diff --git a/.vscode/launch.json b/.vscode/launch.json index 7c905164..2c3525c1 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -48,7 +48,7 @@ "AYANOVA_DATA_PATH": "c:\\temp\\ravendata", "AYANOVA_USE_URLS": "http://*:7575;", //"AYANOVA_PERMANENTLY_ERASE_DATABASE":"true", - "AYANOVA_SERVER_TEST_MODE": "true", + "AYANOVA_SERVER_TEST_MODE": "false", "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-8", //"AYANOVA_REPORT_RENDERING_TIMEOUT":"1", "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small", diff --git a/devdocs/todo.txt b/devdocs/todo.txt index 17b67c26..29d63efb 100644 --- a/devdocs/todo.txt +++ b/devdocs/todo.txt @@ -1,7 +1,21 @@ # now -give Joyce the go-ahead to email people -get back to docs completion + + +check scotts issue with iis, where did he likely go wrong what is he saying about localhost vs domain etc + +docs - Joyce is doing this already and will get back to me with changes + look into inserting numbers in steps in manual so we can refer to the number and say did you do number 4 or whatever the fuck. + Also image see where to put more images so people aren't confused + + + + +get back to docs completion + +Wednesday / thursday march 23/24th check this in chrome: https://search.google.com/search-console?resource_id=sc-domain%3Aayanova.com + looking for security issues + start in on QBI rockfish front end improvements, revocation, license link that does nothing?? product codes or feature options to include?? @@ -9,10 +23,6 @@ rockfish front end improvements, revocation, license link that does nothing?? is license versioned for format? -More beta testers, open it up to public beta - update forum first, remove in development text change to in beta and give a post with beta info where to get the manual and download etc - email to chunks of selected users daily / need to get going on this - stress can be hosted online rather than using in-house somehow, so email should have a top line sentence or two blurb of why they might be interested in it etc. Figure out how we can offer it for testing online? diff --git a/docs/8.0/ayanova/docs/adm-getting-started.md b/docs/8.0/ayanova/docs/adm-getting-started.md index de05fe70..18edc57f 100644 --- a/docs/8.0/ayanova/docs/adm-getting-started.md +++ b/docs/8.0/ayanova/docs/adm-getting-started.md @@ -6,15 +6,15 @@ We also have a [technical guide](ops-intro.md) to server operations and maintena Not all steps are necessary if they don't apply to your business and most of the items below can be modifed later as your needs change. -Here we will provide links to the help pages for each item rather than repeating the information in each step of this document. We encourage you to read up on each item's documentation page as you come to it if you are not already familiar with it from the evaluation process. +Here we will provide links to the help pages for each item rather than repeating the information in each step of this document. + +We encourage you to read up on each item's documentation page as you come to it if you are not already familiar with it from the evaluation process. ## Licensing -The first step in using AyaNova for real in production is obtaining and installing a license. +The first step in using AyaNova for production use is obtaining and installing a license. -Licenses are controlled from the Administration [license form](adm-license.md) in AyaNova. - -This form contains links to view, purchase and install an AyaNova license. +Licenses are controlled from the Administration [license form](adm-license.md) in AyaNova which contains links to view, purchase and install an AyaNova license. ## Change the superuser password @@ -30,10 +30,6 @@ Once AyaNova is licensed, if you log in as the superuser with the default passwo We have [specific guidelines](home-password.md#long-not-complicated) for the latest best practices in choosing a secure password and we encourage you to read about it and follow the advice written there in order to choose an easy to memorize, secure password that does not need to be written down or stored insecurely. -Do _not_ write down the superuser password on paper unless it's stored in a locked safe. - -Do _not_ store the password in a document or email it from any device with the sole exception being a secure password manager application which is designed to protect the data as it's entered from malicious software that might intercept it. - We also strongly recommend the use of [Two factor authentication](home-tfa.md), in particular with the superuser User but also with any User account with a Business Administration [role](ay-biz-admin-roles.md) which can be used to create Users or grant them higher permission levels. ### What if I lose my superuser password? diff --git a/docs/8.0/ayanova/docs/adm-license.md b/docs/8.0/ayanova/docs/adm-license.md index 0c4f9767..93e43861 100644 --- a/docs/8.0/ayanova/docs/adm-license.md +++ b/docs/8.0/ayanova/docs/adm-license.md @@ -6,7 +6,9 @@ The AyaNova license is stored inside the database so as long as you have a backu ## Trying out AyaNova -If you are trying out AyaNova for the first time this is the form the request an evaluation license key. See the [Trying out AyaNova](ay-evaluate.md) page for details. +If you are trying out AyaNova for the first time this is the form to request an evaluation license key. + +See the [Trying out AyaNova](ay-evaluate.md) page for details. ## Authorization Roles required @@ -28,7 +30,7 @@ From the `Administration` navigation pane select `License` navigation item. ### Unlicensed display -If the server can't find a license in the database then links are shown to begin a [trial evaluation](ay-evaluate.md), fetch a license key, purchase a license and a link to how to restore the database: +If the server can't find a license in the database then links are shown to begin a [trial evaluation](ay-evaluate.md), fetch a license key, purchase a license and a link to how to restore the database to use an existing license: ![unlicensed display](img/adm-license-unlicensed-display-options.png) @@ -46,7 +48,7 @@ See our [privacy policy](https://www.ayanova.com/privacypolicy.htm) for details. If you do not receive an email within 10 minutes something has gone wrong. Check your spam folder and if not found there it's possible we were unable to send to the address provided. Double check your email address you entered in the request form and try again one more time. -If you _still_ do not receive the email verification after a second attempt and the address is correct, try requesting again with an alternate email account preferrably on another domain if possible; sometimes we are unable to email the address provided due to spam or other filtering or temporary issues. +If you _still_ do not receive the email verification after a second attempt and the address is correct, try requesting again with an alternate email account preferrably on another domain if possible; sometimes we are unable to email the address provided due to upstream email provider spam or other filtering or temporary issues. Once you recieve the AyaNova trial request email verification message, click on the link contained within to confirm to our license server that your email address is valid. @@ -100,7 +102,7 @@ This is the date that the current support and updates agreement will expire. Aft #### Licensed options -This section shows the options selected for the current license include service technician user count and other options such as accounting integration. +This section shows the options selected for the current license including service technician user count and other options such as accounting integration. ##### Service technician Scheduleable users and licensing @@ -110,7 +112,7 @@ Service technician and sub-contractor type Users also known as "scheduleable use Only scheduleable users that are set to Active in their [User record ](adm-users.md) will consume a Scheduleable User / service technician license from the total count available as licensed. -Non scheduleable users such as administrators or office staff and inactive Scheduleable users will _not_ consume a license. +Non scheduleable users such as administrators or office staff and inactive Scheduleable users will _not_ consume a license and we encourage you to make as many non scheduleable Users as you need to ensure every user has their own unique account in AyaNova. ### Purchase button @@ -118,7 +120,7 @@ The `Purchase a license` button is provided as a direct link to the license purc ### Install button -The `Install license` button will trigger the AyaNova server to contact the license server and check for a new replacement license, if found it will automatically be installed. +The `Install license` button will trigger the AyaNova server to contact the license server and check for a new replacement license, if found it will automatically be installed. AyaNova will automatically check for replacement licenses on a regular schedule (if connected to the internet), this button just speeds up the process but is not necessary if a new license has been automatically issued when a purchase was made or a temporary license renewed. @@ -126,7 +128,7 @@ AyaNova will automatically check for replacement licenses on a regular schedule #### Copy database ID -This menu option will copy your database id to clipboard which may be required when communicated with technical support or sales to help identify your records in order to provide support. +This menu option will copy your database id to clipboard which may be required when communicating with technical support or sales to help identify your records in our system in order to provide support. #### Install license @@ -136,9 +138,11 @@ This is a duplicate of the functionality of the `Install license` button. This option is provided to permanently erase _most_ user entered data in the AyaNova database. -You will be prompted twice to make sure you really want to do this. This action can only be reversed by [restoring](ops-restore.md) from [backup](ops-form-backup.md). +You will be prompted twice to make sure you really want to do this. -Everything is erased **except** the following items: +***Erase database can only be reversed by [restoring](ops-restore.md) from [backup](ops-form-backup.md).*** + +Everything entered in AyaNova will be erased **except** the following items: - Global settings - Operations backup settings @@ -151,7 +155,9 @@ These items are kept as this feature is typically used when people are evaluatin ## Downgrading a license -If a replacement license is installed that has fewer service technicians that the prior license and the administrator has not disabled the extra service techncians first, AyaNova will automatically disable any excess service techs / scheduleable Users by setting their `Active` property to false in order to remain with the purchased license count. It tries to do this with the least disruptive way possible by favoring disabling in this order: +If a replacement license is installed that has fewer service technicians that the prior license and the administrator has not disabled the extra service techncians first, AyaNova will automatically disable any excess service techs / scheduleable Users by setting their `Active` property to false in order to remain with the purchased license count. + +AyaNova tries to do this in the least disruptive way possible by favoring disabling in this order: 1. disable subcontractors first over in-house service techs 2. users that have no login records (have never logged in to AyaNova) @@ -159,7 +165,9 @@ If a replacement license is installed that has fewer service technicians that th This attempts to not disable current active service technicians. -We recommend the administrator disable the excess service techs before downgrading the license to avoid any potential disruption. If a tech was automatically disabled that shouldn't be you can set another tech inactive and then set the de-activated tech back to active so they can continue working. +We recommend the administrator disable the excess service techs before downgrading the license to avoid any potential disruption. + +If a tech was automatically disabled to remain within the licensed limit that shouldn't be, you can set another tech inactive and then set the de-activated tech back to active so they can continue working. ## User count exceeded diff --git a/docs/8.0/ayanova/docs/home-password.md b/docs/8.0/ayanova/docs/home-password.md index 52cacac3..9cfc96af 100644 --- a/docs/8.0/ayanova/docs/home-password.md +++ b/docs/8.0/ayanova/docs/home-password.md @@ -22,11 +22,13 @@ You can click on the eye icon to conceal your entry from onlookers. Current (2022) security industry best practices around passwords focus entirely on length and not 'complexity' and AyaNova fully supports this by allowing very lengthy passwords and not requiring any special characters. -For the highest security ensure your password is **at minimum** 15 characters long or as long as you can comfortably remember without writing it down. +For an adequate level of security ensure your password is **at minimum** 15 characters long or as long as you can comfortably remember without writing it down. -We recommend using a lengthy but easily remembered phrase as a password, for example a song lyric or a line from a poem that is **at least** 15 characters or more of words is currently *extremely* difficult to hack by brute force methods. +#### Memorable -There is no security advantage in modern practice to using mixed case, unusual symbols or numbers in your password as brute force hacking techniques try all enterable characters anyway. +We recommend using a lengthy but easily remembered phrase as a password, for example a song lyric or a line from a poem that is **at least** 15 characters or more of words is currently _extremely_ difficult to hack by brute force methods. + +There is no security advantage in modern practice to using mixed case, unusual symbols or numbers in your password as brute force hacking techniques try all enterable characters anyway and it just makes the password harder to remember. It is more secure to have a lengthy password of plain alphabet text than it is to have a shorter one with a mix of numbers and characters. @@ -36,6 +38,18 @@ For example: this password `somewhereovertherainbowskiesareblue` is far more sec Make sure you have nothing personal in your password such as a relative or pet's name or relative's date of birth etc. +#### Properly secured from others + +Do _not_ write down your password anywhere unless it's to be immediately placed in a locked fire-proof safe. + +In the current climate of hacking and malware we recommend you do _not_ enter your password on any device for safekeeping, in particular do not email it or save it in a document either online or locally unless it's a dedicated password manager utility. Password managers have built in protection from malware interception when using their interface which does not exist in a Word document or an email. + +#### Backed up by Two factor authentication + +AyaNova has [built in support](home-tfa.md) for the current most secure form of Two factor authentication and we encourage you to use it for all users. + +In particular any User account that has the Business administration role (such as the built in superuser account) should be backed up with with two factor authentication codes as these roles are extremely powerful and can be used to easily circumvent security by assigning roles to other Users or creating entirely new Users. + ### Password manager Many people prefer to use a password manager utility and AyaNova supports password managers by allowing copy and paste in the password field, clearly identifying the fields on the login form as password type HTML field in the page markup so the password manager can detect it to autotype the values and including an "eye" icon that you can use to reveal or conceal the password as you enter it. diff --git a/docs/8.0/ayanova/docs/home-tfa.md b/docs/8.0/ayanova/docs/home-tfa.md index b7d4916b..f863da4e 100644 --- a/docs/8.0/ayanova/docs/home-tfa.md +++ b/docs/8.0/ayanova/docs/home-tfa.md @@ -29,7 +29,9 @@ A User with rights to edit other User accounts can disable TFA for any User from ## TFA Apps -There are many Two-Factor Authentication apps freely available for all device types. Here are some that have been tested with AyaNova specfically: +There are many Two-Factor Authentication apps freely available for all device types and AyaNova uses an open standard so any legitimate TFA app should work with AyaNova. + +Here are some TFA applications that have been tested with AyaNova specfically: - [DUO](https://duo.com/product/multi-factor-authentication-mfa/duo-mobile-app) - [Google Authenticator for iOS](https://apps.apple.com/us/app/google-authenticator/id388497605) diff --git a/docs/8.0/ayanova/docs/index.md b/docs/8.0/ayanova/docs/index.md index 6b886658..86aba9ea 100644 --- a/docs/8.0/ayanova/docs/index.md +++ b/docs/8.0/ayanova/docs/index.md @@ -24,4 +24,4 @@ Or check out our support forum [forum.ayanova.com](http://forum.ayanova.com/) --- -
Documentation version: 8.0.0-beta.2, Copyright © 2022 Ground Zero Tech-Works Inc.
+
Documentation version: 8.0.0-beta.2 REV A 2022-03-22, Copyright © 2022 Ground Zero Tech-Works Inc.
diff --git a/docs/8.0/ayanova/docs/ops-config-backup-pgdump-path.md b/docs/8.0/ayanova/docs/ops-config-backup-pgdump-path.md index 83c4e770..9e187bd4 100644 --- a/docs/8.0/ayanova/docs/ops-config-backup-pgdump-path.md +++ b/docs/8.0/ayanova/docs/ops-config-backup-pgdump-path.md @@ -45,6 +45,6 @@ Windows `set "AYANOVA_BACKUP_PG_DUMP_PATH=C:\Program Files\PostgreSQL\14\bin"` (not real) -Linux / MAC +Linux `export AYANOVA_BACKUP_PG_DUMP_PATH="/usr/lib/postgresql/14.1/bin/"` (not real) diff --git a/docs/8.0/ayanova/docs/ops-config-data-path.md b/docs/8.0/ayanova/docs/ops-config-data-path.md index 10e13060..40b96e9d 100644 --- a/docs/8.0/ayanova/docs/ops-config-data-path.md +++ b/docs/8.0/ayanova/docs/ops-config-data-path.md @@ -54,6 +54,6 @@ Windows `set "AYANOVA_DATA_PATH=c:\ProgramData\ayanova"` -Linux / MAC +Linux `export AYANOVA_DATA_PATH="/var/lib/ayanova"` diff --git a/docs/8.0/ayanova/docs/ops-config-default-translation.md b/docs/8.0/ayanova/docs/ops-config-default-translation.md index c9f6164c..33f8926f 100644 --- a/docs/8.0/ayanova/docs/ops-config-default-translation.md +++ b/docs/8.0/ayanova/docs/ops-config-default-translation.md @@ -58,6 +58,6 @@ Windows `set "AYANOVA_DEFAULT_TRANSLATION=DE"` -Linux / MAC +Linux `export AYANOVA_DEFAULT_TRANSLATION="MyCustomTranslation"` diff --git a/docs/8.0/ayanova/docs/ops-config-folder-backup-files.md b/docs/8.0/ayanova/docs/ops-config-folder-backup-files.md index 261262f8..67e160f5 100644 --- a/docs/8.0/ayanova/docs/ops-config-folder-backup-files.md +++ b/docs/8.0/ayanova/docs/ops-config-folder-backup-files.md @@ -45,6 +45,6 @@ Windows `set "AYANOVA_BACKUP_FILES_PATH=c:\ProgramData\ayanova\backupfiles"` -Linux / MAC +Linux `export AYANOVA_BACKUP_FILES_PATH="/var/lib/ayanova/backupfiles"` diff --git a/docs/8.0/ayanova/docs/ops-config-folder-temporary-files.md b/docs/8.0/ayanova/docs/ops-config-folder-temporary-files.md index e30d4934..9895de60 100644 --- a/docs/8.0/ayanova/docs/ops-config-folder-temporary-files.md +++ b/docs/8.0/ayanova/docs/ops-config-folder-temporary-files.md @@ -45,6 +45,6 @@ Windows `set "AYANOVA_TEMP_FILES_PATH=c:\ProgramData\ayanova\tempfiles"` -Linux / MAC +Linux `export AYANOVA_TEMP_FILES_PATH="/var/lib/ayanova/tempfiles"` diff --git a/docs/8.0/ayanova/docs/ops-config-folder-user-files.md b/docs/8.0/ayanova/docs/ops-config-folder-user-files.md index 4c188995..00307558 100644 --- a/docs/8.0/ayanova/docs/ops-config-folder-user-files.md +++ b/docs/8.0/ayanova/docs/ops-config-folder-user-files.md @@ -46,6 +46,6 @@ Windows `set "AYANOVA_ATTACHMENT_FILES_PATH=c:\ProgramData\ayanova\attachments"` -Linux / MAC +Linux `export AYANOVA_ATTACHMENT_FILES_PATH="/var/lib/ayanova/attachments"` diff --git a/docs/8.0/ayanova/docs/ops-config-jwt-secret.md b/docs/8.0/ayanova/docs/ops-config-jwt-secret.md index c5172e97..0739250c 100644 --- a/docs/8.0/ayanova/docs/ops-config-jwt-secret.md +++ b/docs/8.0/ayanova/docs/ops-config-jwt-secret.md @@ -49,7 +49,7 @@ Windows `set "AYANOVA_JWT_SECRET=02847This_is_my_secret_key456576"` -Linux / MAC +Linux `export AYANOVA_JWT_SECRET="02847This_is_my_secret_key456576"` diff --git a/docs/8.0/ayanova/docs/ops-config-report-render-browser-path.md b/docs/8.0/ayanova/docs/ops-config-report-render-browser-path.md index e6efb530..7615e05c 100644 --- a/docs/8.0/ayanova/docs/ops-config-report-render-browser-path.md +++ b/docs/8.0/ayanova/docs/ops-config-report-render-browser-path.md @@ -37,6 +37,6 @@ Windows `set "AYANOVA_REPORT_RENDER_BROWSER_PATH=o C:\Program Files\Chromium\chrome.exe"` -Linux / MAC +Linux `export AYANOVA_REPORT_RENDER_BROWSER_PATH="/usr/bin/chromium-browser"` diff --git a/docs/8.0/ayanova/docs/ops-config-report-rendering-timeout.md b/docs/8.0/ayanova/docs/ops-config-report-rendering-timeout.md index 30ba44f2..9caf8d13 100644 --- a/docs/8.0/ayanova/docs/ops-config-report-rendering-timeout.md +++ b/docs/8.0/ayanova/docs/ops-config-report-rendering-timeout.md @@ -64,6 +64,6 @@ Windows `set "AYANOVA_REPORT_RENDERING_TIMEOUT=10"` -Linux / MAC +Linux `export AYANOVA_REPORT_RENDERING_TIMEOUT="10"` diff --git a/docs/8.0/ayanova/docs/ops-config-set-superuser-pw.md b/docs/8.0/ayanova/docs/ops-config-set-superuser-pw.md index 39bae217..11cd6f75 100644 --- a/docs/8.0/ayanova/docs/ops-config-set-superuser-pw.md +++ b/docs/8.0/ayanova/docs/ops-config-set-superuser-pw.md @@ -2,7 +2,22 @@ In the event that the SuperUser