Help Centre Forum

TOTECS Forums

TOTECS Platform Release 18.01

Author
Thread

Author moderator
26th March 2024

New Features


TOT-4290 - Send out email notification when daily overall project server traffic amount exceeds a specified threshold

There is now the ability to send out a notification email when the overall daily amount of server traffic across a project's websites exceeds a specified number of dynamic server requests. This allows administrators of a project to be aware when a larger amount of traffic is accessing their websites. This then allows administrators to then check that the traffic they are receiving is expected, or if not raise awareness of the unwanted traffic.

Within the Administration Centre, under the Stores menu, within the General store settings interface a new setting has been added labelled "Send Email Notification Server Traffic Exceeds Daily Request Count". For the setting if it is set to a positive number, then each night a check will be made to see if the total number of dynamic server requests made across the project's websites for the previous day exceeds the number specified. If number of requests exceeds the threshold then an notification email advising of the larger amount of traffic will be sent to the email address set within the Organisation settings tab, in the Admin Email setting.

Functionality Affected:  General Stores Settings administration centre interface
Impact: Normal


Improvements


TOT-4199 - Format hooks to allow users to update the name and description of baskets within a Basket Selection content managed webpage area

On a content managed web page containing a Basket Selection content managed web page area, for each basket record displayed within the area, there is now the ability to update the name or description of each basket listed. The capability is only available if the user is set as a sales representative, and they are assigned to a facility permission role that has the "View All Customer Accounts" or "View Sales Representative Briefcase section" permissions set to allow, and the user created the basket.

Within the Basket Selection content managed web page area, the Basket Selection Record area format the following format hooks have been added to allow a user to update the name, and/or description of a basket:

  • update_basket_detail_onclick: javascript function that calls for the details of the basket to be updated.
  • basket_record_name_input_id: ID of the HTML element that is a textbox input containing the name of the basket,displays allowing it be updated. Place inside the ID attribute of a text form input.
  • basket_record_description_input_id: ID of the HTML element that is a textbox input containing the name of the basket,displays allowing it be updated. Place inside the ID attribute of a textarea or textbox form input.
  • basket_record_allow_update_basket: Indicates if the user is allowed to change the details of the basket. Displays either Y or N

Functionality Affected:  Basket Selection content managed web page area
Impact: Normal


TOT-4272 - Show list of most project server requests by IP address or user Login ID within the Project Traffic Statistics Admin Centre interface

Within the Administration Centre, from the Statistics menu, within the Project Traffic Statistics interface, under the Monthly Project Traffic section, after the traffic has loaded in the section, a buttons labelled "View Most Requests By IP Address" now appears. When clicked on it will show a dialog and load statistics showing the top 500 most requests made by public IP address for the specified month. This can then be used to determine if the traffic is coming from legitimate users or not, or see where traffic is originating the most from. For each statistics record it will display the public IP address where the traffic originated, the total number of requests coming from the IP address, and a button labelled "Find Geographic Location". If the button is clicked on then it will open a browser tab to an external website that can look up the IP address and attempt to report the geographic location that is tied to the IP address. This may provide more information of the originator of the requester. Note IP addresses can be re-used and geographic location reported may not be true location of the requester.

Additionally within the Monthly Project Traffic section, after the traffic has loaded in the section, a buttons labelled "View Most Requests By User" now appears. When clicked on it will show a dialog and load statistics showing the most requests made by user Login ID for the specified month. This can then be used to determine the guest and logged in users who are generating the most server requests. For each statistics record it will display the user's Login ID, the total number of requests made by the user.

In both dialogs the statistics will be filtered based on the previous monthly search made. For example if requests have been filtered by a specific search engine, then the IP addresses reported will only show that match the search engine specified.

Functionality Affected:  Project Traffic Statistics administration centre interface
Impact: Normal


TOT-4285 - User Password, Login ID and Security Answer form field validation messages after key press within User Registration and User Details/Favourites/Orders content managed webpage areas

On a content managed web page that contains either User Registration area, when a user types values in the User Password, Login ID and Security Answer form fields, or within User Details/Favourites/Orders area enters a value in the New User Password and Security Answer form fields, there is now the ability to show to the user messaging or tailored content if the form fields do/do not pass the required form validation.

For passwords it can show if the password strength being entered is strong or not enough and contains the required length, numeric, special, upper and lower case characters, as controlled within the Administration Centre's User Settings. For Login ID and Security Answer form fields validation messages/content can be shown that the minimum number of characters has been entered. This additional form validation shown to the user can make it is easier for the user to understand the values required to be entered before submitting the form.

