What's New in Version November 2014

Friday, October 31, 2014 by Karin Huber

The new version November 2014 (1.30) is downwards compatible to version March 2013 (1.10) and later. You can use all of these versions in a single account simultaneously.

Changes in the New Version

OAuth2 and OpenID Connect

This month we are announcing the next important step in our movement towards HTML and JavaScript: We present the first public preview of time cockpit's OpenID Connect endpoint for authentication and authorization. Until now, time cockpit has used a custom token format, custom authorization flow, etc. As always we open our own APIs for our customers, too. So with the change we present today, you can use the OpenID Connect standard instead. We also published an updated version of our OData Web API that can consume the tokens you get from the new authorization endpoint.

Read more ...

Improved Validation Consistency

Different operations in time cockpit use validation to ensure that entered data is correct before it is saved. Up until now there was an inconsistency between the validation results presented by forms in the UI and programmatic save operations. Additionally, the system behaved differently depending on if an entity has any enabled validation rules or not.

In this release we unified the behavior to be consistent in all cases. This change has an impact on not-nullable properties with additional considerations for text properties. The following matrix shows the previous and new behavior for programmatic operations.

Entity has Validation Rules Input Value Previous Result New Result
FALSE Null SQL Exception Validation Exception
FALSE Empty String OK Validation Exception
TRUE Null Validation Exception Validation Exception
TRUE Empty String Validation Exception Validation Exception

Please note that we no longer accept empty strings as valid values for not-nullable text properties. The UI always behaved like this but programmatic operations accepted such values if no validation rules were present on the model entity.

In addition to being more consistent in when exceptions are thrown we also improved the types of exceptions involved as we try to avoid directly surfacing SQL exceptions and using validation exceptions with end-user friendly messages.

Disabled SSL 3.0 Support

We have disabled SSL 3.0 support for the following websites to prevent POODLE attacks:

In this context we also have dropped support for time cockpit versions smaller than 1.10 (March 2013). If you are using an older version of time cockpit and want to use the web client, please contact us. We will gladly help you to upgrade to the latest version of time cockpit.

comments powered by Disqus