Openbravo Issue Tracking System - POS2
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0056149POS2POSpublic2024-08-01 13:472024-09-09 18:30
Reporternjimenez 
Assigned Tocaristu 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version24Q4 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0056149: Authorization code open id protocol does not work while making login in sco
DescriptionRight now it is possible to make login with the open id protocol in the pos application. Also should be possible to do login with open id in the sco application too but there is a problem with the authorization code protocol

The login in sco for external authorization was defined thinking on pkce protocol were the communication exchange take place in the pos application side. Once you receive the token with the user information the call to the backoffice is done to validate the received user identifier.

This is why in sco there were no problem on making two different calls one to the switch user approval and the second to the login handler with the same user credentials information as at this point non communication is going to be performed with the authorization provider.

The problem that we have found in the authorization code protocol is that we are expecting to make the communication exchange to obtain the token id with the user information in the backoffice side. So the second attept to make authorization, this is when the login handler calls, will always be refused as we are trying to call a second time to the authorization provider to obtain the token id with the same code.
Steps To Reproduce1. Configure an authentication provider at the backoffice with type opend id and authorization code protocol

https://wiki.openbravo.com/wiki/Authentication#OpenID_Authentication [^]

2. Open the pos application
3. Do click on switch to sco mode button
4. Click on authorization provider button instead of providing user credentials
5. See how the screen gets blocked doing login
Proposed Solution1. In MobileCoreLoginHandler class we are going to add a new validation in doPost method to switch application.

if (req.getParameter("switchAppMode")) {
 // Authenticate to make sure if the switch application mode can be done
 // The authenticated user will be saved
}

This validation will be done before calling LoginHandler in line 120.

In login hanler a protected method called for example, authenticate(request, response) will be added.

This method will be check the session value stored in the previous step. If it does exist the session value will be removed and returned to the login handler, otherwise, the reqular authentication will be performed.

With those changes the class shouldn be needed but there are more validations performed here. Maybe will be needed to be done on mobile core or just remove the authentication from switch user.





Additional Information
TagsNo tags attached.
Relationships
related to feature request 0055941 closed njimenez Login and approvals in pos with oauth2 
causes defect 0056430 closed jarmendariz Unable to switch from SCO to POS 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2024-08-01 13:47njimenezNew Issue
2024-08-01 13:47njimenezAssigned To => Triage Platform Conn
2024-08-01 13:47njimenezTriggers an Emergency Pack => No
2024-08-01 13:47njimenezRelationship addedrelated to 0055941
2024-08-13 10:10adrianromeroAssigned ToTriage Platform Conn => ignacio_deandres
2024-08-13 10:59njimenezProposed Solution updated
2024-08-19 09:31hgbotNote Added: 0168199
2024-08-21 14:50hgbotNote Added: 0168326
2024-08-21 14:51hgbotNote Added: 0168327
2024-08-21 14:51hgbotNote Added: 0168328
2024-08-30 12:45hgbotNote Added: 0168587
2024-08-30 13:26hgbotNote Added: 0168593
2024-09-02 11:33adrianromeroAssigned Toignacio_deandres => caristu
2024-09-09 18:04hgbotNote Added: 0168978
2024-09-09 18:04hgbotNote Added: 0168979
2024-09-09 18:14hgbotNote Added: 0168980
2024-09-09 18:14hgbotNote Added: 0168981
2024-09-09 18:16hgbotNote Added: 0168982
2024-09-09 18:16hgbotResolutionopen => fixed
2024-09-09 18:16hgbotStatusnew => closed
2024-09-09 18:16hgbotFixed in Version => 24Q4
2024-09-09 18:16hgbotNote Added: 0168983
2024-09-09 18:16hgbotNote Added: 0168984
2024-09-09 18:16hgbotNote Added: 0168985
2024-09-09 18:30hgbotNote Added: 0168986
2024-09-11 14:23jarmendarizRelationship addedcauses 0056430

Notes
(0168199)
hgbot   
2024-08-19 09:31   
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1331 [^]
(0168326)
hgbot   
2024-08-21 14:50   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1567 [^]
(0168327)
hgbot   
2024-08-21 14:51   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^]
(0168328)
hgbot   
2024-08-21 14:51   
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^]
(0168587)
hgbot   
2024-08-30 12:45   
Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^]
(0168593)
hgbot   
2024-08-30 13:26   
Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^]
(0168978)
hgbot   
2024-09-09 18:04   
Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: 8d1ea0c066af49b6a00b9f9cbe8a856b6e8f8262
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:04:19
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/8d1ea0c066af49b6a00b9f9cbe8a856b6e8f8262 [^]

related to BUG-56149: make getAuthenticationManager more generic

---
M src/org/openbravo/base/secureApp/LoginHandler.java
---
(0168979)
hgbot   
2024-09-09 18:04   
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1331 [^]
(0168980)
hgbot   
2024-09-09 18:14   
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 81b830a53e0861685180c75318969824dfe299ae
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:14:35
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/81b830a53e0861685180c75318969824dfe299ae [^]

related to BUG-56149: custom authentication flow for user switch

  Add support to an special authentication when switching the user to enter with a new application mode. This is used to avoid requesting the credentials twice which makes the authentication with external providers not to work properly in this scenario.

  Note that although the user switching is a core2 feature, we are adding it here because the current hierarchy of LoginHandlers defined by mobile applications (like POS2) does not allow to place this infrastructure in the core2 module.

---
A src/org/openbravo/mobile/core/login/SwitchedUserAuthenticationManager.java
M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java
---
(0168981)
hgbot   
2024-09-09 18:14   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^]
(0168982)
hgbot   
2024-09-09 18:16   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1567 [^]
(0168983)
hgbot   
2024-09-09 18:16   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 72d51dc758f36ea1fb9e3fedce207e3e7aa24e77
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:15:58
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/72d51dc758f36ea1fb9e3fedce207e3e7aa24e77 [^]

fixes BUG-56149: support switch user with external authentication providers

---
M src-db/database/sourcedata/AD_MESSAGE.xml
M src/org/openbravo/core2/process/CheckUserSwitch.java
M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js
M web-jspack/org.openbravo.core2/src/model/session/__test__/ClearSession-actionPreparation.test.js
M web-jspack/org.openbravo.core2/src/model/session/actions/ClearSessionActionPreparation.js
M web-jspack/org.openbravo.core2/src/model/session/user-actions/SwitchUser.js
---
(0168984)
hgbot   
2024-09-09 18:16   
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout [^]
Changeset: bd6f9812faad04bef992b54fde99820695279ef4
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:16:52
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/commit/bd6f9812faad04bef992b54fde99820695279ef4 [^]

related to BUG-56149: support switch user with external authentication providers

---
M src-db/database/sourcedata/AD_MESSAGE.xml
M src/org/openbravo/pos2/selfcheckout/login/SCOAutologinHandler.java
M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchToPOS.js
M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchToSelfCheckout.js
M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchUserFunctions.js
---
(0168985)
hgbot   
2024-09-09 18:16   
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^]
(0168986)
hgbot   
2024-09-09 18:30   
Repository: https://gitlab.com/openbravo/ci/backoffice-api [^]
Changeset: e078e76e18e32a98f379da24ff9074c37a794ab9
Author: Carlos Aristu <carlos.aristu@openbravo.com>
Date: 09-09-2024 18:30:06
URL: https://gitlab.com/openbravo/ci/backoffice-api/-/commit/e078e76e18e32a98f379da24ff9074c37a794ab9 [^]

related to FR-56149: change LoginHandler.getAuthenticationManager signature

---
M java/reference/java.japi.gz
---