ekristensen / beer Goto Github PK

Gui lavet i Vue, så backend kun er et API, ingen html views.

CSS og JavaScript i package.json istedet for "binary" files.

Udvikle vue front end ift til test drevet udvikling: https://vuejs.org/v2/guide/unit-testing.html

Skift fra bootstrap til https://bulma.io/

Se også: #1

Ny feature til øl kasse system: efter 5 minutter så automatisk gå tilbage til forside fra highscore side og fortryd køb siden

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.3.1.min.js, jquery-3.1.1.min.js

jquery-3.3.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Path to vulnerable library: /beer/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js

Dependency Hierarchy:

• ❌ jquery-3.3.1.min.js (Vulnerable Library)

jquery-3.1.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Path to vulnerable library: /beer/public/js/jquery-3.1.1.min.js

Dependency Hierarchy:

• ❌ jquery-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 9474c8a1756a0b81ec4abea62a28e6d494cbb6ab

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

https://gist.github.com/azizshamim/660282 ?

Test missing for new summary view in /deposit page

Brug https://styleci.readme.io/docs/presets recommended preset.

https://github.com/Symplify/EasyCodingStandard er ikke godt. den laver en dårlig stil kode.

https://styleci.readme.io/docs/fixers

Test properly that purchases for products that are not active shows up in statistics. Also that products show up properly in the select list depending on there has been any purchases on that product, or that it is active. Remember room.statistics property for those who has opted out.

Øl regnskab: sikkerhed for API . Laravel interface til administration, fjern create view. Ryd om muligt op i koden. Lav godkendt ip tabel. Yderligere abstraktion: opret produkttyper; øl, cider og andet. Mulighed for særpriser.

Hvem har drukket mest øl, sodavand, cider, kaffe?

Hvem har drukket mest denne uge? Hvem er ugens "højdespringer"?

Ville være nice.

Husk TDD som altid!

Send mail ved for høj gæld. Husk at bruge TDD. Intet nyt uden en test kræver det!.

Max en mail dagligt.

Docstring i PHP

Wiki-agtig dokumentation af interfaces og intentioner med API, og hvert view. Hvad de gør, hvorfor og hvad man kan forvente af dem.

http://phpdocu.sourceforge.net/howto.php

https://docs.phpdoc.org/getting-started/your-first-set-of-documentation.html

A lot of the integrations are old and no longer works. E.g. travis.

Remember to do some day...

Skriv en test som sikre rate limit til køb af ting virker (API rate limit, og login rate limit+lockout)

Redirect to the path specified in the LoginController.

Is your feature request related to a problem? Please describe.
The problem is that one who would never buy a product (e.g. beer) can buy it by accident if someone else presses the purchase button for the wrong room. They would like this action to be prevented.

Describe the solution you'd like
Have the option to deny purchases for a product on a room basis.

Describe alternatives you've considered
I've looked at https://github.com/spatie/laravel-permission , but maybe that is too much compared to doing something on your own. It could be each room gets a purchase group/permission group. As per default you can buy everything, maybe this expanding the concept of a room being active or not. If a room need a whitelist/blacklist of products they are assigned to a group that requires that.

Additional context
It is a optional feature, and shouldn't make the code unnecessary harder to understand. There is a clear opportunity to play with middlewares. No changes in the GUI are required as it'll report error if any is present. The backend only needs to present a proper error for the frontend to be updated.

Travis CI erstat:

• Code coverage, only accept 100%: https://codecov.io/gh/eKristensen/beer
• Code complexity, does the number of tests match the number of required tests? https://www.codementor.io/etharalali/code-coverage-metrics-cyclomatic-complexity-71n4rrs4r
• StyleCI: https://github.styleci.io/repos/123131937
• Code integrity, classes, variables, syntax and other: https://scrutinizer-ci.com/g/eKristensen/beer/?branch=master
• License scan: https://app.fossa.io/projects/git%2Bgithub.com%2FeKristensen%2Fbeer/refs/branch/master/e720cac1788727dbe2afc2c37abce0a499dc4b70/preview
• Sikkerhed: GuardRails, snyk.io, dependabot.com

Afvis build med TravisCI hvis style, codecoverage eller sikkerheden er påvirket negativt.

Deploy ny version af applikationen via git til server. Overvåg om deployment virker, se:

• https://gist.github.com/nickbclifford/16c5be884c8a15dca02dca09f65f97bd
• https://oncletom.io/2016/travis-ssh-deploy/
• https://docs.travis-ci.com/user/deployment
• https://docs.travis-ci.com/user/deployment/custom/
• http://dev.topheman.com/continuous-deployment-with-travis-ci/

Makerfile for at gøre det nemt at opdatere, formattere kode, bygge npm etc etc.

https://laracasts.com/series/learn-vue-2-step-by-step/episodes/29?autoplay=true det der room->beer->create istedet fore where user id1 passer og alt muligt. lav github issue!

Beregn hvornår kaffemaskine skal påfyldes og send mail eller vis besked på skærmen over køleskabet.

Describe the bug
Tests passes despite product not being assigned properly.

To Reproduce
Steps to reproduce the behavior:
If 'product' => $product->id, is removed from routes/api.php the tests still passes.

Expected behavior
The tests are expected to fail if the function does not do as expected.

Additional information
Product is stored as a string in purchases table...

Mathis ide: Køb 1 eller mer. Ved mer kommer der en boks hvor der kan trykkes + og -, herefter ok for at købe det antal. Samme med refundering? gør det muligt at lave den delvis? Patrick: hvorfor ikke bare se saldo istedet for tryk på tjek nødvendigt?