Page History

1. PART 1: inject and search by STG in the Ticket List screen
2. PART 2: search by STG in the Transaction list, Transaction pending
3. PART 3: search by STG in Reports

Ticket's Sub-Target Group (STG), PART 1 injection and search in Ticket List screen 

https://jira.secutix.com/browse/TIX2-641 As an organizer, I can search by STG in the Ticket List screen. PART 1/3

• Enable organizers to classify a ticket by a contingent.
  • Inject the contingent successfully from S-360.
  • Filter by the contingent in several screens (e.g. Ticket List screen), in order to have an overview of ticket status per each contingent,
  • Send push notification for just some specific contingents,
  • Export the ticket with the contingent.
• New Back Office AdminTool 2.0 Console > Settings > Organizer Settings > enable.contingent.feature 
  • 
• New table REFERENCE_DATA, example:
  • 

• Injection API (dependency on S-360)

  • 
  • Data model: TICKET table adapted to add the contingent.
    • New column CONTINGENT_EXTERNAL_ID added in table TICKET, NULLABLE
    • Data migration: no needed, existing tickets are let empty.
  • If the organizer enables the contingent feature, then contingent must not be empty, otherwise, it is kept optional.
  • 
• Injection CSV (dependency on Injection API)
  • Contingent has been added in the CSV import file with the same structure as the API.
• Ticket List page
  • If the organizer enabled the contingent feature:
    • New filter by contingent is added, and new column contingent in the list:
      • Value in drop down of the new filter comes from REFERENCE_DATA table of selected event if any or all events, with (key = ‘CONT’, lang = ‘en’)
    • Query search result adapted.
    • Contingent added in the export file.
  • Otherwise, the current behavior has been kept.
  • 
• Ticket Support page
  • If the organizer enabled the contingent feature:
    • AdminTool: contingent is added to the ticket details.
    • Backend: returns the contingent for AdminTool.
  • Otherwise, the current behavior has been kept.
• 

Ticket's Sub-Target Group (STG), PART 2 search in Transaction list and Transaction pending

https://jira.secutix.com/browse/TIX2-1872 As an organizer, I can search by STG in the Transaction list, Transaction pending.

• If the organizer turns on the contingent feature:
  • Transactions screen
    • Filter by the contingent correctly.
    • Export: contingent and seat details are also exported in the excel file.
    • 
  • Pending screen
    • Filter by the contingent correctly.
    • Export: contingent is exported in the excel file.
    • 

Ticket's Sub-Target Group (STG), PART 3 search in Reports

https://jira.secutix.com/browse/TIX2-1873 As an organizer, I can search by STG in Reports.

• If the organizer turns on the contingent feature:
  • Reports
    • 

https://jira.secutix.com/browse/TIX2-2332 [Crowdin] Change Crowdin on the fly, do not require to upload a new build.

Business benefits: Speed-up and ease the process of updating strings in the mobile wallet.

• Old behavior
  • Step 1: Client and BA changed translation strings in Crowdin.
  • Step 2: BA created a ticket on Jira and assigned it to the development team.
  • Step 3: Developers changed the text on the local file (.json).
  • Step 4: Developers rebuilt the white-label mobile wallet and shipped the application to the client.
• New behavior
  • Step 1: Customers and BA change translate string in Crowdin and click “build project” on Crowdin.
  • Step 2: The mobile wallet users relaunch the TIXNGO application.
  • 

https://jira.secutix.com/browse/TIX2-2262 Brute force protection for Console.

Business benefits: Add additional security into the Backoffice.

• Implementing the Amazon Cognito lockout behavior for failed sign-in attempts (c.f. https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html)
  • After five failed sign-in attempts, Amazon Cognito locks out your user for one second. The lockout duration then doubles after each additional one failed attempt, up to a maximum of approximately 15 minutes. Attempts made during a lockout period generate a Password attempts exceeded exception, and don't affect the duration of subsequent lockout periods. For a cumulative number of failed sign-in attempts n, not including Password attempts exceeded exceptions, Amazon Cognito locks out your user for 2^(n-5) seconds. To reset the lockout to its initial state, your user must not initiate any sign-in attempts for 15 consecutive minutes at any time after a lockout.
  • 

https://jira.secutix.com/browse/TIX2-184 Number of active sessions is missing in the spectator export in the TIXnGO console.

Business benefits: Add additional information in the spectator export.

