Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0055823Openbravo ERPA. Platformpublic2024-06-24 11:402024-06-24 12:47
Reportercaristu 
Assigned ToTriage Platform Base 
PriorityhighSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0055823: User locking check should not be done in WS requests for WS-only users
DescriptionThe check for the user locking feature[1] should not be done when authenticating via WS. This check is based on the information stored in the AD_Session table. But when authenticating via WS no AD_Session register is created so this check does not make sense at all in this flow, specially when having users configured to only consume WS. This kind of users will never have an entry linked to them in the AD_Session table.

Doing this check has some performance impact when there are a lot of records in the AD_Session which can be avoided in the case of the WS requests.

[1] https://wiki.openbravo.com/wiki/Functional_Documentation/General_Setup#Locking_Users [^]
Steps To Reproduce1) Execute a WS request
2) Note that the UserLock check[1] is done in this flow

[1] https://gitlab.com/openbravo/product/openbravo/-/blob/master/src/org/openbravo/base/secureApp/UserLock.java#L92 [^]
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to design defect 0035435 closed gorkaion Authentication Manager is calling LoginUtils.getValidUserId() directly breaking custom authentication implementations 
related to defect 0044414 new Triage Platform Base UserLock feature (delay login on wrong login) has bad performance by default 
related to defect 0046189 closed alostale WS calls UserLock for every request even within the same session 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2024-06-24 11:40caristuNew Issue
2024-06-24 11:40caristuAssigned To => Triage Platform Base
2024-06-24 11:40caristuModules => Core
2024-06-24 11:40caristuTriggers an Emergency Pack => No
2024-06-24 11:42caristuRelationship addedrelated to 0035435
2024-06-24 11:48caristuRelationship addedrelated to 0044414
2024-06-24 11:49caristuRelationship addedrelated to 0046189
2024-06-24 11:51caristuSummaryUser locking check should not be done in WS authentication => User locking check should not be done in WS requests for WS-only users
2024-06-24 12:47hgbotNote Added: 0166254

Notes
(0166254)
hgbot   
2024-06-24 12:47   
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1284 [^]