Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0045962Retail ModulesWeb POSpublic2021-02-26 13:142021-03-02 08:47
Reportermigueldejuana 
Assigned Toprakashmurugesan88 
PriorityimmediateSeveritycriticalReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Versionpi 
Target VersionRR20Q4.2Fixed in VersionRR20Q4.3 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0045962: We are sending credentials using GET
DescriptionThe request used by Terminal Authentication is using GET method and we are setting credentials in the params.

For security reasons, we must use POST in this case.
Steps To Reproducen/a
Proposed SolutionThis component:

enyo.kind({
  kind: 'enyo.Ajax',
  name: 'OB.OBPOSLogin.UI.LoginRequest',
  classes: 'obObposLoginUiLoginRequest',
  url: '../../org.openbravo.retail.posterminal.service.loginutils',
  method: 'GET',
  handleAs: 'json',
  contentType: 'application/json;charset=utf-8'
});


must use POST and we should handle it properly in MobileCoreLoginUtilsServlet
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0045960 closed prakashmurugesan88 We are sending credentials using GET 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2021-02-26 13:15migueldejuanaTypedefect => backport
2021-02-26 13:15migueldejuanaTarget Version => RR20Q4.2
2021-03-02 08:06hgbotNote Added: 0126446
2021-03-02 08:07hgbotNote Added: 0126447
2021-03-02 08:45hgbotResolutionopen => fixed
2021-03-02 08:45hgbotStatusscheduled => closed
2021-03-02 08:45hgbotNote Added: 0126458
2021-03-02 08:45hgbotFixed in Version => RR20Q4.3
2021-03-02 08:45hgbotNote Added: 0126459
2021-03-02 08:47hgbotNote Added: 0126460
2021-03-02 08:47hgbotNote Added: 0126461

Notes
(0126446)
hgbot   
2021-03-02 08:06   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/175 [^]
(0126447)
hgbot   
2021-03-02 08:07   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/331 [^]
(0126458)
hgbot   
2021-03-02 08:45   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/175 [^]
(0126459)
hgbot   
2021-03-02 08:45   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 95d78b49365873e36d0f83145756a117186bd369
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T07:45:39+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/95d78b49365873e36d0f83145756a117186bd369 [^]

Fixed BUG-45962 : Changed Terminal Authentication request from GET to POST for security purpose
* Included post method in MobileCoreLoginUtilsServlet

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java
---
(0126460)
hgbot   
2021-03-02 08:47   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/331 [^]
(0126461)
hgbot   
2021-03-02 08:47   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^]
Changeset: d6cea1530cc3c7175f31a9719aafeb9753a7b1ea
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T07:46:00+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/d6cea1530cc3c7175f31a9719aafeb9753a7b1ea [^]

Fixed BUG-45962 : Changed Terminal Authentication request from GET to POST for security purpose

---
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---