Cookie consent
File Audit history
Admin UI
• Validation is enabled on the General settings page for phone number field when space is entered.
Portal
• Angular Upgrade is done.
Admin UI
• The Subscription name on the Subscription details page in the menu doesn’t go of the menu.
• Font change for ‘Users on this License’ on the License details page.
• Delete icon’s size is made smaller than the previous.
• The left menu doesn’t fall off the screen when all the sub-menus are open and the screen size is large, a scrollbar is available.
Audit History
• The Session history now contains only one entry of session creation when the session is created.
Portal
• The Cookie consent with a link to the Decos privacy statement is displayed as a pop up only for the Guest users.
• The error code will be displayed at the right corner for the all the apps in the error message.
Admin Portal – Licenses & Subscription
• On the ‘Manage License’ menu , all the Licenses owned by the Tenant will be displayed.
• The ‘Manage License’ button besides the Collaboration-Web license to manage users and license for a particular tenant.
• The ‘Change Plan’ button on the Subscription details page directs to the App source website.
• On the License details page, the User slot, storage slot and the users to which License have been assigned are displayed.
• A warning icon will be displayed at the top left corner of the relevant License when the storage quota or user quota reach a 90% limit.
• A banner message ‘One or more licenses need attention’ will be shown on the Portal app, Admin overview page, License details and the Subscription details page when the threshold level is reached and exceeded for both User quota and the Storage quota.
• The User slot and storage slot bar will appear in yellow when a threshold limit is reached and will appear in Orange when the limit is exceeded.
• On the Add users to License page, the tenant users list is displayed wherein users can be selected to Assign license.
• The list of users is displayed on the ‘View license’ page with email address and user- name. The users can also be searched.
• The ‘Add a user’ button is disabled when the user quota limit is exceeded.
• The License can be removed for a tenant user on the License details page by using the Remove button in the user’s grid and the user slot will be refreshed.
Admin Portal – Users menu
• Bulk user Import- “Download bulk import template” and ‘Import users’ button is available in the user’s section of the admin portal. User will be able to import multiple users in one go. Toaster message will be shown for successful bulk import, ignoring the duplicate users and invalid format of user’s email.
Collaboration
• The ‘Leave’ alert after uploading files is removed on the Upload files page.
• When appropriate License is not assigned to a tenant, an error message is shown to the user while creating a session from the JOIN or the Collaboration portal.
• The ‘New session’ button will be enabled/disabled based on the License subscription status of the Tenant.
• The ‘Let’s start’ button is disabled when the user quota limit has exceeded or when the user doesn’t have an appropriate License.
• The Session history includes activity details for the ‘Ended session’ in case of the “Collaboration- Web” version.
Admin portal
• The menu item ‘Subscription and Licenses’ is added in the admin portal. The menu items page display ‘Coming soon’.
Collaboration
• The error page is shown in the Collaboration app in case of Denied access(403), 404 and 500 error.
Security
• External Pen test issues Broken access control, Broken authentication and UX cookie consents have been resolved.
Marketplace
• In session init, on the select files page and manage files page, the pagination are removed and a scrollbar is added in the files list grid.
• The file model of WOPI is removed from the deleted sessions.
• The audit files are also deleted when a session is deleted for handling the deleted event.
Security
• The previous link (change password,reset password,chnage phone number)gets expired as soon as user generate new link.
• The filter options from the columns have been removed.
• A global search feature and the filter for ‘Project’ and ‘Shared by’ column is added on the session overview page.
• On the ‘session created by me’ page, a global search and a filter for ‘Project’ column is available.
• Only the session name will be listed on the ‘Session Overview’ page and ‘Session created by me’ page and no child rows of files list under the session name will be listed.
• The ‘Type’ column has been removed from all the pages in session management.
• The ‘Manage session’ page is similar as the ‘Session Overview’ page with a search and filter feature.
• The header and footer are removed from all the session initialization pages.
• The left side menu is made similar as the session management page.
• A pop-up warning message is displayed on the page when the user tries to navigate to other menu item while initiating a session.
• The Manage files and Rights grid view is changed in session initialization and session management respectively.
• The participants user name is displayed on top of the grid when multiple users are added to the session.
• The source column is added on the ‘Session overview’ and the ‘Session created by me’ page for Market place version.
• The Select files page for session initialization is functional.
• The ‘Add participants’ page for session initialization is functional.
• The Manage files grid is functional for the Case-Based Collection with documents.
Portal- Change email
• The change email feature is available for the guest users on the Profile page.
