issues
search
jbrun001
/
roombooking
Creative Commons Zero v1.0 Universal
1
stars
0
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
production and dev differences. tinymce not rendering. due to no doctype in content from production server but doctype is in content from dev servers and the code is the same.
#47
jbrun001
opened
5 months ago
12
Planet scale hobby tier is closing down on 9 April which is the deadline for the project. The database will need to be moved before we submit the project.
#46
jbrun001
closed
5 months ago
11
Change the way that risk assessment approval is saved. currently the fields are binary so 1 is approved and 0 is rejected, and null is not reviewed. This is in both booking and risk_assessment. These binary fields should be changed to risk_assessment_status, with 3 options. "Risk Assesment Approved", "Risk Assessment Rejected, and "Not Reviewed". Not reviewed would appear alphabetically before the others if you sort on this field. Also in risk assessment there is a field called approved_by and this should really be reviewed_by..
#45
jbrun001
closed
5 months ago
1
Security. Week 9 Security Review. Full application test because v0 has been reached. Document in google doc, create backlog issues from report, upload full report to git.
#44
jbrun001
closed
6 months ago
0
Security. v0 aggressive test. Low. X-Content-Type-Options Header Missing. It looks like for images served from the /media and the css served from the /styles location there is no content type set or it isn’t set to ‘nosniff’. Research is required to see if a content header can be set for this folders which when used are accessed via / in the application. Examples are styles.css. person-green.png etc, but no pages
#43
jbrun001
closed
5 months ago
2
Security. v0 aggressive test. Low. Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s). This issue is because express adds “X-Powered-By: Express” into each header. Attempts have been made in the app.use part of app.js to block it, but these have not worked. There are 4 instances of this. May have to consider using helment to manage the headers rather than doing it manually.
#42
jbrun001
closed
5 months ago
1
Security. v0 aggressive test. Medium. Content Security Policy: script-src unsafe-inline. This has been flagged because javascript is allowed in the pages by the content security policy. The pages use javascript inline, so this will need to be considered and possibly the javascript will need to be moved to a folder on the server, and that folder be allowed via the content security policy. There are 42 instances of this flagged.
#41
jbrun001
opened
6 months ago
1
Security. v0 aggressive test. Medium. Content Security Policy: default-src 'none' is being flagged as a wildcard. There are 9 instances in the app. This setting tells the browser what the approved sources of content are. Because it is set to none, this is a risk. This needs altering and testing in the app.use section where the security headers are currently set. Evidence can be found by examining the headers of the page in developer tools > network in the browser when using the pages.
#40
jbrun001
closed
5 months ago
2
Security. v0 aggressive test results. Medium. Absence of Anti-CSRF tokens. 72 instances. A unique number or token should be generated and passed to the .ejs page so it can be submitted back with any FORM POST. When the response is received by the app.post route this number should be checked to make sure that it is the same number that was passed to the page. Research shows some routes to implement in node.js and express (CSRF tokens in ExpressJS — Node.js web framework | by Sikandar Khan | Medium) however we are using Ajax and we have inline javascript. This issue is evidenced because the form html elements don’t have a unique token in them, an example of one form would be the form that posts to login-check in the / route, but it applies to ALL forms in the application.
#39
jbrun001
opened
6 months ago
2
Security Testing: SQL injection attack possible by posting to login-check. If you post admin@123.com" AND "1"="1" -- as the email field in the post body it will get executed in mysql. you can't enter this data on the login form because there is a requirement for it to be formatted as an email.
#38
jbrun001
closed
6 months ago
0
Bookings-list. Add risk assessment approved status to the bookings-list data – so the user can see if the booking has had the risk assessments approved.
#37
jbrun001
closed
6 months ago
0
NEEDS GROUP FEEDBACK Requirement R4. 9. Users and coordinators are both notified of successful booking requests: bookers are notified of confirmation and denial
#36
jbrun001
opened
6 months ago
0
NEEDS GROUP FEEDBACK add-booking / edit booking. requirement R4 6. Template risk assessments for society leaders. common options should be given as choices and drop downs/tick boxes
#35
jbrun001
closed
5 months ago
2
NEEDS GROUP FEEDBACK bookings-list. R4 requirement 5. Users can edit a bookings that have been made, so they can be re-assessed by a coordinator.
#34
jbrun001
closed
5 months ago
0
booking-list. There should be a cancel booking button. This is part of R4 - item 3 requirements.
#33
jbrun001
closed
6 months ago
0
Edit-rooms-list. There should be a delete room button if you want to remove a room from the list
#32
sahas036211
closed
5 months ago
0
Make the picture URL in all list pages the same size as each other, a fixed size if the image is too big crop some out. Also make the image responsive
#31
jbrun001
closed
5 months ago
2
FAQ/Help is useful but needs styling.