• Add a new column "ACTIVE SESSIONS" in the Spectators List/Export CSV file.
• This column is placed right after PINCODE column.
• The values of this column are exactly the values displayed on the Spectators List screen.
• 

https://jira.secutix.com/browse/TIX2-624 [All organizers] As an AdminTool 2.0 support-user (SU) and basic-user (BU), I can also resend communications under Support-Spectator page (so far only admin-user (AU)).

Business benefits: Provide more flexibility to the operations and enhance the Backoffice rights for SU and BU.

• Old behavior: only admin-user (AU) can also resend communications in the Backoffice under Support-Spectator page.
• New behavior: support-user (SU) and basic-user (BU) can as well.
• Reference: TIXNGO Portal / Backoffice manual / User roles and privileges: TIXNGO:Backoffice
• 

https://jira.secutix.com/browse/TIX2-2116 We need logic in the app to activate offline mode is case of not working backend, so we can prevent loss of tickets.

Business benefits: Provide a last-minute security backup to activate the tickets.

• In case the organizer decides to use online-activation tickets and some edge cases failures occur (e.g. some offline phones, some phones with Bluetooth issue, some TIXNGO backend issues), TIXNGO have now introduced this emergency offline time-based that will activate the tickets no matter what, to make sure the barcode will there for the event. 
  •  Application Settings / key: ticket.emergency.activation / description: Minutes before the event starts to activate tickets offline (set 0 to turn off the feature)
  • 

https://jira.secutix.com/browse/TIX2-225 As a ticket holder, I have a new UI/UX design when transferring my ticket.

Business benefits: Personalize with a message the transfer of a ticket.

• As a registered wallet user and transferable ticket holder, I can start the transfer process of a transferable ticket directly on the ticket "Send your ticket" section, and on the Floating Action Button (FAB).
  • 
• On the "Send your ticket" screen, I can see the transfer ticket summary, and can add additional tickets (c.f. 2022 Weisshorn V3#2022WeisshornV3-Ticketbulktransfer).
  • 
• If the new "Transfer Message" feature is enabled in the Backoffice / Application features / transfer-message and in the ticket transfer email template (c.f. make sure to include the parameter $$message$$ in your transfer templates to make sure recipient can see the content of it, more information detailed in the Mobile Wallet manual here: Application Features), I can see a section to input a message to the recipient (max 300 characters), which will be displayed in the email notification. NB: The message will be as well displayed in the receiver wallet, at a later stage of development (c.f. https://jira.secutix.com/browse/TIX2-2312).
  •  
• Crowdin new strings to translate:

  • recipient_confirmation_page_description

  • transfer_recipient_empty_value

  • add_recipient_email

  • transfer_functionality_title

  • transfer_functionality_description

  • transfer_message_input_title

https://jira.secutix.com/browse/TIX2-1865 As a wallet user, I can see on the ticket, if and when a wristband has been allocated.

• When wristband is handed out (wristband activated), log is recorded at bottom of ticket : WRISTBAND HANDED OUT AT HH:MM:SS
• Wristband handed out log on mobile reset when user logout or change device
• 

https://jira.secutix.com/browse/TIX2-1830 As a wallet user, I can select the in-app language on the log-in screen, and access the FAQ.

https://jira.secutix.com/browse/TIX2-1769 As organizers, we want to inject multilingual  for events and display it on mobile app. PART 1/3 → other 2 PARTs will be deployed at a later stage of development (c.f. PART 2: update multilingual for events directly on AdminTool, Transaction pending, PART 3: export events multilingual from AdminTool).

• Organizers to inject their tickets from S-360 (API), or by CSV file on AdminTool with multilingual support.
  • Elements: Event name, Event website, Event address (site, line1, line2, line3, city), Group name, Group image, Master event name, Ticket details.
  • Languages code (ISO 639-1:2002): Arabic (ar), Catalan (ca), Czech (cs), Dutch Flemish (nl), English (en), French (fr), German (de), Hungarian (hu), Italian (it), Portuguese (pt), Spanish (es), Turkish (tr).
  • 
• In case an event does not support a spectator’s app language, let display the event’s default language (English) (including its tickets label).
• If an event is supporting a spectator’s app language, let display event information by the app language of this spectator (including its tickets label).
• JSON format example.txt

https://jira.secutix.com/browse/TIX2-190 As an organizer, I can search and troubleshoot Spectators, who did not complete the registration process (for instance to retrieve registration code).

