Openbravo Issue Tracking System - POS2
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0046814POS2POSpublic2021-05-24 16:022021-06-21 13:53
Reporterjmelin 
Assigned Tocaristu 
PriorityhighSeverityminorReproducibilitysometimes
StatusclosedResolutionfixed 
PlatformOS30OS VersionOpenbravo Appliance 14.04
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0046814: JIRA 1730 - TerminalLogLoader - Error 401
DescriptionOn the POS, we have in console/network a 401 error on TerminalLogLoader

Request URL: https://agapes-test.cloud.openbravo.com/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.mobile.core.TerminalLogLoader?$timeout=15000 [^]
Request Method: POST
Status Code: 401 401

Response:
{"response":{"status":-1,"error":{"message":"Request CSRF Token does not match with the one provided by Session","messageType":"Error","title":""},"totalRows":0}}



EDIT ggi:

* Summary:

Most probably the problem is related to the synchronization buffer starting to soon.

* Details:

When the login finish it is saved the csrf token, that is needed for all the requests to backend to work.

Looks like the synchronization buffer is trying to start sending messages to backend when we still don't have this csrf token.

It fails with the terminal log messages because they are the most common messages, also are generated while logout and when user is doing login, so is common to have terminal log messages waiting that the synchronization buffer starts after login to start synchronizing them

* Proposed fix:

Delay the start of the synchronization buffer till we have the csrf token.
Steps To Reproduce1. Connect to POS
2. Start to create an order and wait sometimes

=> After sometimes, you have an error 401

In the log of the OB Central server:
2021-05-24 14:02:52,329 [http-6] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.mobile.core.TerminalLogLoader, SessionID=BD542A0BA4D64A1962BB9E9E9ECF8614, SessionToken=8FCA6897EF3E4F0AAD32EA39789DA5D2, RequestToken=3E07EB9164CC4D58AE6853F56C389079
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
depends on backport 0046896TAP closed caristu JIRA 1730 - TerminalLogLoader - Error 401 
causes defect 0047255 closed cberner Profile change invalidates current session, requiring log-in again 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2021-05-24 16:02jmelinNew Issue
2021-05-24 16:02jmelinAssigned To => Retail
2021-05-24 16:02jmelinTriggers an Emergency Pack => No
2021-05-25 12:11gorka_gilNote Added: 0128611
2021-05-25 12:16gorka_gilDescription Updatedbug_revision_view_page.php?rev_id=22597#r22597
2021-05-25 12:16gorka_gilNote Deleted: 0128611
2021-05-25 12:20guilleaerResolution time => 1623103200
2021-05-25 12:20guilleaerAssigned ToRetail => platform
2021-05-25 12:20guilleaerStatusnew => scheduled
2021-05-25 12:20guilleaerStatusscheduled => acknowledged
2021-05-25 18:48guilleaerResolution time1623103200 => 1623362400
2021-05-28 13:23gorka_gilAssigned Toplatform => gorka_gil
2021-05-28 22:19guilleaerStatusacknowledged => scheduled
2021-05-28 22:19guilleaerRelationship deleteddepends on 0046827
2021-06-09 12:02gorka_gilSeveritymajor => minor
2021-06-09 12:02gorka_gilNote Added: 0129251
2021-06-09 16:57guilleaerSeverityminor => major
2021-06-10 17:56guilleaerAssigned Togorka_gil => caristu
2021-06-10 17:56guilleaerSeveritymajor => minor
2021-06-10 17:57guilleaerNote Added: 0129358
2021-06-10 17:57guilleaerResolution time1623362400 => 1623967200
2021-06-10 17:59guilleaerResolution time1623967200 => 1623880800
2021-06-11 12:22hgbotNote Added: 0129408
2021-06-11 12:47hgbotNote Added: 0129409
2021-06-21 13:53hgbotNote Added: 0129685
2021-06-21 13:53hgbotNote Added: 0129686
2021-06-21 13:53hgbotResolutionopen => fixed
2021-06-21 13:53hgbotStatusscheduled => closed
2021-06-21 13:53hgbotNote Added: 0129687
2021-06-21 13:53hgbotNote Added: 0129688
2021-06-28 16:12caristuRelationship addedcauses 0047255

Notes
(0129251)
gorka_gil   
2021-06-09 12:02   
Reducing from major to minor, since no information is lost, it will synchronize after the message with no problems
(0129358)
guilleaer   
2021-06-10 17:57   
Even being minor, this issue needs to be backported
(0129408)
hgbot   
2021-06-11 12:22   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/554 [^]
(0129409)
hgbot   
2021-06-11 12:47   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^]
(0129685)
hgbot   
2021-06-21 13:53   
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 6f1fb510e486382721ce7ef0c28245b60abca5a8
Author: Carlos Aristu <carlos.aristu@openbravo.com>
Date: 2021-06-21T10:21:00+02:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/6f1fb510e486382721ce7ef0c28245b60abca5a8 [^]

related to ISSUE-46814: include CSRF token on login response

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java
---
(0129686)
hgbot   
2021-06-21 13:53   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^]
(0129687)
hgbot   
2021-06-21 13:53   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 204b1a709ed0077358e345ae50063a0acb8e77da
Author: Carlos Aristu <carlos.aristu@openbravo.com>
Date: 2021-06-21T11:53:25+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^]

fixes ISSUE-46814: failed request due to incorrect CSRF token

  Fix failed request done right after login because it is done with an
invalid CSRF token.

  This problem happens because the synchronization buffer is started
before retrieving the CSRF token on login. Therefore, if there are
pending synchronization buffer messages to synchronize with the backend
which require an HTTP request to be processed, the request fails because
the CSRF token has not been retrieved yet.

  Fixing this problem by including the CSRF token on the login request
itself (see [1]), and saving it in the client before starting the
synchronization buffer.

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^]

---
M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js
M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js
M web-jspack/org.openbravo.core2/src/core/authentication/__test__/LoginProcess.test.js
M web-jspack/org.openbravo.core2/src/core/authentication/__test__/RestoreSession.test.js
---
(0129688)
hgbot   
2021-06-21 13:53   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/554 [^]