Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0034584Retail ModulesWeb POSpublic2016-11-18 14:552016-12-21 17:00
Reportermalsasua 
Assigned Toguilleaer 
PrioritynormalSeveritymajorReproducibilitysometimes
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in VersionRR17Q1 
Merge Request Status
Review Assigned Tomarvintm
OBNetwork customerOBPS
Support ticket44470
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0034584: it is possible to hack the "Terminal Authentication Security"
Descriptionwe have seen in one customer the next error in "Errors while Importing" window:
. receipt related with a cashup processed

In the log client window there are the next records:
day 1 - session identifier 1
day 2 - session identifier 2
day 3 - session identifier 1

and now, the session identified associated to the terminal is "session identifier 1"
Steps To Reproducen/a
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2016-11-18 14:55malsasuaNew Issue
2016-11-18 14:55malsasuaAssigned To => Retail
2016-11-18 14:55malsasuaOBNetwork customer => Yes
2016-11-18 14:55malsasuaSupport ticket => 44470
2016-11-18 14:55malsasuaResolution time => 1481324400
2016-11-18 14:55malsasuaTriggers an Emergency Pack => No
2016-12-14 16:39jorge-garciaAssigned ToRetail => jorge-garcia
2016-12-15 13:09jorge-garciaAssigned Tojorge-garcia => Retail
2016-12-19 16:47guilleaerNote Added: 0092787
2016-12-19 16:47guilleaerNote Edited: 0092787bug_revision_view_page.php?bugnote_id=0092787#r14063
2016-12-19 17:15guilleaerNote Added: 0092789
2016-12-21 10:35hgbotCheckin
2016-12-21 10:35hgbotNote Added: 0092895
2016-12-21 10:35hgbotStatusnew => resolved
2016-12-21 10:35hgbotResolutionopen => fixed
2016-12-21 10:35hgbotFixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6443ad2cb8e34d35abc1bb9a2459654f61ebff63 [^]
2016-12-21 16:58marvintmAssigned ToRetail => guilleaer
2016-12-21 17:00marvintmReview Assigned To => marvintm
2016-12-21 17:00marvintmStatusresolved => closed
2016-12-21 17:00marvintmFixed in Version => RR17Q1

Notes
(0092787)
guilleaer   
2016-12-19 16:47   
This is what I think that happened.

Naming:
--------
Physical device 1 -> PD1
Physical device 2 -> PD2
Pos Terminal VBS-1 -> VBS1

Pre requisites:
---------------
-clean cashup in VBS1
-Enable terminal authentication
-Unlink VBS1

day 1
-----
One user using PD1 logs in into VBS1
- 1st authenticate the terminal
- 2nd login
create a sale and process it (documentNo 127)
go to offline
create a sale and process it (documentNo 128)
create a sale and process it (documentNo 129)
close the browser

day 2
-----
From ERP unlink VBS1
From PD2 try to log in into VBS1
- 1st authenticate the terminal
- 2nd login
create a sale and process it (documentNo 128)
create a sale and process it (documentNo 129)
- do a cashup

day 3
-----
From ERP unlink VBS1
From PD1 log in into VBS1
- 1st authenticate the terminal
- 2nd login
Now not synchronized orders from day 1 are synchronized

Go to "errors while importing" window -> 2 orders should appear there (128 and 129)
(0092789)
guilleaer   
2016-12-19 17:15   
Next actions:

Add log in the process to unlink the terminal, because this information will validate this theory in case that it happens in the future.
(0092895)
hgbot   
2016-12-21 10:35   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 6443ad2cb8e34d35abc1bb9a2459654f61ebff63
Author: Guillermo Alvarez de Eulate <guillermo.alvarez <at> openbravo.com>
Date: Tue Dec 20 13:40:02 2016 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6443ad2cb8e34d35abc1bb9a2459654f61ebff63 [^]

Fixed issue 34584: Added log to track when a terminal is linked and unlinked

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
M src/org/openbravo/retail/posterminal/process/UnlinkDeviceActionHandler.java
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---