Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0045963 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Retail Modules] Web POS | critical | always | 2021-02-26 13:14 | 2021-03-02 08:48 | |||
| Reporter | migueldejuana | View Status | public | |||||
| Assigned To | prakashmurugesan88 | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | RR20Q3.5 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | RR20Q3.5 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | pi | SCM revision | ||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0045963: We are sending credentials using GET | |||||||
| Description | The request used by Terminal Authentication is using GET method and we are setting credentials in the params. For security reasons, we must use POST in this case. | |||||||
| Steps To Reproduce | n/a | |||||||
| Proposed Solution | This component: enyo.kind({ kind: 'enyo.Ajax', name: 'OB.OBPOSLogin.UI.LoginRequest', classes: 'obObposLoginUiLoginRequest', url: '../../org.openbravo.retail.posterminal.service.loginutils', method: 'GET', handleAs: 'json', contentType: 'application/json;charset=utf-8' }); must use POST and we should handle it properly in MobileCoreLoginUtilsServlet | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0126448) hgbot (developer) 2021-03-02 08:10 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/176 [^] |
|
(0126449) hgbot (developer) 2021-03-02 08:10 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/332 [^] |
|
(0126462) hgbot (developer) 2021-03-02 08:48 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/176 [^] |
|
(0126463) hgbot (developer) 2021-03-02 08:48 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 470fc94a134b23963d6ff876cf62ee2c7308acd0 Author: Prakash M <prakash@qualiantech.com> Date: 2021-03-02T12:16:12+05:30 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/470fc94a134b23963d6ff876cf62ee2c7308acd0 [^] Fixed BUG-45963 : Changed Terminal Authentication request from GET to POST for security purpose * Included post method in MobileCoreLoginUtilsServlet --- M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java --- |
|
(0126464) hgbot (developer) 2021-03-02 08:48 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^] Changeset: 79b9c46fd6e08f2ccb33d4983340243156153851 Author: Prakash M <prakash@qualiantech.com> Date: 2021-03-02T12:16:34+05:30 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/79b9c46fd6e08f2ccb33d4983340243156153851 [^] Fixed BUG-45963 : Changed Terminal Authentication request from GET to POST for security purpose --- M web/org.openbravo.retail.posterminal/js/login/model/login-model.js --- |
|
(0126465) hgbot (developer) 2021-03-02 08:48 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/332 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2021-02-26 13:15 | migueldejuana | Type | defect => backport |
| 2021-02-26 13:15 | migueldejuana | Target Version | => RR20Q3.5 |
| 2021-03-02 08:10 | hgbot | Merge Request Status | => open |
| 2021-03-02 08:10 | hgbot | Note Added: 0126448 | |
| 2021-03-02 08:10 | hgbot | Note Added: 0126449 | |
| 2021-03-02 08:27 | hgbot | Merge Request Status | open => approved |
| 2021-03-02 08:48 | hgbot | Resolution | open => fixed |
| 2021-03-02 08:48 | hgbot | Status | scheduled => closed |
| 2021-03-02 08:48 | hgbot | Note Added: 0126462 | |
| 2021-03-02 08:48 | hgbot | Fixed in Version | => RR20Q3.5 |
| 2021-03-02 08:48 | hgbot | Note Added: 0126463 | |
| 2021-03-02 08:48 | hgbot | Note Added: 0126464 | |
| 2021-03-02 08:48 | hgbot | Note Added: 0126465 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |