Openbravo Issue Tracking System - Retail Modules |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0045960 | Retail Modules | Web POS | public | 2021-02-26 13:14 | 2022-03-25 06:19 |
|
| Reporter | migueldejuana | |
| Assigned To | prakashmurugesan88 | |
| Priority | immediate | Severity | critical | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | pi | |
| Target Version | | Fixed in Version | RR21Q2 | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0045960: We are sending credentials using GET |
| Description | The request used by Terminal Authentication is using GET method and we are setting credentials in the params.
For security reasons, we must use POST in this case. |
| Steps To Reproduce | n/a |
| Proposed Solution | This component:
enyo.kind({
kind: 'enyo.Ajax',
name: 'OB.OBPOSLogin.UI.LoginRequest',
classes: 'obObposLoginUiLoginRequest',
url: '../../org.openbravo.retail.posterminal.service.loginutils',
method: 'GET',
handleAs: 'json',
contentType: 'application/json;charset=utf-8'
});
must use POST and we should handle it properly in MobileCoreLoginUtilsServlet |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | backport | 0045961 | RR21Q1 | closed | prakashmurugesan88 | We are sending credentials using GET | | depends on | backport | 0045962 | RR20Q4.2 | closed | prakashmurugesan88 | We are sending credentials using GET | | depends on | backport | 0045963 | RR20Q3.5 | closed | prakashmurugesan88 | We are sending credentials using GET |
|
| Attached Files |  I45960_19Q3_MobileCore.patch (6,034) 2022-03-25 06:19
https://issues.openbravo.com/file_download.php?file_id=16806&type=bug
I45960_19Q3_PosTerminal.patch (1,119) 2022-03-25 06:19
https://issues.openbravo.com/file_download.php?file_id=16807&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2021-02-26 13:14 | migueldejuana | New Issue | |
| 2021-02-26 13:14 | migueldejuana | Assigned To | => prakashmurugesan88 |
| 2021-02-26 13:14 | migueldejuana | Triggers an Emergency Pack | => No |
| 2021-02-26 13:15 | migueldejuana | Status | new => scheduled |
| 2021-03-02 08:03 | hgbot | Note Added: 0126444 | |
| 2021-03-02 08:04 | hgbot | Note Added: 0126445 | |
| 2021-03-02 08:42 | hgbot | Resolution | open => fixed |
| 2021-03-02 08:42 | hgbot | Status | scheduled => closed |
| 2021-03-02 08:42 | hgbot | Note Added: 0126450 | |
| 2021-03-02 08:42 | hgbot | Fixed in Version | => RR21Q2 |
| 2021-03-02 08:42 | hgbot | Note Added: 0126451 | |
| 2021-03-02 08:43 | hgbot | Note Added: 0126452 | |
| 2021-03-02 08:43 | hgbot | Note Added: 0126453 | |
| 2022-03-24 09:41 | prakashmurugesan88 | Status | closed => new |
| 2022-03-24 09:41 | prakashmurugesan88 | Status | new => scheduled |
| 2022-03-24 09:41 | prakashmurugesan88 | Status | scheduled => resolved |
| 2022-03-24 09:41 | prakashmurugesan88 | Status | resolved => closed |
| 2022-03-25 06:19 | prakashmurugesan88 | File Added: I45960_19Q3_MobileCore.patch | |
| 2022-03-25 06:19 | prakashmurugesan88 | File Added: I45960_19Q3_PosTerminal.patch | |
|
Notes |
|
|
(0126444)
|
|
hgbot
|
|
2021-03-02 08:03
|
|
|
|
|
(0126445)
|
|
hgbot
|
|
2021-03-02 08:04
|
|
|
|
|
(0126450)
|
|
hgbot
|
|
2021-03-02 08:42
|
|
|
|
|
(0126451)
|
|
hgbot
|
|
2021-03-02 08:42
|
|
|
|
|
(0126452)
|
|
hgbot
|
|
2021-03-02 08:43
|
|
|
|
|
(0126453)
|
|
hgbot
|
|
2021-03-02 08:43
|
|
|