Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0049411 | Openbravo ERP | A. Platform | public | 2022-05-25 13:14 | 2022-11-21 07:02 |
|
| Reporter | caristu | |
| Assigned To | guillermogil | |
| Priority | high | Severity | minor | Reproducibility | have not tried |
| Status | scheduled | Resolution | open | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | open |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0049411: Password expiration is not checked in the web service authentication flow |
| Description | Password expiration is not checked in the default web service authentication flow |
| Steps To Reproduce | 1) Go to the user window and mark the "Expired Password" flag for a user
2) Execute a web service call, using the crendentials of the user changed in step 1), for example to: <server_url>/openbravo/ws/dal/Country. ERROR: the user is authorized and the WS request is completed although the user password is expired |
| Proposed Solution | Add a password expiration check in the DefaultAuthenticationManager.webServiceAuthenticate method in the same way that it is done for the standard login[1]
[1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java#L153 [^] |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | feature request | 0032285 | 3.0PR16Q3 | closed | NaroaIriarte | make possible to manually set a user as password expired | | related to | feature request | 0031796 | | closed | jonibc | Extend functionality with the option to define a day limit for the password to be changed |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2022-05-25 13:14 | caristu | New Issue | |
| 2022-05-25 13:14 | caristu | Assigned To | => Triage Platform Base |
| 2022-05-25 13:14 | caristu | OBNetwork customer | => No |
| 2022-05-25 13:14 | caristu | Modules | => Core |
| 2022-05-25 13:14 | caristu | Triggers an Emergency Pack | => No |
| 2022-05-25 13:16 | caristu | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=24152#r24152 |
| 2022-05-25 13:19 | caristu | Proposed Solution updated | |
| 2022-05-25 13:20 | caristu | Description Updated | bug_revision_view_page.php?rev_id=24154#r24154 |
| 2022-05-25 13:22 | caristu | Proposed Solution updated | |
| 2022-05-25 13:23 | caristu | Proposed Solution updated | |
| 2022-05-25 13:29 | caristu | Relationship added | related to 0032285 |
| 2022-05-25 13:29 | caristu | Relationship added | related to 0031796 |
| 2022-06-23 12:46 | shuehner | Issue Monitored: shuehner | |
| 2022-11-15 06:56 | guillermogil | Status | new => acknowledged |
| 2022-11-18 17:39 | hgbot | Merge Request Status | => open |
| 2022-11-18 17:39 | hgbot | Note Added: 0143840 | |
| 2022-11-21 07:02 | guillermogil | Status | acknowledged => scheduled |
| 2022-11-21 07:02 | guillermogil | Assigned To | Triage Platform Base => guillermogil |
| 2022-11-23 18:52 | hgbot | Merge Request Status | open => approved |
| 2022-12-01 05:07 | hgbot | Merge Request Status | approved => open |