• The changed email is also updated in the user management, file management and the session management on the participant’s page for existing sessions.
Portal- Change phone number
• The change phone number feature on the Profile page in the portal app can be used for the tenant user and the personal user to change phone number.
• The changed phone number is also updated in the user management and the session management.
Portal- Profile page
• The First name and the last name field on the profile page has validations when it’s empty for the personal users.
• The organization field is not mandatory for the personal users.
Admin
• The search functionality works fine and highlights the searched data in the user’s grid.
Email Template
• Textual changes are made in the header and footer section for all the application screens and email templates.
Sign-in feature on the Registration form
• An invitation for a new onboarding personal user can be accepted using different email address.
• The user can login using the ‘Sign in’ feature on the Registration form with an existing onboarded personal user’s account.
Admin
• The Roles column has been added in the Active user’s grid.
• On the Details page, the Activate and Deactivate button has a slider implemented.
Error code
• 403 error code has improved error message which is shown for unavailibility of rights.
Internal Security
• WOPI editor client users sealed secret client ID thus facilitating intended functioning of the editor app.
• Gateway aggregators have been implemented to validate endpoints.
• Strict CSP policies are achieved.
Admin
• The Details page is available for the Guest members and Deactivated users in the kebab menu.
• Search bar is available at the top of the grid on every page for searching required data.
• The Tool tips are added in the Admin portal for all menu items in collapsed and expanded mode, kebab menu and breadcrumbs on all the pages.
• On click of the row in the grid, the user will be navigated to the Details page.
• Old guest users are now visible to the Metro and Tram on the Acceptance environment.
Admin- General
• The validations are added for fields on the Edit page.
• The First name and last name does not allow empty field.
• The phone number field has same format displayed on the session initialization page.
• The Email address also has same validation as implemented on the session initialization page.
Portal- Change password
• ‘Change password’ button is made functional for the non-tenant user on the Profile page.
• On click of the ‘Change Password’ button, a link to change password is provided to the guest user via email. The link is valid for fifteen minutes, after fifteen minutes the link will expire.
• While changing the password user needs to fill the current password, new password and confirm password fields
• If the existing password is correct and password matches the specified rules, then password will be changed and the guest user will be notified via email about change of password.
• After changing the password user will be navigated to the login page.
Portal
• Re-login functionality is available post logout from any of the application.
• Error code handling is done for Admin and portal app and is same as the Collaboration.
Application responsiveness
• The application response time is improved when navigating from one application to another i.e portal app to the Admin app.
• The token renewal is handled for the application and as a result the application does not show an error when the page goes stale.
Session management- History
• The correct data entry is displayed when the participant is removed from the session.
• Username is displayed on the History page when the contributor is mentioned in a comment.
Sorting
• The sorting feature functions correctly. The last updated session appears on the top by default and the when the page records are limited and sorting is done, user goes back to page 1.
Internal security Audit
• All the API’s at backend are secured.
Admin Portal
• Kebab menu item ‘Assign as admin’ is added on the Active user‘ s page. On click of it, a slider component is available and user can be assigned as Admin.
Portal
• Collaboration application is shown on the Portal screen.
• This can be accessed through the menu item ‘Join’ in the dashboard. On click of the icon in the portal, the user is taken to the Session overview page.
• On the Profile page, Edit functionality is available wherein First name and Last name field is editable for the non-tenant users and none for Tenant users. This data is populated from Registeration Onboarding form.
Admin- Handle unlinked Guest users
• When the guest users are unlinked from Guest users page, the user should be removed from all active sessions, ended sessions however the unlinked user should remain a contributor when invited by other Tenant user.
Improved Manage rights – Edit functionality
Tooltips are added for Edit rights column for being disabled in session initialization module and collaboration portal for following points:
• If the user has no Edit rights in join, the tooltip shown will be: “Sorry, this is not possible. You have no edit rights in the source system.”
• If the file is already shared for edit in an active session, the tooltip shown will be: “Sorry, this is not possible. This file is currently shared with edit rights in another session.”
• If the file extension does not support edit, the tooltip shown will be: “Sorry this is not possible. This file type cannot be edited.”
• When the Read rights checkbox is unchecked, checking on the Edit rights checkbox should check the Read and Comments checkboxes. When checking on the Comment checkbox, the Read rights checkbox is also checked.
Last Update in session management
The ‘Last Update’ column will now be updated on the following actions.
Administrative actions
• Session initiation
• Change on session details page
• Add participant
• Remove participant
• Change rights
• Change of Due date
Commenting
• When session is initiated, session-Last Update and all files-Last Update is set as current date time.
