Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0036238Openbravo ERPA. Platformpublic2017-06-12 23:382017-06-23 13:08
Reportermtaal 
Assigned Tomtaal 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target Version3.0PR17Q3Fixed in Version 
Merge Request Status
Review Assigned ToAugustoMauch
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0036238: Support basic authentication: if a stateless request has an invalid login then set the status code to unauthorized
DescriptionTo support handling of basic authentication in stateless request set the unauthorized status code if a login is invalid.

[1]
https://code.openbravo.com/erp/devel/pi/file/91dbb09a074c/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java#l215 [^]
Steps To Reproducedo stateless request with basic authentication without sending basic authentication information as headers.

[1]
https://code.openbravo.com/tools/automation/pi-mobile/file/f86a6cbf1ea6/src-test/org/openbravo/test/mobile/retail/mobilecore/webservice/WebServicesHelper.java#l227 [^]
Proposed Solutionadd these lines
+ if (AuthenticationManager.isStatelessRequest(request)) {
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ }
Additional Information
TagsNo tags attached.
Relationships
related to feature request 0035325RR17Q3 closed mtaal Retail Modules Support basic authentication in mobile service calls 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-06-12 23:38mtaalNew Issue
2017-06-12 23:38mtaalAssigned To => mtaal
2017-06-12 23:38mtaalModules => Core
2017-06-12 23:38mtaalTriggers an Emergency Pack => No
2017-06-12 23:38mtaalReview Assigned To => AugustoMauch
2017-06-12 23:38mtaalProposed Solution updated
2017-06-12 23:39hgbotCheckin
2017-06-12 23:39hgbotNote Added: 0097333
2017-06-12 23:39hgbotStatusnew => resolved
2017-06-12 23:39hgbotResolutionopen => fixed
2017-06-12 23:39hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/cf22410613135f0682d438831914a4a64999ab56 [^]
2017-06-12 23:39mtaalRelationship addedrelated to 0035325
2017-06-12 23:41hgbotCheckin
2017-06-12 23:41hgbotNote Added: 0097334
2017-06-12 23:41hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/devel/pi/rev/cf22410613135f0682d438831914a4a64999ab56 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/882327cc2f61b4800dd0571870d52b7fcd3ba34e [^]
2017-06-12 23:42hgbotCheckin
2017-06-12 23:42hgbotNote Added: 0097335
2017-06-13 07:41hudsonbotCheckin
2017-06-13 07:41hudsonbotNote Added: 0097340
2017-06-23 13:08AugustoMauchNote Added: 0097607
2017-06-23 13:08AugustoMauchStatusresolved => closed

Notes
(0097333)
hgbot   
2017-06-12 23:39   
Repository: erp/devel/pi
Changeset: cf22410613135f0682d438831914a4a64999ab56
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Jun 12 23:38:46 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/cf22410613135f0682d438831914a4a64999ab56 [^]

Fixes issue 36238: Support basic authentication: if a stateless request has an invalid login then set the status code to unauthorized
Set status unauthorized

---
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
---
(0097334)
hgbot   
2017-06-12 23:41   
Repository: erp/pmods/org.openbravo.mobile.core
Changeset: 882327cc2f61b4800dd0571870d52b7fcd3ba34e
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Jun 12 23:40:56 2017 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/882327cc2f61b4800dd0571870d52b7fcd3ba34e [^]

Fixes issue 36238: Support basic authentication: if a stateless request has an invalid login then set the status code to unauthorized
Set the correct headers in case of basic authentication

---
M src/org/openbravo/mobile/core/process/WebServiceAuthenticatedServlet.java
---
(0097335)
hgbot   
2017-06-12 23:42   
Repository: tools/automation/pi-mobile
Changeset: a908718d22c17d1c80c1fe555d7e86b57d5ea147
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Jun 12 23:42:32 2017 +0200
URL: http://code.openbravo.com/tools/automation/pi-mobile/rev/a908718d22c17d1c80c1fe555d7e86b57d5ea147 [^]

Related to issue 36238: Support basic authentication: if a stateless request has an invalid login then set the status code to unauthorized
Adapt test cases to use new basic authentication approach

---
M src-test/org/openbravo/test/mobile/retail/extmodules/unittest/tests/statelesswebservice/StatelessRetailOrderLoaderTest.java
M src-test/org/openbravo/test/mobile/retail/mobilecore/webservice/WebServicesHelper.java
---
(0097340)
hudsonbot   
2017-06-13 07:41   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/44d87c9454e7 [^]
Maturity status: Test
(0097607)
AugustoMauch   
2017-06-23 13:08   
Code reviewed