Openbravo Issue Tracking System - POS2 |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0047255 | POS2 | POS | public | 2021-06-28 10:50 | 2021-06-28 16:20 |
|
| Reporter | cberner | |
| Assigned To | cberner | |
| Priority | high | Severity | critical | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Support ticket | |
| Regression level | Pre packaging ( pi ) |
| Regression date | 2021-06-21 |
| Regression introduced in release | |
| Regression introduced by commit | https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^] |
| Triggers an Emergency Pack | No |
|
| Summary | 0047255: Profile change invalidates current session, requiring log-in again |
| Description | When changing profile, the session is invalidated, making it impossible to switch profile or pay tickets without relogging. It is not possible to switch back to the previous profile either, without relogging.
This makes profile button/feature useless, as it requires marking by default a profile, instead of using the expected switch to x profile, as expected.
In backend when the profile changes this is the message that appears in tomcat log:
2021-06-28 10:39:38,095 [http-nio-8080-exec-1] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.retail.posterminal.OrderLoader, SessionID=A0A04E29ED22683F1153877A5C1CAED7, SessionToken=3F503F025D9D40629D3BFDC99098FDD5, RequestToken=8FB1701AE7E14C48B6D25C88F2E8E4A7
|
| Steps To Reproduce | 1. Open and login in WebPOS
2. Click on user and Profile, change it to something else
3. Try to pay a ticket, or opening profile popup again. (it will fail with a similar error as in attached screenshot)
You may reproduce it in livebuilds: https://livebuilds.openbravo.com/retail_pos2_pgsql/web/pos/?terminal=VBS-2 [^] |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | backport | 0047257 | TAP | closed | cberner | Profile change invalidates current session, requiring log-in again | | caused by | defect | 0046814 | | closed | caristu | JIRA 1730 - TerminalLogLoader - Error 401 |
|
| Attached Files |  localhost_3000__terminal=VBS-2(pos2) (70).png (89,409) 2021-06-28 10:50
https://issues.openbravo.com/file_download.php?file_id=15965&type=bug
|
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2021-06-28 10:50 | cberner | New Issue | |
| 2021-06-28 10:50 | cberner | Assigned To | => platform |
| 2021-06-28 10:50 | cberner | File Added: localhost_3000__terminal=VBS-2(pos2) (70).png | |
| 2021-06-28 10:50 | cberner | Resolution time | => 1625436000 |
| 2021-06-28 10:50 | cberner | Triggers an Emergency Pack | => No |
| 2021-06-28 10:50 | cberner | Status | new => acknowledged |
| 2021-06-28 10:50 | cberner | Assigned To | platform => cberner |
| 2021-06-28 10:52 | cberner | Description Updated | bug_revision_view_page.php?rev_id=22795#r22795 |
| 2021-06-28 12:09 | cberner | Note Added: 0129851 | |
| 2021-06-28 13:11 | cberner | Status | acknowledged => scheduled |
| 2021-06-28 13:25 | hgbot | Note Added: 0129853 | |
| 2021-06-28 15:29 | hgbot | Resolution | open => fixed |
| 2021-06-28 15:29 | hgbot | Status | scheduled => closed |
| 2021-06-28 15:29 | hgbot | Note Added: 0129856 | |
| 2021-06-28 15:29 | hgbot | Note Added: 0129857 | |
| 2021-06-28 16:12 | caristu | Relationship added | caused by 0046814 |
| 2021-06-28 16:19 | cberner | Regression level | => Coding ( Testing ) |
| 2021-06-28 16:19 | cberner | Regression date | => 2021-06-21 |
| 2021-06-28 16:20 | cberner | Regression level | Coding ( Testing ) => Pre packaging ( pi ) |
| 2021-06-28 16:20 | cberner | Regression introduced by commit | => https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^] |
|
Notes |
|
|
|
|
|
|
(0129853)
|
|
hgbot
|
|
2021-06-28 13:25
|
|
|
|
|
(0129856)
|
|
hgbot
|
|
2021-06-28 15:29
|
|
Directly closing issue as related merge request is already approved.
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: c26dab3c58d030fab5c26a3cc04b4bf6c765e6b0
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2021-06-28T13:19:36+02:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/c26dab3c58d030fab5c26a3cc04b4bf6c765e6b0 [^]
Fixes ISSUE-47255: Profile change invalidates current session, requiring login again
Profile change removes the current session, resulting in it being
invalidated. However, after that restore session is executed(by
refreshing the window), it should take care of recovering the previous
session and adding new information, like for example the csrf token.
The problem is, InitializeAppData has been modified to only saving csrf token
on login, which is not always the case. If the session or token changes
between a refresh of the application, it is necessary to retrieve the
new one, without requiring to do login.
This commit fixes it by reverting the change done in
InitializeAppData(which removed saving csrf token). Now CSRF token is
saved in savePreRenderActionsResponse function and as such it is
possible to retrieve it in restore session flow, which also fixes the
profile change issue.
---
M web-jspack/org.openbravo.core2/src/components/AppBar/ProfileSelector/__test__/ProfileSelector.test.jsx
M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js
M web-jspack/org.openbravo.core2/src/core/authentication/__test__/RestoreSession.test.js
---
|
|
|
|
(0129857)
|
|
hgbot
|
|
2021-06-28 15:29
|
|
|