What's New in Version November 2014

Friday, October 31, 2014 by Karin Huber

The new version November 2014 (1.30) is downwards compatible to version March 2013 (1.10) and later. You can use all of these versions in a single account simultaneously.

Changes in the New Version

OAuth2 and OpenID Connect

This month we are announcing the next important step in our movement towards HTML and JavaScript: We present the first public preview of time cockpit's OpenID Connect endpoint for authentication and authorization. Until now, time cockpit has used a custom token format, custom authorization flow, etc. As always we open our own APIs for our customers, too. So with the change we present today, you can use the OpenID Connect standard instead. We also published an updated version of our OData Web API that can consume the tokens you get from the new authorization endpoint.

Improved Validation Consistency

Different operations in time cockpit use validation to ensure that entered data is correct before it is saved. Up until now there was an inconsistency between the validation results presented by forms in the UI and programmatic save operations. Additionally, the system behaved differently depending on if an entity has any enabled validation rules or not.

In this release we unified the behavior to be consistent in all cases. This change has an impact on not-nullable properties with additional considerations for text properties. The following matrix shows the previous and new behavior for programmatic operations.

Entity has Validation Rules	Input Value	Previous Result	New Result
FALSE	Null	SQL Exception	Validation Exception
FALSE	Empty String	OK	Validation Exception
FALSE	Text	OK	OK
TRUE	Null	Validation Exception	Validation Exception
TRUE	Empty String	Validation Exception	Validation Exception
TRUE	Text	OK	OK

Please note that we no longer accept empty strings as valid values for not-nullable text properties. The UI always behaved like this but programmatic operations accepted such values if no validation rules were present on the model entity.

In addition to being more consistent in when exceptions are thrown we also improved the types of exceptions involved as we try to avoid directly surfacing SQL exceptions and using validation exceptions with end-user friendly messages.

Disabled SSL 3.0 Support

We have disabled SSL 3.0 support for the following websites to prevent POODLE attacks:

www.timecockpit.com
help.timecockpit.com
login.timecockpit.com (login page for time cockpit web client with Silverlight)
1-30-3292-4.timecockpit.com (current version of the time cockpit web client with Silverlight, you will automatically be redirected to the correct version of time cockpit when using login.timecockpit.com)
apipreview.timecockpit.com (OData endpoint)
auth.timecockpit.com (OAuth endpoint)

In this context we also have dropped support for time cockpit versions smaller than 1.10 (March 2013). If you are using an older version of time cockpit and want to use the web client, please contact us. We will gladly help you to upgrade to the latest version of time cockpit.