password is lost it can be reset using this setting. Upon booting up the server will reset the current SuperUser User account password to this value. -It should only be used to temporarily reset the password and never left in place. + +It should only be used to temporarily reset the password and never left in place as a setting or any user with rights to see the server boot configuration will have the superuser password. + +## Process + +Because several roles are able to view the boot configuration in AyaNova, the most secure way to change the superuser password is by following these steps: + +0. Choose a temporary password just used for this process +1. Insert the AYANOVA_SET_SUPERUSER_PW value with the temporary password as shown below +2. Boot up the AyaNova server with this setting in place +3. Login from the AyaNova web app as the superuser with the temporary password +4. [Change the superuser password](home-password.md) to a different non-temporary password +5. Log out and back in as the superuser to confirm the new password is working +6. Remove the super user password override configuration setting so that the server won't change it again on next reboot +7. Restart the AyaNova server +8. Login as the superuser again to confirm the new password is still working ## Default @@ -15,27 +30,27 @@ AyaNova expects the override password to be provided by a config.json property, `AYANOVA_SET_SUPERUSER_PW` The value specified should be a string used to temporarily override the super user password e.g.: -`Th3RainInSpainFallsMainlyOnTh3Pla1n` +`tempsuperuserpassword` Example config.json entry ```json { ...other properties... - "AYANOVA_SET_SUPERUSER_PW": "Th3RainInSpainFallsMainlyOnTh3Pla1n" + "AYANOVA_SET_SUPERUSER_PW": "tempsuperuserpassword" } ``` Example command line parameter -`ayanova.exe --AYANOVA_SET_SUPERUSER_PW="Th3RainInSpainFallsMainlyOnTh3Pla1n"` +`ayanova.exe --AYANOVA_SET_SUPERUSER_PW="tempsuperuserpassword"` Example environment variable Windows -`set "AYANOVA_SET_SUPERUSER_PW=Th3RainInSpainFallsMainlyOnTh3Pla1n"` +`set "AYANOVA_SET_SUPERUSER_PW=tempsuperuserpassword"` -Linux / MAC +Linux -`export AYANOVA_SET_SUPERUSER_PW="Th3RainInSpainFallsMainlyOnTh3Pla1n"` +`export AYANOVA_SET_SUPERUSER_PW="tempsuperuserpassword"` diff --git a/docs/8.0/ayanova/docs/ops-config-use-urls.md b/docs/8.0/ayanova/docs/ops-config-use-urls.md index 57fc8271..4e71db9c 100644 --- a/docs/8.0/ayanova/docs/ops-config-use-urls.md +++ b/docs/8.0/ayanova/docs/ops-config-use-urls.md @@ -38,7 +38,7 @@ Windows `set "AYANOVA_USE_URLS=http://*:5000"` -Linux / MAC +Linux `export AYANOVA_USE_URLS="http://*:5000"` diff --git a/docs/8.0/ayanova/docs/ops-import-v7.md b/docs/8.0/ayanova/docs/ops-import-v7.md index a30d2432..3db88609 100644 --- a/docs/8.0/ayanova/docs/ops-import-v7.md +++ b/docs/8.0/ayanova/docs/ops-import-v7.md @@ -112,9 +112,11 @@ If possible a "permanent" copy burned to DVD may be prudent. ## Downloading and installing the V8 Migrate plugin -Download the V8 Migrate plugin installer for AyaNova 7.6+ here: [https://www.ayanova.com/download/v8-migrate.exe](https://www.ayanova.com/download/v8-migrate.exe) +Download the V8 Migrate plugin self extracting installer package for AyaNova 7.6+ here: [https://www.ayanova.com/download/v8-migrate-installer-package.exe](https://www.ayanova.com/download/v8-migrate-installer-package.exe) -Run the v8-migrate.exe file to install the plugin to the AyaNova 7.6+ already installed on the computer that will be performing the migration as determined after reading the "How to get the fastest possible migration" section above. +1\. Run the v8-migrate-installer-package.exe file which will self extract the v8 migrate installer program v8-migrate.exe. + +2\. Run the v8-migrate.exe file extracted in the prior step to install the plugin to the AyaNova 7.6+ already installed on the computer that will be performing the migration as determined after reading the "How to get the fastest possible migration" section above. Note that Windows may prompt you that the installer is "unsigned" from an "unknown publisher" and you may need to select the option to allow the installer to "run anyway". diff --git a/servdocs.bat b/servdocs.bat new file mode 100644 index 00000000..d68fe12b --- /dev/null +++ b/servdocs.bat @@ -0,0 +1,2 @@ +cd c:\data\code\raven\docs\8.0\ayanova +mkdocs serve