• When two files F1 and F2 are considered, one or more users collaborate on same file F1, there will be 5 minutes of sliding expiry duration until next session/file ‘Last Update’ field modification is allowed. In this case there is NO change made in file F2.
• Expiry duration is PER FILE, so if user comment on File F1 at 1:00 o’clock then all next comments (comments, mentions and replies) until 1:05 will be skipped. Again, next time when user comments on same F1 file after 1:06 then Session and File F1 ‘Last Update’ will be considered.
Authorization for Session initialization
• The user without the ‘col-user’ role are unable to create the session.
• 403 error page is shown to the users who do not have ‘col-user’ role.
Security
Appropriate CSP policies are applied for all html pages to front end applications to achieve strict policy.
Internal Security Audit - Project Management
• As a ‘collaboration-admin’, user can add update and delete project from list.
• As a ‘collaboration-admin’ and ‘collaboration-user’ user can access the project list.
Updated Invitation Model
• The invitation to tenant and the personal user should work as before.
Internal Security Audit
As a part of internal security audit to validate client end point, following modules are considered.
• Notifications
• Comments
• Session management
• File management
IDP LOGIN
• Already logged in user can navigate to home page through IDP URL
Email Services
• When template is used to send an email then TextContent/Stringcontent and Subject are stored in template, so these fields are set as not mandatory while using Templates.
User Management
• Post reset password, user is redirecting to login page now.
• User is able to access the inivitation link for onboarding even though it’s first invitation is yet to claim.
Email Templates
• On click of ‘Send test email’ link on the ‘Manage Email Template page’, Coming soon page is shown.
• The title in the header is changed to ‘JOIN Collaboration’ in EN and ‘JOIN Samenwerken’ in NL along with icon of the Collaboration.
• A footer is added with the copyright image, year, trademark and legal links to website as per the design. Just above these details, a single line text is added explaining the reason of sending email to the user.
• The font and font size is removed from the Email signature and Customizable text.
Logout Page
Post logout through IDP login from dashboard,the user is now taken to the logout page.
Platform Admin
Platform Admin - Overview
This page shows the count of Active users and active Guest. On click of the respective count, the user is directed to respective page.
Collaboration dashboard
• The Profile page now displays the data of the logged in user.
• Under the Settings menu item, Preference page is now available only with UI of the different themes.
Accounts
Users are configured on Production Account for demo.
URL
All the Collaboration app URL are changed from decoscloud.com/portal to decoscloud.com i.e. https://decoscloudacc.com/
Authorization
An authorization is implemented as a part of internal security audit for session init.
• User receives mail with link to reset the password, now this mail has a appropriate mail template in mandrill.
Email Templates
• On click of ‘Send test email’ link on the ‘Manage Email Template page’, Coming soon page is shown.
• The title in the header is changed to ‘JOIN Collaboration’ in EN and ‘JOIN Samenwerken’ in NL along with icon of the Collaboration.
• A footer is added with the copyright image, year, trademark and legal links to website as per the design. Just above these details, a single line text is added explaining the reason of sending email to the user.
• The font and font size is removed from the Email signature and Customizable text.
Logout Page
Post logout through IDP login from dashboard,the user is now taken to the logout page.
Platform Admin
Platform Admin - Overview
This page shows the count of Active users and active Guest. On click of the respective count, the user is directed to respective page.
Collaboration dashboard
• The Profile page now displays the data of the logged in user.
• Under the Settings menu item, Preference page is now available only with UI of the different themes.
Accounts
Users are configured on Production Account for demo.
URL
All the Collaboration app URL are changed from decoscloud.com/portal to decoscloud.com i.e. https://decoscloudacc.com/
Authorization
An authorization is implemented as a part of internal security audit for session init.
Admin app
• The Admin app with the menu items is available now. On click of Admin menu item, a side panel is opened with all the admin menu items. • Kebab menu with respective operations is added for Active users, Deactivated users and the Guest members menu items.
• Buttons in the side menu and Admin menu item are duplicated as of now in the Collaboration portal.
Platform Admin Authentication
• On the access of Admin app or URL(decoscloudtest.com/admin) , the user is prompted to Login and can logout successfully.
• Only user with the Platform-admin role can access the admin app while other users will be shown 403 error but the user name is visible in the side menu.
Authentication for Portal admin container
• When the URL https://decoscloudtest.com/portal is hit, the user is prompted with login screen.
On successfull login, user gets navigated to the home page which has a side menu with Admin menu item in it.
• If a user without the platform admin role tries to access the admin pages, a 403 error page is shown. However, the user will be able to see the pages he is authenticated for.
