Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0054921 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [POS2] Core | major | have not tried | 2024-03-12 10:59 | 2024-07-15 08:05 | |||
| Reporter | caristu | View Status | public | |||||
| Assigned To | eugen_hamuraru | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 24Q4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0054921: User actions defined in standalone infrastructure modules cannot be securized | |||||||
| Description | User actions defined in standalone infrastructure modules cannot be securized. | |||||||
| Steps To Reproduce | 0) In a POS2 environment, install the org.openbravo.authentication.webauthn. This is an "infrastructure module". 1) Go to the [Role] window, select a role 2) Go to the [User Action Access] subtab and create a new record - User Action: "Register User" - active: false 3) Login in backoffice as System Administrator, in Authentication Provider Configuration window create a new record (type: "Web Authentication", Application: "Sales Touchpoint", Authentication Flow: "Login and Approvals") 4) Login in the POS with the role selected in step 1) 5) Click in the user button at the top-right part of the window. In the popup that is opened, note that the "WebAuthn Register" button is available (not disabled) although we should not have access to the "Register User" user action that this button triggers. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0162010) caristu (manager) 2024-03-12 11:01 |
This is happening because standalone infrastructure modules are not being taken into account here[1]. User actions that belong to this kind of modules should also be taken into account. [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/blob/master/src/org/openbravo/core2/login/GrantedUserActionsProvider.java?ref_type=heads#L100 [^] |
|
(0166250) hgbot (developer) 2024-06-24 12:23 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1525 [^] |
|
(0166251) hgbot (developer) 2024-06-24 12:28 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1283 [^] |
|
(0166291) hgbot (developer) 2024-06-25 10:26 |
Merge request closed: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1283 [^] |
|
(0166951) hgbot (developer) 2024-07-15 08:05 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1525 [^] |
|
(0166952) hgbot (developer) 2024-07-15 08:05 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: afd7ec2d7f2043b944890399e538616bdec5a638 Author: Eugen Hamuraru <eugen.hamuraru@openbravo.com> Date: 15-07-2024 06:05:35 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/afd7ec2d7f2043b944890399e538616bdec5a638 [^] Fixes BUG-54921: user actions of infrastructure modules cannot be securized --- M src/org/openbravo/core2/build/ModuleInfoGenerator.java M src/org/openbravo/core2/build/ProductionBundleBuilder.java M src/org/openbravo/core2/build/ReactBuildUtils.java M src/org/openbravo/core2/login/GrantedUserActionsProvider.java M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2024-03-12 10:59 | caristu | New Issue | |
| 2024-03-12 10:59 | caristu | Assigned To | => Triage Platform Base |
| 2024-03-12 10:59 | caristu | Triggers an Emergency Pack | => No |
| 2024-03-12 11:00 | caristu | Relationship added | related to 0054737 |
| 2024-03-12 11:01 | caristu | Note Added: 0162010 | |
| 2024-03-12 11:01 | caristu | Summary | User actions defined in infrastructure modules cannot be securized => User actions defined in standalone infrastructure modules cannot be securized |
| 2024-03-12 11:01 | caristu | Description Updated | View Revisions |
| 2024-05-29 16:42 | adrianromero | Assigned To | Triage Platform Base => ignacio_deandres |
| 2024-06-14 14:20 | adrianromero | Assigned To | ignacio_deandres => eugen_hamuraru |
| 2024-06-17 16:58 | eugen_hamuraru | Steps to Reproduce Updated | View Revisions |
| 2024-06-24 12:23 | hgbot | Note Added: 0166250 | |
| 2024-06-24 12:28 | hgbot | Note Added: 0166251 | |
| 2024-06-25 10:26 | hgbot | Note Added: 0166291 | |
| 2024-06-28 12:35 | caristu | Relationship added | related to 0055865 |
| 2024-07-15 08:05 | hgbot | Note Added: 0166951 | |
| 2024-07-15 08:05 | hgbot | Resolution | open => fixed |
| 2024-07-15 08:05 | hgbot | Status | new => closed |
| 2024-07-15 08:05 | hgbot | Fixed in Version | => 24Q4 |
| 2024-07-15 08:05 | hgbot | Note Added: 0166952 | |
| 2024-07-17 15:37 | alostale | Relationship added | causes 0056053 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |