Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0034584 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | major | sometimes | 2016-11-18 14:55 | 2016-12-21 17:00 | |||
| Reporter | malsasua | View Status | public | |||||
| Assigned To | guilleaer | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | RR17Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 6443ad2cb8e3 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | marvintm | |||||||
| OBNetwork customer | OBPS | |||||||
| Support ticket | 44470 | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0034584: it is possible to hack the "Terminal Authentication Security" | |||||||
| Description | we have seen in one customer the next error in "Errors while Importing" window: . receipt related with a cashup processed In the log client window there are the next records: day 1 - session identifier 1 day 2 - session identifier 2 day 3 - session identifier 1 and now, the session identified associated to the terminal is "session identifier 1" | |||||||
| Steps To Reproduce | n/a | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0092787) guilleaer (viewer) 2016-12-19 16:47 edited on: 2016-12-19 16:47 |
This is what I think that happened. Naming: -------- Physical device 1 -> PD1 Physical device 2 -> PD2 Pos Terminal VBS-1 -> VBS1 Pre requisites: --------------- -clean cashup in VBS1 -Enable terminal authentication -Unlink VBS1 day 1 ----- One user using PD1 logs in into VBS1 - 1st authenticate the terminal - 2nd login create a sale and process it (documentNo 127) go to offline create a sale and process it (documentNo 128) create a sale and process it (documentNo 129) close the browser day 2 ----- From ERP unlink VBS1 From PD2 try to log in into VBS1 - 1st authenticate the terminal - 2nd login create a sale and process it (documentNo 128) create a sale and process it (documentNo 129) - do a cashup day 3 ----- From ERP unlink VBS1 From PD1 log in into VBS1 - 1st authenticate the terminal - 2nd login Now not synchronized orders from day 1 are synchronized Go to "errors while importing" window -> 2 orders should appear there (128 and 129) |
|
(0092789) guilleaer (viewer) 2016-12-19 17:15 |
Next actions: Add log in the process to unlink the terminal, because this information will validate this theory in case that it happens in the future. |
|
(0092895) hgbot (developer) 2016-12-21 10:35 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: 6443ad2cb8e34d35abc1bb9a2459654f61ebff63 Author: Guillermo Alvarez de Eulate <guillermo.alvarez <at> openbravo.com> Date: Tue Dec 20 13:40:02 2016 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6443ad2cb8e34d35abc1bb9a2459654f61ebff63 [^] Fixed issue 34584: Added log to track when a terminal is linked and unlinked --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java M src/org/openbravo/retail/posterminal/process/UnlinkDeviceActionHandler.java M web/org.openbravo.retail.posterminal/js/login/model/login-model.js --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-11-18 14:55 | malsasua | New Issue | |
| 2016-11-18 14:55 | malsasua | Assigned To | => Retail |
| 2016-11-18 14:55 | malsasua | OBNetwork customer | => Yes |
| 2016-11-18 14:55 | malsasua | Support ticket | => 44470 |
| 2016-11-18 14:55 | malsasua | Resolution time | => 1481324400 |
| 2016-11-18 14:55 | malsasua | Triggers an Emergency Pack | => No |
| 2016-12-14 16:39 | jorge-garcia | Assigned To | Retail => jorge-garcia |
| 2016-12-15 13:09 | jorge-garcia | Assigned To | jorge-garcia => Retail |
| 2016-12-19 16:47 | guilleaer | Note Added: 0092787 | |
| 2016-12-19 16:47 | guilleaer | Note Edited: 0092787 | View Revisions |
| 2016-12-19 17:15 | guilleaer | Note Added: 0092789 | |
| 2016-12-21 10:35 | hgbot | Checkin | |
| 2016-12-21 10:35 | hgbot | Note Added: 0092895 | |
| 2016-12-21 10:35 | hgbot | Status | new => resolved |
| 2016-12-21 10:35 | hgbot | Resolution | open => fixed |
| 2016-12-21 10:35 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6443ad2cb8e34d35abc1bb9a2459654f61ebff63 [^] |
| 2016-12-21 16:58 | marvintm | Assigned To | Retail => guilleaer |
| 2016-12-21 17:00 | marvintm | Review Assigned To | => marvintm |
| 2016-12-21 17:00 | marvintm | Status | resolved => closed |
| 2016-12-21 17:00 | marvintm | Fixed in Version | => RR17Q1 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |