Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0045961Retail ModulesWeb POSpublic2021-02-26 13:142021-03-02 08:44
Reportermigueldejuana 
Assigned Toprakashmurugesan88 
PriorityimmediateSeveritycriticalReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Versionpi 
Target VersionRR21Q1Fixed in VersionRR21Q1 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0045961: We are sending credentials using GET
DescriptionThe request used by Terminal Authentication is using GET method and we are setting credentials in the params.

For security reasons, we must use POST in this case.
Steps To Reproducen/a
Proposed SolutionThis component:

enyo.kind({
  kind: 'enyo.Ajax',
  name: 'OB.OBPOSLogin.UI.LoginRequest',
  classes: 'obObposLoginUiLoginRequest',
  url: '../../org.openbravo.retail.posterminal.service.loginutils',
  method: 'GET',
  handleAs: 'json',
  contentType: 'application/json;charset=utf-8'
});


must use POST and we should handle it properly in MobileCoreLoginUtilsServlet
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0045960 closed prakashmurugesan88 We are sending credentials using GET 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2021-02-26 13:15migueldejuanaTypedefect => backport
2021-02-26 13:15migueldejuanaTarget Version => RR21Q1
2021-03-02 07:57hgbotNote Added: 0126442
2021-03-02 07:57hgbotNote Added: 0126443
2021-03-02 08:44hgbotResolutionopen => fixed
2021-03-02 08:44hgbotStatusscheduled => closed
2021-03-02 08:44hgbotFixed in Version => RR21Q1
2021-03-02 08:44hgbotNote Added: 0126454
2021-03-02 08:44hgbotNote Added: 0126455
2021-03-02 08:44hgbotNote Added: 0126456
2021-03-02 08:44hgbotNote Added: 0126457

Notes
(0126442)
hgbot   
2021-03-02 07:57   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/329 [^]
(0126443)
hgbot   
2021-03-02 07:57   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/173 [^]
(0126454)
hgbot   
2021-03-02 08:44   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 692e71ecef55941d2eaeaddd4be0417bdba2d4fb
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T11:37:57+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/692e71ecef55941d2eaeaddd4be0417bdba2d4fb [^]

Fixed BUG-45961 : Changed Terminal Authentication request from GET to POST for security purpose
* Included post method in MobileCoreLoginUtilsServlet

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java
---
(0126455)
hgbot   
2021-03-02 08:44   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/173 [^]
(0126456)
hgbot   
2021-03-02 08:44   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^]
Changeset: 570b7518d244f397e809c0a425f5ea1ffabde1eb
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T11:38:39+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/570b7518d244f397e809c0a425f5ea1ffabde1eb [^]

Fixed BUG-45961 : Changed Terminal Authentication request from GET to POST for security purpose

---
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---
(0126457)
hgbot   
2021-03-02 08:44   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/329 [^]