Git Product home page Git Product logo

twig's Introduction

twig

Desktop software for bookeeping.

Language: Python 3.

twig's People

Contributors

rash805115 avatar

Watchers

avatar avatar

twig's Issues

Tree Menu no connecting lines

In the tree menu inside main view, there are no connecting lines between the directories and files. In windows these lines are shown, but not in mac. After few tests, its clear that the paint method of class Entity is never being called and hence no lines are drawn.

Add Filesystem dialog error

The add filesystem dialog => when a folder is selected, then then again the button is clicked to select the folder, a long error message is produced in mac. In windows no such error is seen. This does not generates any issues, its just annoying to have there.

2015-04-28 14:20:14.016 python3.4[488:13263] Unable to simultaneously satisfy constraints:
(
    "<NSAutoresizingMaskLayoutConstraint:0x10504eed0 h=--& v=-&- V:[_NSBrowserColumnsContainerView:0x11092f8b0]-(0)-|   (Names: '|':NSClipView:0x105345a50 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x10504ef20 h=--& v=-&- V:|-(0)-[_NSBrowserColumnsContainerView:0x11092f8b0]   (Names: '|':NSClipView:0x105345a50 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x110262470 h=--& v=-&- V:|-(0)-[FI_TBrowserColumnView:0x110946480]   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x110249250 h=-&- v=-&- V:|-(0)-[NSClipView:0x105345a50]   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102492a0 h=-&- v=-&- V:[NSClipView:0x105345a50]-(15)-|   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102686e0 h=--& v=--& V:[_NSBrowserScrollView:0x11090abb0(0)]>",
    "<NSAutoresizingMaskLayoutConstraint:0x110262420 h=--& v=-&- V:[FI_TBrowserColumnView:0x110946480]-(0)-|   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>"
)

Will attempt to recover by breaking constraint 
<NSAutoresizingMaskLayoutConstraint:0x110262470 h=--& v=-&- V:|-(0)-[FI_TBrowserColumnView:0x110946480]   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>

Set the NSUserDefault NSConstraintBasedLayoutVisualizeMutuallyExclusiveConstraints to YES to have -[NSWindow visualizeConstraints:] automatically called when this happens.  And/or, break on objc_exception_throw to catch this in the debugger.
2015-04-28 14:20:14.017 python3.4[488:13263] Unable to simultaneously satisfy constraints:
(
    "<NSAutoresizingMaskLayoutConstraint:0x1097f7ae0 h=--& v=-&- V:[FI_TBrowserColumnView:0x110272700]-(0)-|   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1097f7b30 h=--& v=-&- V:|-(0)-[FI_TBrowserColumnView:0x110272700]   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x10504eed0 h=--& v=-&- V:[_NSBrowserColumnsContainerView:0x11092f8b0]-(0)-|   (Names: '|':NSClipView:0x105345a50 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x10504ef20 h=--& v=-&- V:|-(0)-[_NSBrowserColumnsContainerView:0x11092f8b0]   (Names: '|':NSClipView:0x105345a50 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x110249250 h=-&- v=-&- V:|-(0)-[NSClipView:0x105345a50]   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102492a0 h=-&- v=-&- V:[NSClipView:0x105345a50]-(15)-|   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102686e0 h=--& v=--& V:[_NSBrowserScrollView:0x11090abb0(0)]>"
)

Will attempt to recover by breaking constraint 
<NSAutoresizingMaskLayoutConstraint:0x1097f7b30 h=--& v=-&- V:|-(0)-[FI_TBrowserColumnView:0x110272700]   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>

Set the NSUserDefault NSConstraintBasedLayoutVisualizeMutuallyExclusiveConstraints to YES to have -[NSWindow visualizeConstraints:] automatically called when this happens.  And/or, break on objc_exception_throw to catch this in the debugger.
2015-04-28 14:20:14.018 python3.4[488:13263] Unable to simultaneously satisfy constraints:
(
    "<NSAutoresizingMaskLayoutConstraint:0x11022dd80 h=-&- v=-&- V:|-(0)-[NSClipView:0x10975e020]   (Names: '|':FI_TBrowserColumnView:0x110260270 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x110223640 h=-&- v=-&- V:[NSClipView:0x10975e020]-(0)-|   (Names: '|':FI_TBrowserColumnView:0x110260270 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x110271c60 h=--& v=-&- V:[FI_TBrowserColumnView:0x110260270]-(0)-|   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1097cbfa0 h=--& v=-&- V:|-(0)-[FI_TBrowserColumnView:0x110260270]   (Names: '|':_NSBrowserColumnsContainerView:0x11092f8b0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x10504eed0 h=--& v=-&- V:[_NSBrowserColumnsContainerView:0x11092f8b0]-(0)-|   (Names: '|':NSClipView:0x105345a50 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x10504ef20 h=--& v=-&- V:|-(0)-[_NSBrowserColumnsContainerView:0x11092f8b0]   (Names: '|':NSClipView:0x105345a50 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x110249250 h=-&- v=-&- V:|-(0)-[NSClipView:0x105345a50]   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102492a0 h=-&- v=-&- V:[NSClipView:0x105345a50]-(15)-|   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102686e0 h=--& v=--& V:[_NSBrowserScrollView:0x11090abb0(0)]>"
)

Will attempt to recover by breaking constraint 
<NSAutoresizingMaskLayoutConstraint:0x110223640 h=-&- v=-&- V:[NSClipView:0x10975e020]-(0)-|   (Names: '|':FI_TBrowserColumnView:0x110260270 )>

Set the NSUserDefault NSConstraintBasedLayoutVisualizeMutuallyExclusiveConstraints to YES to have -[NSWindow visualizeConstraints:] automatically called when this happens.  And/or, break on objc_exception_throw to catch this in the debugger.
2015-04-28 14:20:14.019 python3.4[488:13263] Unable to simultaneously satisfy constraints:
(
    "<NSAutoresizingMaskLayoutConstraint:0x110249250 h=-&- v=-&- V:|-(0)-[NSClipView:0x105345a50]   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102492a0 h=-&- v=-&- V:[NSClipView:0x105345a50]-(15)-|   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>",
    "<NSAutoresizingMaskLayoutConstraint:0x1102686e0 h=--& v=--& V:[_NSBrowserScrollView:0x11090abb0(0)]>"
)

Will attempt to recover by breaking constraint 
<NSAutoresizingMaskLayoutConstraint:0x1102492a0 h=-&- v=-&- V:[NSClipView:0x105345a50]-(15)-|   (Names: '|':_NSBrowserScrollView:0x11090abb0 )>

Set the NSUserDefault NSConstraintBasedLayoutVisualizeMutuallyExclusiveConstraints to YES to have -[NSWindow visualizeConstraints:] automatically called when this happens.  And/or, break on objc_exception_throw to catch this in the debugger.

Tab order - Login Page

The tab order in the login page is messed up. Initially the focus is on the login button. Then pressing tab takes the focus to the username field and from there to the password field. However, the tab focus never comes back to the login button.

How is view changed ?

The main window has a drop down which lists all the views available. When the view is changed, the main window changes the view, as well as does some operations to emit the filesystem item changed so that the current filesystem is shown in new view.

The problem is in main_window.py change_view() function, the view does not refreshes the filesystem until I add the line self.view.setParent(self). I have no idea how this works and I just found this solution by accident. I would like to understand how to view change takes effect.

How to best protect access token

Twig has an inherent bug that can allow an attacker to gain access to access and refresh tokens. So why am I disclosing this? because I don't believe in security in obscurity.

Problem:
Its well known that any client side application (desktop, mobile, javascript) cannot hold a client secret given by google/facebook etc. Hence the oauth flow is a bit different for these machines. After you successfully get the access and refresh tokens, the issue is where to keep them. The problem of these devices not able to hold any embedded secrets is not solved (just transferred from google/facebook to the app developers). In mobile apps there are some solutions, but none of them mitigate the issue of an attacker reading the byte code and getting the secret. E.g. I store the secret in cloud, I have to embed the key in code to access cloud. Same goes for database. There is no way for a developer to securely store the secrets.

Temporary Solution:
So I did my best and came with this plan. I encrypted the secrets with "client secret" and stored them in a file. The client secret itself is embedded in the code. This way the secrets are not in plain text and is only vulnerable once someone hacks the binary and takes the client secret out to decrypt. So I have not mitigated any problem, just made it a bit harder for attackers. I justify myself in the fact that this is an open-source tool, free to all, and I don't ask much permissions - basic and email. Hence the attacker does not gain much even if they succeed.

Dialog close triggers error

After a dialog is closed - e.g. login dialog is closed, in mac it gives this error:

modalSession has been exited prematurely - check for a reentrant call to endModalSession:

This error does not raise any issue, its just annoying to have there. Works great in windows.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.