Openbravo Issue Tracking System - Retail Modules |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0047888 | Retail Modules | Web POS | public | 2021-10-20 06:57 | 2021-12-31 14:08 |
|
| Reporter | alostale | |
| Assigned To | cberner | |
| Priority | urgent | Severity | major | Reproducibility | unable to reproduce |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | RR22Q1 | Fixed in Version | RR22Q1 | |
| Merge Request Status | approved |
| Review Assigned To | |
| OBNetwork customer | OBPS |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0047888: checkServerAvailability does not fail even if the session is corrupted |
| Description | If a session is corrupted and its csrf token is lost, POS goes offline on the next online POST request as it returns correctly 401 due to missing token, which is correct.
When in offline checkServerAvailability requests are sent, they respond with 200 so POS considers it is online, although the next POST request will also fail. |
| Steps To Reproduce | Although it is unclear why the session got corrupted, this is part of a sequence of requests seen in an actual customer (attached the full sequence of requests received for that session):
1. 19:04 - 19:12 regular activity
2. 19:12:14 AppCacheManifest 200 -> reload page? Might the session be corrupted after this one
3. 19:21:09 ProcessCashClose 401 -> the request is sent without csrf token which makes the validation fail which makes the pos to go offline
4. checkServerAvailability every 10s 200 -> 3 successful requests make pos to go online
5. ProcessCashClose 401 -> actual request fails again so pos is offline again
6. repeats steps 4 and 5 |
| Proposed Solution | checkServerAvailability should include a csrf token check and in case it is not valid the user should be notified and sent back to login window as their session is not valid anymore. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | feature request | 0039123 | | closed | jarmendariz | Openbravo ERP | Add CSRF Token support |
|
| Attached Files |  25390BD087868B3F5BEB2CDCEAD44D9E.log (950,589) 2021-10-20 06:58
https://issues.openbravo.com/file_download.php?file_id=16280&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2021-10-20 06:57 | alostale | New Issue | |
| 2021-10-20 06:57 | alostale | Assigned To | => platform |
| 2021-10-20 06:57 | alostale | OBNetwork customer | => No |
| 2021-10-20 06:57 | alostale | Triggers an Emergency Pack | => No |
| 2021-10-20 06:57 | alostale | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=23204#r23204 |
| 2021-10-20 06:58 | alostale | File Added: 25390BD087868B3F5BEB2CDCEAD44D9E.log | |
| 2021-10-20 07:14 | alostale | Relationship added | related to 0039123 |
| 2021-10-20 12:22 | alostale | OBNetwork customer | No => OBPS |
| 2021-11-16 16:54 | egoitz | Issue Monitored: egoitz | |
| 2021-11-23 17:25 | hgbot | Merge Request Status | => open |
| 2021-11-23 17:25 | hgbot | Note Added: 0133308 | |
| 2021-11-24 18:25 | hgbot | Note Added: 0133334 | |
| 2021-11-26 14:36 | hgbot | Note Added: 0133391 | |
| 2021-12-16 18:12 | hgbot | Merge Request Status | open => approved |
| 2021-12-16 18:12 | hgbot | Note Added: 0133785 | |
| 2021-12-16 18:12 | hgbot | Note Added: 0133786 | |
| 2021-12-27 16:08 | AugustoMauch | Assigned To | platform => cberner |
| 2021-12-27 16:08 | AugustoMauch | Status | new => scheduled |
| 2021-12-31 14:08 | hgbot | Note Added: 0134085 | |
| 2021-12-31 14:08 | hgbot | Note Added: 0134086 | |
| 2021-12-31 14:08 | hgbot | Resolution | open => fixed |
| 2021-12-31 14:08 | hgbot | Status | scheduled => closed |
| 2021-12-31 14:08 | hgbot | Fixed in Version | => RR22Q1 |
| 2021-12-31 14:08 | hgbot | Note Added: 0134087 | |
| 2021-12-31 14:08 | hgbot | Note Added: 0134088 | |
|
Notes |
|
|
(0133308)
|
|
hgbot
|
|
2021-11-23 17:25
|
|
|
|
|
(0133334)
|
|
hgbot
|
|
2021-11-24 18:25
|
|
|
|
|
(0133391)
|
|
hgbot
|
|
2021-11-26 14:36
|
|
|
|
|
(0133785)
|
|
hgbot
|
|
2021-12-16 18:12
|
|
|
|
|
(0133786)
|
|
hgbot
|
|
2021-12-16 18:12
|
|
|
|
|
(0134085)
|
|
hgbot
|
|
2021-12-31 14:08
|
|
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 038f77b993724e9e8dc621f0cab8295fa313fecf
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 31-12-2021 14:06:47
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/038f77b993724e9e8dc621f0cab8295fa313fecf [^]
Related to ISSUE-47888: Show dialog when user session is broken and requires logging out
If session is in an unrecoverable offline mode, the user requires to
logs out and back in to have a new csrf token for him. This project
shows this dialog to the user every 2 minutes and informs him on the
actions required to have a valid online session.
---
M src-db/database/sourcedata/AD_MESSAGE.xml
M web-jspack/org.openbravo.core2/src/components/BaseDialog/BaseDialog.scss
M web-jspack/org.openbravo.core2/src/components/StatusBar/ServerStatusButton.jsx
M web-jspack/org.openbravo.core2/src/components/StatusBar/stories/ServerStatusButton.stories.jsx
M web-jspack/org.openbravo.core2/src/components/StatusBar/stories/StatusBarStoriesUtils.jsx
M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js
M web-jspack/org.openbravo.core2/src/core/remote-server/BackendServer.js
M web-jspack/org.openbravo.core2/src/core/remote-server/__test__/BackendServer.test.js
M web-jspack/org.openbravo.core2/src/model/session/__test__/Logout.test.js
M web-jspack/org.openbravo.core2/src/model/session/user-actions/Logout.js
---
|
|
|
|
(0134086)
|
|
hgbot
|
|
2021-12-31 14:08
|
|
|
|
|
(0134087)
|
|
hgbot
|
|
2021-12-31 14:08
|
|
Directly closing issue as related merge request is already approved.
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 595f45b20ba8d2572b92d0fc5f9e095cd6602501
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 31-12-2021 14:04:17
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/595f45b20ba8d2572b92d0fc5f9e095cd6602501 [^]
Fixes ISSUE-47888: CSRF token offline improvements
Shows the user a confirmation message when it's session has been
broken when csrf token mismatchs and informs that it's in
an unrecoverable offline state until he logs back in again.
This message is shown every 2 minutes until the users logs out so the
session can be regenerated.
---
A web/org.openbravo.mobile.core/app/model/business-object/remote-server/actions/SetUnrecoverableOffline.js
M src-db/database/sourcedata/AD_MESSAGE.xml
M src/org/openbravo/mobile/core/MobileCoreComponentProvider.java
M web-test/integration/remote-server/BackendServer.test.js
M web-test/integration/remote-server/RemoteServer.test.js
M web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js
M web/org.openbravo.mobile.core/app/integration/remote-server/RemoteServer.js
M web/org.openbravo.mobile.core/app/util/network/Request.js
M web/org.openbravo.mobile.core/app/view/DialogUIHandler.js
M web/org.openbravo.mobile.core/source/component/ob-menu.js
---
|
|
|
|
(0134088)
|
|
hgbot
|
|
2021-12-31 14:08
|
|
|