Email Template
A new design is available in email template with following changes:
• CURRENT_YEAR placeholder value is present in email service for copy right text.
• A space is added between email signature and the logo.
• Email signature is now placed below the logo.
• The scrollbar is placed for the complete page instead of the grid.
• When the tenant user invites any other non-tenant user, the email invite will consist of the logo configured at tenant portal.
• When a non-tenant user invites any other user, the default logo should be seen in the email invite.
Security checks for uploaded files: Part 2
Different parameters like name, size and signature for security checks are considered.
Cancel Invite in session management
• Initiator can now cancel the invite for a guest user on the Participant’s page in session management.
• When a user is invited to a single session and the invite is cancelled, on click of the invite link an error message ‘Invite not found’ will be shown.
Invitation flow ( Registeration form)
Organization field is now editable and mandatory on the create account page during the onboarding flow for a personal user. For a tenant user, the organization field is auto filled and non-editable.
2FA
When the phone number or email address field is not updated on the Registration page during onboarding flow, the 2FA screen is not shown however if either of the fields i.e phone number or email address is updated, the application further navigates to 2FA screen.
WOPI Production Environment
The editor app is switched to WOPI Production enviroment. All WOPI integrations, editing Word, Powerpoint and excel files works fine.
Email Templates
Following are the updated elements for Email Templates: Message, Invitation link, Customized message, Email Signature and Email logo.
• User Invitation
• Edit a file
Whenever any file is edited by the participants in the session, an Email is sent to the initiator with the filename which is modified in the message .A message is not added in the Email as it is sent to the initiator only. File Edit template is used from Mandrill.
• Change Due date of a session
A email is sent to the all the participants when a session Due date is changed which includes the modified due date.
• End session (Manual and Automatic)
An email is sent to all the participant users with a session end message on manual and automatic session end.
• Session Due date reminder
An email sent for due date reminder of(1 & 5 days) with the session name.
• Remove a participant from the session
A email sent to the removed user which includes the session name from the user has been removed.
• Replied to a comment
An email sent to the user when replied to a comment with the filename in it.
• Mentioned in a comment
An email sent to the user on mention of a comment with the filename in it.
Alerts added to the application
• If we navigate from email link and notification screen for the session that is ended or contributor is removed, it will give 403 error page.
•When a wrong parameter is passed to API it will give 400 error and we will get popup like Duplicate project.
• When a garbage value is added in URL, it will give us 404 page
• If something goes wrong on serverside, it will give 500 error.
Edit rights for files shared in active sesion
If a file is in an active session with Edit right and is getting re-shared from JOIN then only read and download rights are provided. Checkbox for edit is grayed out when the same file is already shared for edit in an active session.Checkbox to select all for EDIT is disabled.
Edit rights for files shared in active session(Manage rights and Invite users)
If a user is invited via session management in an active session with Edit right then Checkbox for edit is grayed out when the same file is already shared for edit in an active session.
Modifications on the History page
The top bar( Date, Activity,User) on Session history and File history page is made static and it will be always visible to the user regardless of the order and the columns are made wider. The User column will not interfere with Activity column data.
Security checks for file uploaded
Different parameters like name, size and signature for security checks are considered.
Manage Email Template
The email signature is now added below the logo.
User is now unable to view and edit the files of an ended session by accessing older notifications.
When session is automatically ended, files are now synced to JOIN.
Edit Session Details Page
Sessions with empty project name can be saved while editing other details.
Comments
User can comment on a file up to 1000 characters. A validation message is shown ‘Reduce the number of characters’ along with the character count and a red border. This scenario has been handled on Reply of a comment, Edit of a comment, Edit of reply and New comment.
Session overview
• On Click of the session name/ row, user will be directed to the session details page.
• On Click of the file name/ row the file viewer is seen.
File Edited Notifications
• A System notification will be received to the session initiator, after a file has been edited.
• This feature is applicable for Word, Excel, and PowerPoint files.
• An Email will also be received for the same.
File modified information in Session Details
Any WOPI supported files Word, Excel and Power point when edited by session initiator, the new data(last modified date) of file modification is reflected on the Session Details page in ‘Last Update’ field.
Invite Participants via Session management
Session initiator can invite any participant during the session through ‘Invite’ menu item under ‘Participants’. The rights can then be assigned to the file for the added user. The invited user name will be shown under ‘Invited’ section on the participants page.
Participants in Session Management
The users in the session are displayed in different sections on Participants page. The section consists of session owner, participants and Invited wherein the session initiator, participant users in the session and invited user are displayed in the respective session. Invited users are those who are not registered but invited to the session.
