Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0035435 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| design defect | [Openbravo ERP] A. Platform | major | always | 2017-03-06 12:27 | 2017-03-15 20:21 | |||
| Reporter | gorkaion | View Status | public | |||||
| Assigned To | gorkaion | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | 3.0PR17Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 8a5a253ca4c6 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | alostale | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0035435: Authentication Manager is calling LoginUtils.getValidUserId() directly breaking custom authentication implementations | |||||||
| Description | The AuthenticationManager and DefaultAuthenticationManager calls the LoginUtils.getValidUserId() method to check the user/password against the Openbravo database. If a Custom Authentication is developed that does not store in the AD_User table the passwords it can't extend the DefaultAuthenticationManager and has to reimplement all the required logic. A new protected method is required in the AuthenticationManager class to check the user/password and return the userId of the Openbravo database. The DefaultAuthenticationManager and AuthenticationManager should be updated to use this method instead of calling directly the LoginUtils.getValidUserId() method. | |||||||
| Steps To Reproduce | N/A | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0094884) hgbot (developer) 2017-03-09 16:42 |
Repository: erp/devel/pi Changeset: 8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com> Date: Mon Mar 06 23:38:22 2017 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 [^] Fixed issue 35435. Centralize in protected method user and password check New protected method checkUserPassword() has been added in AuthenticationManager to centralize all the calls to check the user and password. The DefaultAuthenticationManager now catches AuthenticationExceptions in case the implementations of the new method throw it instead of returning null user id. checkIfPasswordExpired() method changed to protected() to allow AuthenticationManager implementations to customize the password expiration check. --- M src/org/openbravo/authentication/AuthenticationManager.java M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java --- |
|
(0094895) hgbot (developer) 2017-03-10 09:33 |
Repository: erp/devel/pi Changeset: 5985bdee4c4ef800091b02c315d6b04df2249476 Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com> Date: Fri Mar 10 09:33:16 2017 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/5985bdee4c4ef800091b02c315d6b04df2249476 [^] Related to issue 35435. Improved comment on user null check --- M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java --- |
|
(0094896) alostale (manager) 2017-03-10 09:35 |
code reviewed dafault authentication manager tested with: * valid user * incorrect user/password * locked user * expired password |
|
(0095282) hudsonbot (developer) 2017-03-15 20:21 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
(0095283) hudsonbot (developer) 2017-03-15 20:21 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-03-06 12:27 | gorkaion | New Issue | |
| 2017-03-06 12:27 | gorkaion | Assigned To | => gorkaion |
| 2017-03-06 12:27 | gorkaion | Modules | => Core |
| 2017-03-06 12:27 | gorkaion | Resolution time | => 1489964400 |
| 2017-03-06 12:27 | gorkaion | Triggers an Emergency Pack | => No |
| 2017-03-06 12:27 | gorkaion | Review Assigned To | => alostale |
| 2017-03-09 16:42 | hgbot | Checkin | |
| 2017-03-09 16:42 | hgbot | Note Added: 0094884 | |
| 2017-03-09 16:42 | hgbot | Status | new => resolved |
| 2017-03-09 16:42 | hgbot | Resolution | open => fixed |
| 2017-03-09 16:42 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 [^] |
| 2017-03-10 09:33 | hgbot | Checkin | |
| 2017-03-10 09:33 | hgbot | Note Added: 0094895 | |
| 2017-03-10 09:35 | alostale | Note Added: 0094896 | |
| 2017-03-10 09:35 | alostale | Status | resolved => closed |
| 2017-03-10 09:35 | alostale | Fixed in Version | => 3.0PR17Q2 |
| 2017-03-15 20:21 | hudsonbot | Checkin | |
| 2017-03-15 20:21 | hudsonbot | Note Added: 0095282 | |
| 2017-03-15 20:21 | hudsonbot | Checkin | |
| 2017-03-15 20:21 | hudsonbot | Note Added: 0095283 | |
| 2024-06-24 11:42 | caristu | Relationship added | related to 0055823 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |