Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0045963Retail ModulesWeb POSpublic2021-02-26 13:142021-03-02 08:48
Reportermigueldejuana 
Assigned Toprakashmurugesan88 
PriorityimmediateSeveritycriticalReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Versionpi 
Target VersionRR20Q3.5Fixed in VersionRR20Q3.5 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerNo
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0045963: We are sending credentials using GET
DescriptionThe request used by Terminal Authentication is using GET method and we are setting credentials in the params.

For security reasons, we must use POST in this case.
Steps To Reproducen/a
Proposed SolutionThis component:

enyo.kind({
  kind: 'enyo.Ajax',
  name: 'OB.OBPOSLogin.UI.LoginRequest',
  classes: 'obObposLoginUiLoginRequest',
  url: '../../org.openbravo.retail.posterminal.service.loginutils',
  method: 'GET',
  handleAs: 'json',
  contentType: 'application/json;charset=utf-8'
});


must use POST and we should handle it properly in MobileCoreLoginUtilsServlet
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0045960 closed prakashmurugesan88 We are sending credentials using GET 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2021-02-26 13:15migueldejuanaTypedefect => backport
2021-02-26 13:15migueldejuanaTarget Version => RR20Q3.5
2021-03-02 08:10hgbotMerge Request Status => open
2021-03-02 08:10hgbotNote Added: 0126448
2021-03-02 08:10hgbotNote Added: 0126449
2021-03-02 08:27hgbotMerge Request Statusopen => approved
2021-03-02 08:48hgbotResolutionopen => fixed
2021-03-02 08:48hgbotStatusscheduled => closed
2021-03-02 08:48hgbotNote Added: 0126462
2021-03-02 08:48hgbotFixed in Version => RR20Q3.5
2021-03-02 08:48hgbotNote Added: 0126463
2021-03-02 08:48hgbotNote Added: 0126464
2021-03-02 08:48hgbotNote Added: 0126465

Notes
(0126448)
hgbot   
2021-03-02 08:10   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/176 [^]
(0126449)
hgbot   
2021-03-02 08:10   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/332 [^]
(0126462)
hgbot   
2021-03-02 08:48   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/176 [^]
(0126463)
hgbot   
2021-03-02 08:48   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 470fc94a134b23963d6ff876cf62ee2c7308acd0
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T12:16:12+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/470fc94a134b23963d6ff876cf62ee2c7308acd0 [^]

Fixed BUG-45963 : Changed Terminal Authentication request from GET to POST for security purpose
* Included post method in MobileCoreLoginUtilsServlet

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java
---
(0126464)
hgbot   
2021-03-02 08:48   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^]
Changeset: 79b9c46fd6e08f2ccb33d4983340243156153851
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T12:16:34+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/79b9c46fd6e08f2ccb33d4983340243156153851 [^]

Fixed BUG-45963 : Changed Terminal Authentication request from GET to POST for security purpose

---
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---
(0126465)
hgbot   
2021-03-02 08:48   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/332 [^]