• Goal is for organizers to troubleshoot cases:
  • Retrieve users' registration code, when registration process has not been completed,
  • Retrieve users, who created an account without tickets (never had + already had tickets),
  • Retrieve users, who have tickets in pending transfer from another user,
  • Retrieve users, who have tickets in pending download (injection).
• Test scenarios
  • Spectators that did not complete registration process → search for this spectator in the AdminTool and see the Pincode.
    • 
  • Inject a ticket to user A which never registered in the system (injection pending) → search for this spectator in the AdminTool with status inactive (similar to user did not complete registration process).
    • 
  • User A transferred a ticket to user B, who has never registered in the system (transfer pending) → search for this spectator in the AdminTool with status inactive (similar to user did not complete registration process).
    • 

https://jira.secutix.com/browse/TIX2-1760 Following time activation (online or offline), disable transfer only after ticket check (via beacon or manually).

• If a ticket get time-based activated, but the spectator has a last-minute blocker and cannot go to the event, the spectator can still transfer to somebody else. However, if the ticket has been already activated at the event location through a Bluetooth beacon (BT) (or manually), the ticket cannot be transferred.
• The organizer can allow/disable the ticket transfer after the BT activation by setting parameter transferRules.allowTransferAfterActivationByBT to TRUE/FALSE per ticket level (default = TRUE).
  • If param is set to TRUE: On mobile, the transfer button is available and the ticket can be transferred to another account as usual after the BT activation. 
  • If param is set to FALSE: On mobile, the transfer button is not available, if the device is online after the BT activation. The ticket can't be transferred to another account after the BT activation, and have label "non-transferable ticket".
• New endpoint from backend:
  • POST /spectator/tickets/secondary-activations: Inform the backend that a ticket was activated for the second time on the spectator side (mostly BT beacon). → Mobile use this flag to hide the "Transfer" button.
• New parameter work for all injections from S-360 injection (via the S-360 Ticket Template Editor) and TIXNGO CSV Injection and TIXNGO single injection.
• The Backoffice AdminTool 2.0 Console has been adapted accordingly.
  • On the Edit Event (screenshot), Support ticket screen, Ticket Detail pop-up.
  • The new rule of Allow transfer after activation belongs to each group transfer Id.
  • Under transfer rules of each ticket, rule (Allow transfer after BT activation) is updated with the value ON/OFF respectively.
  • On Support page, organizer can edit the rule to ON/OFF as other transfer rules.
  • If rule is not mentioned during injection, Backend to set the default TRUE.
  • 

Please note that when a beacon or manual check is performed, the check method and beacon name information and timestamps will be displayed at the bottom of the ticket. The beacon name is useful in case of troubleshooting to be able to spot with which beacon and which location the ticket was "beacon checked".

The beacon name used for the check is also available on the admintool in the mobile logs screen.

Image Added

https://jira.secutix.com/browse/TIX2-1770 As an organizer, I want to send a push notification with a specific reason while deleting a ticket.

• When an organizer deletes a ticket in S-360 (or directly from TIXNGO), the TIXNGO backend triggers a configurable push notification to the user.
  • Examples:
• Backoffice AdminTool 2.0 Console > Settings > Multilingual Settings > 32+ new keys added
  
  • 
• Ticket delete notification configuration guideline: Notification & Email Templates#Ticketdeletenotification

https://jira.secutix.com/browse/TIX2-1809 [Screenshot/recording protection] As TIXNGO, I replace ScreenShieldKit existing solution by implementing flutter library screen_protector (available on https://pub.dev/).

Related to the previous delivery in 2022 Weisshorn V2: https://jira.secutix.com/browse/TIX2-2 Screenshot and screen recording protection.

• The screenshot/recording feature works as previously on iOS and Android.
• Organizer can enable/disable the feature under Backoffice AdminTool 2.0 Console > application features > screen.protect.shot.record.

https://jira.secutix.com/browse/TIX2-1755 [All Branded SDK-based App] Secure offline activation mode.

• Currently, the offline activation is based on the device date-time. So some users can change the phone time and trigger the offline activation before the actual configured time. The main purpose of this new feature is to implement a more secured offline activation to avoid those cheat cases, and to always keep offline activation at the correct date-time by leveraging the device boot and actual local true date-time.

  • 

• Important edge cases:

  • In case the user reboot his/her phone, and then opens the app again, the user will be asked though a pop-up message to connect to the internet (online) at least once.

    • This internet connection pop-up will appear if (1) the user shutdown/reset/out of battery, and (2) once user opens app again, phone is with no or poor internet connection. The text is adjustable in Crowdin.