Publish created session on session overview page
The session created appears in light grey and once the files are synced the session is ungrayed automatically indicating it is accessible.
Navigation from Notification
• When clicked on the notification of session, the user will be taken to the Session Details page if the user is a part of the session.
• If the session is ended or a contributor is removed, on access of the notification the user will be taken to the session overview page.
• When a user is mentioned in the comments, a notification is sent to the respective user. On accessing it, the user should be taken to respective file(WOPI editor).
Notification to Contributor
An invitation email is sent to the invited user to collaborate in the existing session.
Delete Project
The session initiator can delete the project which has zero sessions associated with it. If attempted to delete the project which has projects associated a validation popup is shown with a message ‘There are still sessions assigned to this project’.
Change Rights feature on Participants page in Session Management
The session initiator can change the rights allocated to the contributors, whenever needed. This feature is available as a kebab menu option ‘Change Rights’ against the contributor name on the participants page.
The user is then directed to the Rights page.
Project name validation on Manage Project page
The user can add a new project name which allows only 50 characters. If it exceeds 50 characters, the validation message will be displayed.
Session End
The session is ended automatically after the due date is reached at 00:00:00 AM.
Users are notified about it through email and system notification.
Session Icon change
A new icon of three persons can be found on session overview page for every session.
Email Template Service is available
Manage email templates is available with the below features:
• Upload Logo
The user can upload a logo of different file formats (.jpeg,.png) through the link or the button ‘Upload logo’.
• Add signature
The user can add the signature as per requirement using ‘Add signature’ button or link. Users can edit the signature and save changes.
• Edit Template
The user is provided with a template to add a customizable text to the email that is to be sent to the users.
• Email delete logo Confirmation
A confirmation message is given to the user on the email template while deleting logo.
Validation for email address field
The user is notified with a validation message
• when the user exits the email address field or clicks outside the email address field.
• If an invalid email is entered
This is applicable to the email address field on Add participants page during session initiation and Invite page via session management.
File selection during session initiation
User can select the file only by clicking on the checkbox.
Highlighted comments
When a notification(reply/mention) is received by a user, and the user navigates to the comment via click on the notification, then comment appears to be highlighted and the highlight disappears in some time.
Medium risk security issues found during security scans were resolved
WOPI
Approved by Microsoft
Timeout with 2FA verification
Now session timeout with 2FA verification step is increased to 5mins
Fixes with Invitation and Onboarding Flow + Cosmetic updates.
Session Initiation Workflow Changes
Manage Rights page
UI Refinements
Download option is removed
Apply for All option is present
Read column is in default on active state
Scroll bar is visible
Edit Participants Page
Text is added on the Cancel popup in Dutch and the Delete logo is changed
Task Description page
Red border is added when a validation message is thrown
Add more files on Summary page
UI and text changes done
Unselect all functionality is working as expected
Collaboration Dashboard Changes
Session Overview
The sessions on the session overview page will be greyed out until the files are synced. User needs to refresh the page for now.
Session Details Page
Collapse behaviour at participants submenu Session Files Page The ‘comments’ option is removed from the Kebab items
Edit Session Page
The Edit session page shows files listed on the page instead in a new tab
Comments
Comments after delete will be shown as ‘the comment has been deleted’ and this will persist after refresh as well
Manage Projects
Correction of Dutch translations
Delete Icon removed from title
Few Alignment corrections
Commenting Panel
UI changes done Notifications Screen is added with Notifications shown
Comments Notification
A Notification is received on
Reply to a comment
Mention of a user
Other features added are
Mark read, Mark Unread feature of a notification.
Mark All read, Mark all unread feature of notification
Delete a Notification
Landing page from invitation deeplink is navigated to the Session Detail page
Functional Features
EULA Implementation
Audit PDF
Categories of Audit Available:
Session
Session started event: This will provide detail information about who has started session and what was the session property.
Session ended event: This will show when the session was ended.
File
File added: This will show information about the file being added to session.
File privilege: This will show about events info mentioned below.
Comment right: Off
Download right: Off
Edit right: False
Read right: False
Comments
Placed: This will show the comment created information like who commented on which file etc.
React: This will show information about reply over comment.
Modify: This will show edited comments.
Delete: This will show which comment was deleted by whom when.
Send Onboarding and invitation for all Users (Tenant/External)
Edit Session from Session Overview
Edit File from Session Overview
Roles for Collaboration (Authorized for what kind of data can be seen by whom)