Within the User Registration content managed web page area's User Registration Form format the following hooks have been added:

  • password_new_validation_strength_element_id: ID of the HTML element that displays the current strength of the new password being entered. Set hook within the ID attribute of an element that has its class updated to show the current strength.
  • password_new_validation_strength_class_name: Initial class name to indicate the password strength of the new password field value being set.
  • password_new_char_count_valid_element_id: ID of the HTML element that indicates if the new password being set has minimum number of characters. Set hook within the ID attribute of an element that has its class updated to show if the password has the required length.
  • password_new_char_count_min_length: Number that indicates the minimum number of characters required to be set for the new password.
  • password_new_char_count_valid_class_name: Initial class name to indicate if the new password has the minimum number of characters in the new password.
  • password_new_number_char_count_valid_element_id: ID of the HTML element that indicates if the new password being set has minimum number of numeric characters within it. Set hook within the ID attribute of an element that has its class updated to show if the password has the required numeric characters.
  • password_new_number_char_count_min_length: Number that indicates the minimum number of numeric characters required to be set for the new password.
  • password_new_number_char_count_valid_class_name: Initial class name to indicate if the new password has the minimum number of numeric characters in the new password.
  • password_new_special_char_count_valid_element_id: ID of the HTML element that indicates if the new password being set has minimum number of special characters within it. Set hook within the ID attribute of an element that has its class updated to show if the password has the required special characters.
  • password_new_special_char_count_min_length: Number that indicates the minimum number of special characters required to be set for the new password.
  • password_new_special_char_count_valid_class_name: Initial class name to indicate if the new password has the minimum number of special characters in the new password.
  • password_new_upper_case_char_count_valid_element_id: ID of the HTML element that indicates if the new password being set has minimum number of upper case characters within it. Set hook within the ID attribute of an element that has its class updated to show if the password has the required upper case characters.
  • password_new_upper_case_char_count_min_length: Number that indicates the minimum number of upper case characters required to be set for the new password.
  • password_new_upper_case_char_count_valid_class_name: Initial class name to indicate if the new password has the minimum number of upper case characters in the new password.
  • password_new_lower_case_char_count_valid_element_id: ID of the HTML element that indicates if the new password being set has minimum number of lower case characters within it. Set hook within the ID attribute of an element that has its class updated to show if the password has the required lower case characters.
  • password_new_lower_case_char_count_min_length: Number that indicates the minimum number of lower case characters required to be set for the new password.
  • password_new_lower_case_char_count_valid_class_name: Initial class name to indicate if the new password has the minimum number of lower case characters in the new password.
  • security_answer_char_count_valid_element_id: ID of the HTML element that indicates if the new security answer being set has minimum number of characters set. Set hook within the ID attribute of an element that has its class updated to show if the new security answer has the required number of characters.
  • security_answer_char_count_min_length: Number that indicates the minimum number of characters required to be set for the new security answer.
  • security_answer_char_count_valid_class_name: Initial class name to indicate if the new security answer has the minimum number of characters required.
Similar hooks have been added within User Details/Favourites/Orders content managed web page area's User Detail Form format that allow password and security answer validation to be embed.

Functionality Affected:  User Registration and User Details/Favourites/Orders content managed web page areas
Impact: Normal


TOT-4287 - Product pack pricing format hooks always display pack pricing within the Product Detail content managed web page area

On a content managed web page area containing a Product Detail area, if the area is displaying a product that contains a pack quantity greater than 1, then currently if the project's "Show Total Pack Price For Products" setting is set to OFF, then within the area's pack pricing format hooks will now always display the product's individual pack pricing.
This ensures that the setting has no bearing of pack pricing behaviour displayed in Product Search Results Listing, Category Listing, and other product listing areas for pack pricing displayed in Product Detail areas.

Functionality Affected:  Product Detail content managed webpage area
Impact: Normal


TOT-4288 - Upgrade Jquery library to version 3.7.1 for Image Viewer and Bulk File Uploader within the Administration Centre interface

On a content managed web page containing a Product Detail area that uses the Image Viewer, or within the Administration Centre, within the Product Images Import, Category Images Import, and Website Library Detail interfaces, for the image viewer and file uploader components, they both depend on using the Jquery library. The version of this library has been updated to version 3.7.1, that provides additional security and latest browser support, whilst dropping outdated browser support, as documented by Jquery in its version history.

Functionality Affected:  Product Detail content managed webpage area, Image viewer, Product Images Import, Category Images Import, and Website Library Detail administration centre interfaces
Impact: Normal


TOT-4289 - 2 Factor Authentication for users updating details, password or security question within the User Details/Favourites/Orders content managed web page area

After a user has logged into a content managed website, within a webpage containing a User Details/Favourites/Orders area, if a user wants to update their details, password, or security question and answer, there is the ability to force the user to verify that they are legitimate by sending a verification code to the email address associated to their user account. Once the verification code has been obtained from the email, then there is the ability to type the verification code back into the area, that allows the details, password or security question and answer to be updated if the correct verification code has been given. This protects against a security vulnerability, where if the user's session has been taken by a bad actor, the bad actor does not have the ability to change the user's password or security questions to lock out the legitimate user from logging in, unless the bad actor also has access to the email account as well. Note this 2 factor authentication is only be applicable if the user has email address set against their user account.

Within the Administration Centre, under the Users menu within the User Permissions interface, when viewing a Facility Permission Role, a new permission named "Use 2 Factor Authentication For User Details/Password Change" has been added. If set to Allow then any users assigned to the facility role will be required to send a verification code to their email address, if they try to update their user details, password, or security question and answer. By default this setting is set to Deny.

