Openbravo Issue Tracking System - Retail Modules | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0032284 | Retail Modules | Web POS | public | 2016-02-19 10:04 | 2016-03-01 16:57 |
| Reporter | mtaal | ||||
| Assigned To | mtaal | ||||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Platform | OS | 5 | OS Version | ||
| Product Version | |||||
| Target Version | RR16Q2 | Fixed in Version | |||
| Merge Request Status | |||||
| Review Assigned To | migueldejuana | ||||
| OBNetwork customer | No | ||||
| Support ticket | |||||
| Regression level | |||||
| Regression date | |||||
| Regression introduced in release | |||||
| Regression introduced by commit | |||||
| Triggers an Emergency Pack | No | ||||
| Summary | 0032284: Mobile authentication key exported in sample data | ||||
| Description | It was noticed that a security key was included in the retail sample data for white valley ([1]) and delivery in Q4 retail sample data module. The security key is used to encrypt authentication tokens when doing multi-server logins. It is used in combination with a custom multi-server authentication manager ([2]). The security token is stored for each client in the database in the ad_client table. It is auto-generated (random) if not present in the database. However, in this case ([1]) we already set it for white-valley as it is part of the sample data. If you have the security key, and the server uses the custom multi-server auth manager ([2]) and know how to build a security token (with client id, org id, role id, user id and timestamp), then you can create a valid authentication token and login remotely on OB server in the client for associated with the key (in this case white valley). The key we published is for white valley so helps to login into that client. It does not allow logging into other clients (which have other keys). The authentication key is only relevant when using the customer authentication manager. It does not apply to our standard/other authentication managers. [1] https://code.openbravo.com/erp/pmods/org.openbravo.retail.sampledata/diff/d1bc8d1509f3/referencedata/sampledata/The_White_Valley_Group/AD_CLIENT.xml#l1.18 [^] [2] https://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/file/tip/src/org/openbravo/mobile/core/authenticate/MobileKeyAuthenticationManager.java [^] … | ||||
| Steps To Reproduce | check sample data AD_CLIENT.xml after export sample data | ||||
| Proposed Solution | - remove the key from the sample data - exclude the column from being exported in sample data - hardcode in the custom authentication manager that the key we published can not be used | ||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2016-02-19 10:04 | mtaal | New Issue | |||
| 2016-02-19 10:04 | mtaal | Assigned To | => mtaal | ||
| 2016-02-19 10:04 | mtaal | OBNetwork customer | => No | ||
| 2016-02-19 10:04 | mtaal | Triggers an Emergency Pack | => No | ||
| 2016-02-23 20:32 | hgbot | Checkin | |||
| 2016-02-23 20:32 | hgbot | Note Added: 0084447 | |||
| 2016-02-23 20:34 | hgbot | Checkin | |||
| 2016-02-23 20:34 | hgbot | Note Added: 0084448 | |||
| 2016-02-23 20:34 | hgbot | Status | new => resolved | ||
| 2016-02-23 20:34 | hgbot | Resolution | open => fixed | ||
| 2016-02-23 20:34 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/77ea9517d8784fd7627af204c4e6b3fe7855160d [^] | ||
| 2016-02-23 23:17 | mtaal | Review Assigned To | => migueldejuana | ||
| 2016-02-25 08:35 | hgbot | Checkin | |||
| 2016-02-25 08:35 | hgbot | Note Added: 0084482 | |||
| 2016-03-01 16:57 | migueldejuana | Note Added: 0084634 | |||
| 2016-03-01 16:57 | migueldejuana | Status | resolved => closed | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||