  • In case the user removes and reinstalls the app, the function should work as normal.

  • 

https://jira.secutix.com/browse/TIX2-183 TIXNGO Beacon Identifier not in separate column in the mobile logs in the TIXNGO console.

• As an organizer, I can know which tickets were activated by which beacon, in the new “Beacon name” column, which is displayed in the “Mobile Logs” screen and the “Mobile logs of spectator” list of the “Support Page” screen, as follow:

  • Steward – valid name
  • Steward – invalid name
  • Gate – valid name
  • Gate – invalid name

https://jira.secutix.com/browse/TIX2-1962 Assign (keep) data missing fields (Nationality + ID passport number) + data feedback to S360.

• The organizer can decide if the Nationality + ID passport number are requested (mandatory or optional) or not, when a ticket holder is assigning a ticket to someone coming along. The value of these two new fields are sent to S-360 through the TIXNGO-S-360 feedback interface.

• Backoffice AdminTool 2.0 Console >  Setting > Assignment Configuration: Nationality + ID passport number
  • 
• Backoffice AdminTool 2.0 Console >  Support ticket
  • 

https://jira.secutix.com/browse/TIX2-2137 Ticket activation / green & blue screen don't disappear by themselves if no click.

• Ticket activation green & blue screens is used to display gate/entrance/turnstile information on the screen.

• Change previous behavior: the spectator must tap the colored screen to remove it.
• Change new behavior:
  • The spectator must tap the colored screen to remove it, if the new application setting color.fading.countdown is set to 0 (default 0).
  • The colored screen is automatically removed, after X seconds set in the the new application setting color.fading.countdown.

https://jira.secutix.com/browse/TIX2-383 As an AdminTool user, I have more flexibility when setting Promos in the app.

• 1 or 2 free Promos

  • As an AdminTool user, I can set in AdminTool / Settings / Application Settings and Multilingual Settings up to 2 Promos in the app, with the following parameters: Image Url, Position, Title, Description, Url.

  • Change previous behavior: These Promos will be displayed as long as the wallet owner has at least one active or future ticket.

  • Change new behavior: These Promos will be always displayed (i.e. no condition on ticket).

• 1 "thank you for attending..." Promo → no change

  • As an Organizer, I can ask TIXnGO to set one "thank you for attending..." with their logo in the backend.

  • This Promo will be displayed as long as the wallet owner has no more active, nor future, but at least one past ticket.

  • This one is in Crowdin.

• Relative position between Events List Promo 1 and Promo 2 → no change

  • website_first

  • otherapp_first

https://jira.secutix.com/browse/TIX2-1987 As a wallet user, I see an asterisk ("*") next to mandatory fields.

• If the gender parameter is optional  if the gender parameter is mandatory:

https://jira.secutix.com/browse/TIX2-181 As a wallet user, I receive by email the same registration code 5 times in a row, AND I can try to enter the registration code at a maximum 5 times.

• As a wallet user, I receive by email the same registration code 5 times in a row (i.e. first email, and then if tapping up to 4 times on "I did not receive my registration code: Resend"), then the registration code changes for the next 5 "Resend" requests, and so on. Sending 5 times the same registration code will help in case of bad network, we want to make sure the end user will enter the correct registration code.

  • 

• As a wallet user, I can enter and confirm a registration code 5 times max, then the wallet will request me to ask for a new registration code. This is a security measure to avoid brut force attack on the backend through API while registering, the backend should grant only 5 tries. After that, the end user will have to ask for a new registration code. The mobile app properly displays and explains the 5 unsuccessful tries and that a new code is required.

  • 

https://jira.secutix.com/browse/TIX2-1157 As a AdminTool 2.0 user, I have to pass a Second Factor Authentification (2FA)

• In the way to increase the security of the system, the organizer admin-user (AU) can enable/disable a Second Factor Authentification (2FA) on the AdminTool for the users (i.e. support-user (SU), basic-user (BU), moderator (Mod)). The feature is disabled by default. If the organizer also wants to activate the 2FA for the AU, they should contact TIXNGO as an additional service.
• Experience
  • 
  • At the first login, a QR-Code is displayed to set the secret tokens (e.g. in Google Authenticator mobile app).
    • 
  • After a first successful login, at the next logins, the user inputs the real time 6-digit secret code (3 attempts max).
    • 
  • The AU can force the display of a new QR-Code at the next login if needed (which invalid the previous one).
    • 
• A comprehensive manual is available in the Backoffice manual / 2-Factor Authentication.