Within the User Details/Favourites/Orders content managed web page area, the User Detail format has had additional format hooks added to it to allow a Verification Code section to be added in 3 places for the Change User Details, Change Password, and Change Security Question and Answers features. Included in these verification hooks is the ability to hide or show the verification code sections based on if the user has permission to use 2 factor authentication. It also includes hooks that can be used to embed a button to trigger a User Verification Code to be emailed, then a textbox input hook where the verification code can be entered. A new format has been added to the area labelled "User 2 Factor Verification Code Email" that allows the User Verification Code email to have its message contents customised.

It is important to have the User Detail and User 2 Factor Verification Code Email formats correctly configured within the User Details/Favourites/Orders content managed web page area before turning on the "Use 2 Factor Authentication For User Details/Password Change" facility role permission, otherwise users won't have the ability to send out a verification code, or enter the code to allow their details to be updated.

Within the User Details content managed web page area format has had the following format hooks added:

  • user_detail_verification_code_input: HTML element that displays a textbox input used to provide a verification code needed to update user details
  • user_detail_send_verification_code_onclick: javascript function to trigger sending a verification code that confirms the user and is used to update the user details.
  • user_detail_save_element_id: ID of the HTML element to set within the ID attribute of an element used to hide or show elements to trigger updating the user details.
  • user_detail_save_class_name: Name of the css class that controls if elements that show or not to update user details can be saved or not. Displays either user_detail_save_Y or user_detail_save_Y
  • user_detail_show_verification_code_show: Displays either Y or N, based on if the user is required to send and input a verification code before being able to update user details.
  • password_new_verification_code_input: HTML element that displays a textbox input used to provide a verification code needed to change the user password.
  • password_new_send_verification_code_onclick: javascript function to trigger sending a verification code that confirms the user and is used to change the user password.
  • password_new_save_element_id: ID of the HTML element to set within the ID attribute of an element used to hide or show elements to trigger changing the user password.
  • password_new_save_class_name: Name of the css class that controls if elements that show or not to change the user password. Displays either user_detail_save_Y or user_detail_save_Y'
  • password_new_verification_code_show: Displays either Y or N, based on if the user is required to send and input a verification code before being able to change the user password.
  • security_answer_verification_code_input: HTML element that displays a textbox input used to provide a verification code needed to change the user security question and answer.
  • security_answer_send_verification_code_onclick: javascript function to trigger sending a verification code that confirms the user and is used to change the security question and answer.
  • security_answer_save_element_id: ID of the HTML element to set within the ID attribute of an element used to hide or show elements to trigger changing the security question and answer.
  • security_answer_save_class_name: Name of the css class that controls if elements that show or not to change the security question and answer. Displays either user_detail_save_Y or user_detail_save_Y.
  • security_answer_show_verification_code_show: Displays either Y or N, based on if the user is required to send and input a verification code before being able to change the security question and answer.
Within the User 2 Factor Verification Code Email format has had the following format hooks added:
  • user_verification_code: Verification Code that allows the user authorise changes to their user account.
  • website_domain', 'Protocol and domain of the website where the user verification code was triggered to be sent from.

Functionality Affected:  User Details/Favourites/Orders content managed webpage area
Impact: Normal


Bug Fixes


TOT-4281 - Website domain of content managed website incorrectly being replaced with [INVALID_FORM_VAR] within News/Blog Item Body field when Update button in Website Details administration centre interface is clicked on

After a user logged into the Administration Centre, then clicked on the Websites menu button, then the Websites menu item, within the Websites interface if they clicked on the domain of a content managed website, then within the Website Details interface if they clicked the Update Site button, it would incorrectly replace the domain of the website with [INVALID FORM VAR], instead of correctly replacing with the currency domain saved for the website.
Now within the Website Details interface if they click the Update Site button, it will now correctly replace the domain of the website with the latest domain saved for the website. This issue was caused by a programming error back in TOT-3594.

Functionality Affected: Website Detail administration centre interface
Impact: Normal


TOT-4286 - Settings fail to reload after being changed within the Area Settings dialog of the Enquiry Form content managed web page area within the Web Page Editor administration centre interface

After a user logged into the Administration Centre, clicked on the Websites menu button, then clicked the Websites menu item, from within the Websites interface, if they right clicked on a web page that contained an Enquiry Form area, then within the Web Page Editor, if the area's name is clicked to view its Settings dialog. If a enquiry form element is added, or its ordering is changed, the area settings failed to update. Additionally, when attempting to edit an enquiry form element and press update, the popup showed a processing message and did not close. Additionally javascript console errors appeared when changes were made. Note that all the changes can be seen when the popup is reopened.
Now within the Web Page Editor, if the area's name is clicked to view its Settings dialog. If a enquiry form element is added, edited, removed, ordering changed, or the enquiry form is renamed, the area settings window will correctly reload to show the updated settings. This issue was introduced when the Web Page Editor's All Areas administration centre interface was changed to load over the secure Administration Centre domain.

Functionality Affected: Enquriy Form content managed web page editor
Impact: Minor