Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0035435Openbravo ERPA. Platformpublic2017-03-06 12:272017-03-15 20:21
Reportergorkaion 
Assigned Togorkaion 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR17Q2 
Merge Request Status
Review Assigned Toalostale
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0035435: Authentication Manager is calling LoginUtils.getValidUserId() directly breaking custom authentication implementations
DescriptionThe AuthenticationManager and DefaultAuthenticationManager calls the LoginUtils.getValidUserId() method to check the user/password against the Openbravo database.

If a Custom Authentication is developed that does not store in the AD_User table the passwords it can't extend the DefaultAuthenticationManager and has to reimplement all the required logic.

A new protected method is required in the AuthenticationManager class to check the user/password and return the userId of the Openbravo database. The DefaultAuthenticationManager and AuthenticationManager should be updated to use this method instead of calling directly the LoginUtils.getValidUserId() method.

Steps To ReproduceN/A
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 0055823 new Triage Platform Base User locking check should not be done in WS requests for WS-only users 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-03-06 12:27gorkaionNew Issue
2017-03-06 12:27gorkaionAssigned To => gorkaion
2017-03-06 12:27gorkaionModules => Core
2017-03-06 12:27gorkaionResolution time => 1489964400
2017-03-06 12:27gorkaionTriggers an Emergency Pack => No
2017-03-06 12:27gorkaionReview Assigned To => alostale
2017-03-09 16:42hgbotCheckin
2017-03-09 16:42hgbotNote Added: 0094884
2017-03-09 16:42hgbotStatusnew => resolved
2017-03-09 16:42hgbotResolutionopen => fixed
2017-03-09 16:42hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 [^]
2017-03-10 09:33hgbotCheckin
2017-03-10 09:33hgbotNote Added: 0094895
2017-03-10 09:35alostaleNote Added: 0094896
2017-03-10 09:35alostaleStatusresolved => closed
2017-03-10 09:35alostaleFixed in Version => 3.0PR17Q2
2017-03-15 20:21hudsonbotCheckin
2017-03-15 20:21hudsonbotNote Added: 0095282
2017-03-15 20:21hudsonbotCheckin
2017-03-15 20:21hudsonbotNote Added: 0095283
2024-06-24 11:42caristuRelationship addedrelated to 0055823

Notes
(0094884)
hgbot   
2017-03-09 16:42   
Repository: erp/devel/pi
Changeset: 8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7
Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com>
Date: Mon Mar 06 23:38:22 2017 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 [^]

Fixed issue 35435. Centralize in protected method user and password check

New protected method checkUserPassword() has been added in AuthenticationManager
to centralize all the calls to check the user and password.

The DefaultAuthenticationManager now catches AuthenticationExceptions in case
the implementations of the new method throw it instead of returning null user
id.

checkIfPasswordExpired() method changed to protected() to allow
AuthenticationManager implementations to customize the password expiration
check.

---
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
---
(0094895)
hgbot   
2017-03-10 09:33   
Repository: erp/devel/pi
Changeset: 5985bdee4c4ef800091b02c315d6b04df2249476
Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com>
Date: Fri Mar 10 09:33:16 2017 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/5985bdee4c4ef800091b02c315d6b04df2249476 [^]

Related to issue 35435. Improved comment on user null check

---
M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
---
(0094896)
alostale   
2017-03-10 09:35   
code reviewed

dafault authentication manager tested with:
* valid user
* incorrect user/password
* locked user
* expired password
(0095282)
hudsonbot   
2017-03-15 20:21   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^]
Maturity status: Test
(0095283)
hudsonbot   
2017-03-15 20:21   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^]
Maturity status: Test