Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0037667 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| feature request | [Openbravo ERP] A. Platform | major | always | 2018-01-18 11:30 | 2018-02-22 18:19 | |||
| Reporter | marvintm | View Status | public | |||||
| Assigned To | marvintm | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | 3.0PR18Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | ca10efa411dc | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | alostale | |||||||
| OBNetwork customer | OBPS | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0037667: Cookie should be regenerated when logging in the application | |||||||
| Description | The cookie identifier should be regenerated when login occurrs, to prevent some malicious user from having a valid session by getting the cookie identifier before a valid user logs in. | |||||||
| Steps To Reproduce | . | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0101998) hgbot (developer) 2018-01-26 14:21 |
Repository: erp/devel/pi Changeset: 4bf409c90fd1d716d76f8f4d3f582222316c10cd Author: Antonio Moreno <antonio.moreno <at> openbravo.com> Date: Thu Jan 25 17:45:45 2018 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/4bf409c90fd1d716d76f8f4d3f582222316c10cd [^] Fixed issue 37667. Cookie identifier will now be regenerated just after logging in the application. Now every login the session will be invalidated and regenerated immediately, thus forcing a cookie identifier reset. --- M src/org/openbravo/base/secureApp/LoginHandler.java --- |
|
(0101999) hgbot (developer) 2018-01-26 14:21 |
Repository: erp/devel/pi Changeset: b53aa5f1574afc534deaa235f42364784756d8d0 Author: Antonio Moreno <antonio.moreno <at> openbravo.com> Date: Fri Jan 26 09:37:51 2018 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/b53aa5f1574afc534deaa235f42364784756d8d0 [^] Related to issue 37667. Cookie won't be reset in password reset flow, as it was just reset in the previous request. --- M src/org/openbravo/base/secureApp/LoginHandler.java --- |
|
(0102000) hgbot (developer) 2018-01-26 14:21 |
Repository: erp/pmods/org.openbravo.mobile.core Changeset: ca10efa411dc8d9c707ad03a65aa0c8ff6409e4e Author: Antonio Moreno <antonio.moreno <at> openbravo.com> Date: Thu Jan 25 17:41:37 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/ca10efa411dc8d9c707ad03a65aa0c8ff6409e4e [^] Fixed issue 37667. Cookie identifier will now be regenerated just after logging in the application. super.doPost() is now called before setting session information, because the main core implementation of LoginHandler now invalidates and generates a new session to force a cookie identifier reset. Besides, it's no longer necessary to clear the session because the previous one is already invalidated. --- M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java --- |
|
(0102133) hgbot (developer) 2018-02-02 09:09 |
Repository: erp/devel/pi Changeset: 5ae490fd31460fdf1880611bb15426f448d4c7ca Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Fri Feb 02 09:09:39 2018 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/5ae490fd31460fdf1880611bb15426f448d4c7ca [^] related to issue 37667: Cookie should be regenerated when logging -removed uncommented param in javadoc -updated copyright --- M src/org/openbravo/base/secureApp/LoginHandler.java --- |
|
(0102134) alostale (viewer) 2018-02-02 09:10 |
reviewed + tested |
|
(0102521) hgbot (developer) 2018-02-20 10:49 |
Repository: erp/devel/pi Changeset: 1f779d1c4bf0783e42d12140b97db18a8b0ac2ac Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 20 10:48:55 2018 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/1f779d1c4bf0783e42d12140b97db18a8b0ac2ac [^] Verifies issue 37667: Cookie should be regenerated when logging in the application Added ResetCookieOnLogin test. --- M src-test/src/org/openbravo/test/AllWebserviceTests.java A src-test/src/org/openbravo/test/datasource/ResetCookieOnLogin.java --- |
|
(0102690) hudsonbot (viewer) 2018-02-22 18:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/980a6ad5bbf5 [^] Maturity status: Test |
|
(0102691) hudsonbot (viewer) 2018-02-22 18:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/980a6ad5bbf5 [^] Maturity status: Test |
|
(0102709) hudsonbot (viewer) 2018-02-22 18:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/980a6ad5bbf5 [^] Maturity status: Test |
|
(0102779) hudsonbot (viewer) 2018-02-22 18:19 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/980a6ad5bbf5 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2018-01-18 11:30 | marvintm | New Issue | |
| 2018-01-18 11:30 | marvintm | Assigned To | => Retail |
| 2018-01-18 11:30 | marvintm | OBNetwork customer | => No |
| 2018-01-18 11:30 | marvintm | Modules | => Core |
| 2018-01-18 11:30 | marvintm | Triggers an Emergency Pack | => No |
| 2018-01-19 10:54 | marvintm | Resolution time | => 1517526000 |
| 2018-01-19 10:54 | marvintm | OBNetwork customer | No => Yes |
| 2018-01-26 14:21 | hgbot | Checkin | |
| 2018-01-26 14:21 | hgbot | Note Added: 0101998 | |
| 2018-01-26 14:21 | hgbot | Status | new => resolved |
| 2018-01-26 14:21 | hgbot | Resolution | open => fixed |
| 2018-01-26 14:21 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/4bf409c90fd1d716d76f8f4d3f582222316c10cd [^] |
| 2018-01-26 14:21 | hgbot | Checkin | |
| 2018-01-26 14:21 | hgbot | Note Added: 0101999 | |
| 2018-01-26 14:21 | hgbot | Checkin | |
| 2018-01-26 14:21 | hgbot | Note Added: 0102000 | |
| 2018-01-26 14:21 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/4bf409c90fd1d716d76f8f4d3f582222316c10cd [^] => http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/ca10efa411dc8d9c707ad03a65aa0c8ff6409e4e [^] |
| 2018-01-29 09:16 | marvintm | Review Assigned To | => alostale |
| 2018-01-29 09:16 | marvintm | Assigned To | Retail => marvintm |
| 2018-02-02 09:09 | hgbot | Checkin | |
| 2018-02-02 09:09 | hgbot | Note Added: 0102133 | |
| 2018-02-02 09:10 | alostale | Note Added: 0102134 | |
| 2018-02-02 09:10 | alostale | Status | resolved => closed |
| 2018-02-02 09:10 | alostale | Fixed in Version | => 3.0PR18Q2 |
| 2018-02-20 10:49 | hgbot | Checkin | |
| 2018-02-20 10:49 | hgbot | Note Added: 0102521 | |
| 2018-02-22 18:18 | hudsonbot | Checkin | |
| 2018-02-22 18:18 | hudsonbot | Note Added: 0102690 | |
| 2018-02-22 18:18 | hudsonbot | Checkin | |
| 2018-02-22 18:18 | hudsonbot | Note Added: 0102691 | |
| 2018-02-22 18:18 | hudsonbot | Checkin | |
| 2018-02-22 18:18 | hudsonbot | Note Added: 0102709 | |
| 2018-02-22 18:19 | hudsonbot | Checkin | |
| 2018-02-22 18:19 | hudsonbot | Note Added: 0102779 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |