1. Fixed a bug that prevented using “login here” button on registration page. The link was wrong and it was updated (issue #22).
2. Fixed an issue where login in with wrong credentials would cause internal server error. “User” variable was not defined. Setting it as none before accessing it fixes the issue.
3. Fixed errors in the navigation bar that made it so that the profile page and logout page would not show up (no gitlab issue was made)
4. Edited the visual look for the website and added an background Image
5. Made sure that all of the pages used the base.html code so that they all had unified look
6. Added an multicurrency support to system
7. Made cost calculations for the final report
8. Made privacy issue assessment for the final report
9. Described the functionalities of the system to the final report
10. Evaluated how the system met the customer requirements for the final report
11. Evaluated the situation of half of the OWASP security risks for our system
12. Added localization support for the system with english and finnish languages
13. Solved an issue that would have shown direct error messages to the end user
Arno
1. Fixed the bug, that “access tokens” was displayed as heading on the addItem and listBid page. Probably caused by a copying mistake. Solved through text change.
2. Fixed the bug that adding of items does not work, when other image formats that .jpg are used. Solution: Pre-select.jpg files in image selection window and add instruction text. (Issue 19)
3. Considered bug #20 and #24. They reported that the bidding feature did not work. This is true as it was not implemented at the time the bughunt was conducted. This was also specified in the issue reporting instructions. Now the bidding feature is working.
4. Set the default page to listBid. This solves bug #23, which was reporting that the index start page does not have any functionality. We agree, and removed it because of that.
5. Bug #23 (default page has no functionality and cannot be used for navigation) was solved through the introduction of a navigation bar and the aforementioned setting of the listBid pages as the default page.
6. Removed the now unnecessary email input field from the addItem form. It was necessary to have it before the login feature was implemented to be able to save items.
7. Removed the no longer need /test page.
8. Added feature that a user cannot bid on their own items including an error message.
9. Solved security issues from static testing (e.g. password for testing and random variables are not used in views.py any more, try-catch construct improved). Static security testing does not return issues anymore.
10. Fixed a redirection bug from the register page to the login page. Now users are redirected to a valid URL.
11. Added current price and item image to auction section of profile page.
12. Implemented feature, that upon successful auction completion, the system informs the seller and the successful and unsuccessful buyers. For that the data model of bid and item were changed and _processed and _informed fields introduced.
13. Implemented a feature (frontend and backend) that enables users to enter the auction duration.
14. Created presentation and application demo plan.
15. Evaluated the second half of the OWAPs security risks for our system.
16. Fixed issues with tests for multi language support.
17. Added button on profile page with link token access page.
18. Presented presentation.
Rayan
on vacation
Top 5 security risks considered (from OWASP) https://owasp.org/www-project-top-ten/
Final OWAPs security risks consideration can be found in our final report.