1) added better validation across all user input both for the operator of Attendize and end user.
2) Remove html from translations so {{ }} can be used instead of {!! !!} as its more secure.
> Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length. All printing ASCII [RFC 20] characters as well as the space character SHOULD be acceptable in memorized secrets. Unicode [ISO/ISC 10646] characters SHOULD be accepted as well. To make allowances for likely mistyping, verifiers MAY replace multiple consecutive space characters with a single space character prior to verification, provided that the result is at least 8 characters in length. Truncation of the secret SHALL NOT be performed. For purposes of the above length requirements, each Unicode code point SHALL be counted as a single character.
https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
1. After we have save the order to the database forget the session.
2. Firing events to create and send tickets should only be done after the we have saved the order to the database
Going forward Attendize will only support Stripe and Paypal as defaults. In future we will add instructions on customising Attendize with your own payment gateway.
1) Changed method call from lists to pluck.
2) Use set put instead of session set.
3) Removed references to artisan optimize command.
4) Added additionl check to base controller if auth user not set redirect to login.
5) Flush the session on logout.
6) Updated Event and Route service providers to work with Laravel 5.6.
7) Added new default logging config file.
8) Bump PHP versions from 7.0.30 to 7.1.20.
9) Added missing translations.
10) Fixed some issues with the templates.
1) Added Javascript partial so display and hide of the Charge Tax functionality can be shared.
2) Moved @yield head for the the master without menus layout to the correct place. Using jQuery functionality @head anywhere wouldn't work as the library was included afterwards.
3) Moved the question for organisers about Tax and the labels for tax fields to the language file.
1) When Taxed is charged display it on the various views where tax should be displayed. Orders Listing Page, Orders Summary page.
2) Use the Order service to display correct values in emails and views.
1) Omnipay doesn't accept decimals with more than a precision of 2.
2) Once order is created organiser_booking_fee is the correct value to use else use total_booking_fee
3) Controller makes use of OrderService instead of Order Model
1) Surfaced more logic from from views into service.
2) If charge_tax is set in database tax is charged.
3) Made the name of the Order service OrderService so its not confused with the Order Eloquent Model.
4) Move order totalling logic in to Service and call service where necessary.
1) Added new field to the organiser model called charge_tax. Added the migration for this.
2) Renamed tax fields columns in the database to be the same as the other organiser fields for consistency.
3) Added charge_tax option to the various organiser create and edit pages.
4) Have re-enabled some tests and used the @group passing label so we can start running tests for the various parts of the applicaiton.
1) Added additional edge case for installer that I missed.
2) Reference class via use statement and correct namespacing.
3) If we are using the docker environment set certain defaults from environment variables instead of hardcoding.
1) If a user tested the database connection previously it worked no matter what they entered into the form. Fixed logic to return error message based on whether database exists or not.
2) If a user enters valid text data into the database connection fields but the database doesn't exist fail gracefully.
1. If Attendize is already installed don't throw an Unauthorized 403 error but instead ask user to create default account or login if default account already created.
2. Added defaults to the install process for database connection so if user gets to install page and hits install will use default database values.
3. Added basic validation on database connection details. If the details where empty previously allowed user to submit form.
1. Added csrf token to form on install. This was causing Laravel to throw an error as no CSRF token was present.
2. During the install process default to MySQL as the default database.