save sms_registration_message_template Modies POST /disbursements to accept `sms_registration_message_template Modifies the send_receiver_wallets_sms_invitation_job to choose between disbursement level sms or default to organization sms if one isn’t defined. Changes GET /disbursements/:id to return the sms_registration_message_template For retries, we need to make sure that the template used is consistent. Why This was raised by UNICC. They need the ability to trigger disbursements for multiple organizations (initially two). They want to have a custom SMS per organization.
… to enforce MFA and reCAPTCHA (#150) ### What - Flip flag names ENABLE_MFA and ENABLE_RECAPTCHA to DISABLE_MFA and DISABLE_RECAPTCHA, because the default behavior is to leave them enabled. - If the network is set to pubnet and MFA or reCAPTCHA are disabled, return an error - Add a Secure Operation Manual section to the readme, with the following subjects: - MFA and reCAPTCHA - Approval flow - The importance of user management and using the right rolled (financial controller vs owner) ### Why To increase the security of hosts and operators.
…loading issues upon login (#152)
…rsement details (#151) Change `GET /disbursements` and `/disbursements/{id}` to include additional info about user who uploaded/created disbursement and user who initiated the disbursement if applicable. handlers now render response using `DisbursementWithUserMetadata` that contains the user info disbursement management service has additional method `AppendUserMetadata` that appends the user info to an existing `DisbursementWithUserMetadata` reference.
### What Use CI to make sure the helm README is up to date. ### Why We sometimes forget to update it.
### What Add `exhaustive` check to the CI, and fix the missing enum cases surfaced by this check. ### Why Go doesn't;t enforce enums to be exhaustive, so adding such a check guarantees that we're covering all the enum use cases properly.
…a Disbursement (#161) Add a extra validation step before transitioning disbursement to the `READY` status to check whether distribution account holds enough of target asset balance to fulfill any pending payments along with the payments on the target disbursement. Pending payments from other disbursements are any in the status -`PAUSED` -`READY` -`PENDING` and exclude those in any terminal statuses `SUCCESS`, `CANCELED` and `FAILED` as well as `PAUSED` since those types of payments can remain in that state indefinitely.
Release 1.1.0 to develop
### What Fix TSS's database amount precision to be compliant with the Stellar network amount precision. ### Why The database amount was configured to NUMERIC(10,7), which allows the maximum value of 999.9999999. This is not compliant with the Stellar network amounts though, which according with the [docs](https://developers.stellar.org/docs/fundamentals-and-concepts/stellar-data-structures/assets#amount-precision) supports numbers from 0.0000001 to 922,337,203,685.4775807.
…elop [Hot-fix] TSS amount precision (#176)
…4 registration flow
…4 registration flow ### What Hot-fix: re-add missing recaptcha script to HTML template in the SEP24 registration flow. ### Why It was removed in #152.
…ils/utils_test.go:47` ### What Attempt to fix intermittent error in `transactionsubmission/utils/utils_test.go:47` ### Why There are intermittent errors happening when acquiring the advisory lock, like https://github.com/stellar/stellar-disbursement-platform-backend/actions/runs/7790057714/job/21243057987?pr=172 for instance: 
marwen-abid
temporarily deployed
to
Anchor Integration Tests
GitHub Actions
Inactive
|
stellar-disbursement-platform-backend-preview is available here: |
marwen-abid
requested review from
marcelosalloum,
CaioTeixeira95,
ceciliaromao and
ziyliu
# Conflicts: # cmd/db_test.go # cmd/serve.go # cmd/serve_test.go # db/migrations/sdp-migrations/2023-12-18.0-alter-payments-table-add-external-payment-id.sql # db/migrations/sdp-migrations/2024-01-12.0-alter-disbursements-table-add-sms-template.sql # db/migrations/sdp-migrations/2024-02-05.0-tss-transactions-table-amount-constraing.sql # dev/docker-compose-sdp-anchor.yml # dev/docker-compose-tss.yml # dev/docker-compose.yml # go.list # go.mod # go.sum # helmchart/sdp/Chart.yaml # helmchart/sdp/README.md # helmchart/sdp/values.yaml # internal/data/assets_test.go # internal/data/disbursement_instructions.go # internal/data/disbursement_instructions_test.go # internal/data/wallets.go # internal/integrationtests/docker-compose-e2e-tests.yml # internal/serve/httphandler/disbursement_handler.go # internal/serve/httphandler/disbursement_handler_test.go # internal/serve/httphandler/forgot_password_handler.go # internal/serve/httphandler/forgot_password_handler_test.go # internal/serve/httphandler/login_handler.go # internal/serve/httphandler/login_handler_test.go # internal/serve/httphandler/payments_handler_test.go # internal/serve/httphandler/profile_handler_test.go # internal/serve/httphandler/user_handler.go # internal/serve/serve.go # internal/serve/serve_test.go # internal/services/disbursement_management_service.go # internal/services/disbursement_management_service_test.go # stellar-auth/pkg/auth/auth.go
marwen-abid
force-pushed
the
merge/20240210-merge-develop-mtn
branch
from
1ea9b7a to
e5d71ed
Compare
marwen-abid
temporarily deployed
to
Anchor Integration Tests
GitHub Actions
Inactive
|
stellar-disbursement-platform-backend-preview is available here: |
ceciliaromao
approved these changes
Feb 12, 2024
marcelosalloum
temporarily deployed
to
Anchor Integration Tests
GitHub Actions
Inactive
|
stellar-disbursement-platform-backend-preview is available here: |
marcelosalloum
approved these changes
Feb 12, 2024
ziyliu
approved these changes
Feb 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Mega Merge from
developtosdp-multitenantPlease review that your changes were ported correctly. We had to port some of the features, please review your feature and make sure it's ported correctly.
@ziyliu
@marcelosalloum
POST /assetsidempotent #122)client_domain#126)@ceciliaromao
@CaioTeixeira95