Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0047888Retail ModulesWeb POSpublic2021-10-20 06:572021-12-31 14:08
Reporteralostale 
Assigned Tocberner 
PriorityurgentSeveritymajorReproducibilityunable to reproduce
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionRR22Q1Fixed in VersionRR22Q1 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0047888: checkServerAvailability does not fail even if the session is corrupted
DescriptionIf a session is corrupted and its csrf token is lost, POS goes offline on the next online POST request as it returns correctly 401 due to missing token, which is correct.

When in offline checkServerAvailability requests are sent, they respond with 200 so POS considers it is online, although the next POST request will also fail.
Steps To ReproduceAlthough it is unclear why the session got corrupted, this is part of a sequence of requests seen in an actual customer (attached the full sequence of requests received for that session):

1. 19:04 - 19:12 regular activity
2. 19:12:14 AppCacheManifest 200 -> reload page? Might the session be corrupted after this one
3. 19:21:09 ProcessCashClose 401 -> the request is sent without csrf token which makes the validation fail which makes the pos to go offline
4. checkServerAvailability every 10s 200 -> 3 successful requests make pos to go online
5. ProcessCashClose 401 -> actual request fails again so pos is offline again
6. repeats steps 4 and 5
Proposed SolutioncheckServerAvailability should include a csrf token check and in case it is not valid the user should be notified and sent back to login window as their session is not valid anymore.
Additional Information
TagsNo tags attached.
Relationships
related to feature request 0039123 closed jarmendariz Openbravo ERP Add CSRF Token support 
Attached Fileslog 25390BD087868B3F5BEB2CDCEAD44D9E.log (950,589) 2021-10-20 06:58
https://issues.openbravo.com/file_download.php?file_id=16280&type=bug
Issue History
Date ModifiedUsernameFieldChange
2021-10-20 06:57alostaleNew Issue
2021-10-20 06:57alostaleAssigned To => platform
2021-10-20 06:57alostaleTriggers an Emergency Pack => No
2021-10-20 06:57alostaleSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=23204#r23204
2021-10-20 06:58alostaleFile Added: 25390BD087868B3F5BEB2CDCEAD44D9E.log
2021-10-20 07:14alostaleRelationship addedrelated to 0039123
2021-11-16 16:54egoitzIssue Monitored: egoitz
2021-11-23 17:25hgbotNote Added: 0133308
2021-11-24 18:25hgbotNote Added: 0133334
2021-11-26 14:36hgbotNote Added: 0133391
2021-12-16 18:12hgbotNote Added: 0133785
2021-12-16 18:12hgbotNote Added: 0133786
2021-12-27 16:08AugustoMauchAssigned Toplatform => cberner
2021-12-27 16:08AugustoMauchStatusnew => scheduled
2021-12-31 14:08hgbotNote Added: 0134085
2021-12-31 14:08hgbotNote Added: 0134086
2021-12-31 14:08hgbotResolutionopen => fixed
2021-12-31 14:08hgbotStatusscheduled => closed
2021-12-31 14:08hgbotFixed in Version => RR22Q1
2021-12-31 14:08hgbotNote Added: 0134087
2021-12-31 14:08hgbotNote Added: 0134088

Notes
(0133308)
hgbot   
2021-11-23 17:25   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/303 [^]
(0133334)
hgbot   
2021-11-24 18:25   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/672 [^]
(0133391)
hgbot   
2021-11-26 14:36   
Merge Request created: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/merge_requests/5 [^]
(0133785)
hgbot   
2021-12-16 18:12   
Repository: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration [^]
Changeset: ddf1e62d995685d8ff42361d4f549dfa5ca721cd
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 26-11-2021 11:56:59
URL: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/commit/ddf1e62d995685d8ff42361d4f549dfa5ca721cd [^]

Related to ISSUE-47888: Proxy request with error should not proceed

Previously proxy bp requests allowed errors to slip through, this means
that if for example we get a 401 error when doing the request, it will
fail because there's no data present in the response. This is fixed by
rejecting the request if it contains an error.

---
M web/org.openbravo.retail.samplebpintegration/js/SampleBPIntegrationProxy.js
---
(0133786)
hgbot   
2021-12-16 18:12   
Merge request merged: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/merge_requests/5 [^]
(0134085)
hgbot   
2021-12-31 14:08   
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 038f77b993724e9e8dc621f0cab8295fa313fecf
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 31-12-2021 14:06:47
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/038f77b993724e9e8dc621f0cab8295fa313fecf [^]

Related to ISSUE-47888: Show dialog when user session is broken and requires logging out

If session is in an unrecoverable offline mode, the user requires to
logs out and back in to have a new csrf token for him. This project
shows this dialog to the user every 2 minutes and informs him on the
actions required to have a valid online session.

---
M src-db/database/sourcedata/AD_MESSAGE.xml
M web-jspack/org.openbravo.core2/src/components/BaseDialog/BaseDialog.scss
M web-jspack/org.openbravo.core2/src/components/StatusBar/ServerStatusButton.jsx
M web-jspack/org.openbravo.core2/src/components/StatusBar/stories/ServerStatusButton.stories.jsx
M web-jspack/org.openbravo.core2/src/components/StatusBar/stories/StatusBarStoriesUtils.jsx
M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js
M web-jspack/org.openbravo.core2/src/core/remote-server/BackendServer.js
M web-jspack/org.openbravo.core2/src/core/remote-server/__test__/BackendServer.test.js
M web-jspack/org.openbravo.core2/src/model/session/__test__/Logout.test.js
M web-jspack/org.openbravo.core2/src/model/session/user-actions/Logout.js
---
(0134086)
hgbot   
2021-12-31 14:08   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/672 [^]
(0134087)
hgbot   
2021-12-31 14:08   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 595f45b20ba8d2572b92d0fc5f9e095cd6602501
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 31-12-2021 14:04:17
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/595f45b20ba8d2572b92d0fc5f9e095cd6602501 [^]

Fixes ISSUE-47888: CSRF token offline improvements

Shows the user a confirmation message when it's session has been
broken when csrf token mismatchs and informs that it's in
an unrecoverable offline state until he logs back in again.

This message is shown every 2 minutes until the users logs out so the
session can be regenerated.

---
A web/org.openbravo.mobile.core/app/model/business-object/remote-server/actions/SetUnrecoverableOffline.js
M src-db/database/sourcedata/AD_MESSAGE.xml
M src/org/openbravo/mobile/core/MobileCoreComponentProvider.java
M web-test/integration/remote-server/BackendServer.test.js
M web-test/integration/remote-server/RemoteServer.test.js
M web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js
M web/org.openbravo.mobile.core/app/integration/remote-server/RemoteServer.js
M web/org.openbravo.mobile.core/app/util/network/Request.js
M web/org.openbravo.mobile.core/app/view/DialogUIHandler.js
M web/org.openbravo.mobile.core/source/component/ob-menu.js
---
(0134088)
hgbot   
2021-12-31 14:08   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/303 [^]