#30
jbrun001
closed
6 months ago
0
Report bug link doesn’t do anything.
#29
jbrun001
opened
6 months ago
0
Credits. - Remove the list points from this with css, so the names are centered.
#28
jbrun001
closed
6 months ago
0
filter - - “here is the filter” on the top of the filter doesn’t seem professional, change it to something more professional and clear
#27
jbrun001
opened
6 months ago
0
register user. The password should have some complexity checks on it, at the moment any password can be entered.
#26
jbrun001
closed
6 months ago
0
approved list. Can there be an order by that orders this list by the most recently approved booking first. This would be the most useful order.
#25
jbrun001
closed
5 months ago
1
approved list. Not sure what "order by time" is. Can this button be named more clearly.
#24
jbrun001
closed
6 months ago
0
- Can there be a new order by button which orders by those bookings that have not been reviewed for risk assessment, with the oldest bookings first. This would be useful for users reviewing risk assessments.
#23
jbrun001
opened
6 months ago
0
requests list. - Can there be a new order by button which orders by those bookings that have had a risk assessment completed and then the oldest bookings first
#22
jbrun001
closed
5 months ago
0
Requests List. The status of the risk assessment is not shown in the item of data in the list. Add this so the coordinator can quickly see which have already been risk assessed.
#21
jbrun001
closed
6 months ago
0
requests-list. review booking text in the button doesn't look centered
#20
jbrun001
opened
6 months ago
0
add booking, view, booking. Buttons at the bottom of the page are not formatted correctly - also cancel booking on those pages, and edit booking on bookings-list
#19
jbrun001
closed
6 months ago
2
List pages. There is no quick way to reset the filter – can there be a button to reset the filter, so all list items show.
#18
jbrun001
closed
6 months ago
1
List pages. The filter is remembered if I go away from the page and come back, but the fields of the filter always start reset. This is confusing. Either reset the filter each time the user opens the page or populate the filter fields with the filter data.
#17
jbrun001
closed
6 months ago
1
Order by buttons on list pages should be alongside the heading and not taking up space below the heading, this would leave more space for the data list on each list page
#16
jbrun001
closed
5 months ago
0
login-success - can the list of buttons be in two columns not in 1
#15
jbrun001
closed
6 months ago
0
Requests-list shows no bookings available when you first go in, if you change a filter, like seating, it will show data. probably a problem with what happened if filter is blank, approved list doesnt have the same issue - so compare the route logic when there are no filters saved for requests-list
#14
jbrun001
closed
6 months ago
0
All pages add "Themes" a dark theme was suggested. Apply to all pages and have these selectable (in the menu bar perhaps?
#13
jbrun001
closed
6 months ago
0
Multiple places Remove all "success" pages that follow an insert or update pages - and res.redirect to another page
#12
jbrun001
opened
6 months ago
0
Bookings-list Add edit button to the list page, posts bookingId button only shows if edits can be made
#11
jbrun001
closed
6 months ago
4
view booking, edit-booking, review-booking, approved-list, booking-list, requests-list change view booking to not use get but a post so no data in the URL
#10
jbrun001
closed
6 months ago
0
add booking, view-booking, edit booking, booking-list, approved-bookings, requests-list display room.capacity and not number of seats requested. if want seats requested need to create new field in booking to hold this and pass the value of the slider when creating a booking
#9
jbrun001
opened
6 months ago
0
Add room / edit room mechanism to upload photos?
#8
jbrun001
closed
5 months ago
0
add two factor for login
#7
jbrun001
closed
5 months ago
0
put the filter part of the page in an include because it's the same each time
#6
jbrun001
closed
6 months ago
0
List pages: Filter - make the filter run each time the user changes a field (so the confirm button is not necessary - this is in bookings-list as a test, but hardcoded for this page, use javascript to get the current url and add “-filtered” on it in the code so the code is the same for all xxxx-list pages
#5
jbrun001
closed
6 months ago
0
Make all the list pages consistent - so remove bookings-list class / rooms-list classes and replace with list-data which will make all of the ajax the same for all pages
#4
jbrun001
closed
6 months ago
0
Change getRooms & get bookings so sql is parameterised (pass fields to change like the insertUpdate... functions)
#3
jbrun001
closed
6 months ago
0
rooms-list: Stop user being able to add bookings in the past
#2
jbrun001
closed
6 months ago
0
edit booking review-booking risk1 and risk2 user can enter more characters than the database field allows which is 200
#1
jbrun001
closed
6 months ago
1