Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0035435
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] A. Platformmajoralways2017-03-06 12:272017-03-15 20:21
ReportergorkaionView Statuspublic 
Assigned Togorkaion 
PriorityhighResolutionfixedFixed in Version3.0PR17Q2
StatusclosedFix in branchFixed in SCM revision8a5a253ca4c6
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0035435: Authentication Manager is calling LoginUtils.getValidUserId() directly breaking custom authentication implementations

DescriptionThe AuthenticationManager and DefaultAuthenticationManager calls the LoginUtils.getValidUserId() method to check the user/password against the Openbravo database.

If a Custom Authentication is developed that does not store in the AD_User table the passwords it can't extend the DefaultAuthenticationManager and has to reimplement all the required logic.

A new protected method is required in the AuthenticationManager class to check the user/password and return the userId of the Openbravo database. The DefaultAuthenticationManager and AuthenticationManager should be updated to use this method instead of calling directly the LoginUtils.getValidUserId() method.

Steps To ReproduceN/A
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0094884)
hgbot (developer)
2017-03-09 16:42

Repository: erp/devel/pi
Changeset: 8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7
Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com>
Date: Mon Mar 06 23:38:22 2017 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 [^]

Fixed issue 35435. Centralize in protected method user and password check

New protected method checkUserPassword() has been added in AuthenticationManager
to centralize all the calls to check the user and password.

The DefaultAuthenticationManager now catches AuthenticationExceptions in case
the implementations of the new method throw it instead of returning null user
id.

checkIfPasswordExpired() method changed to protected() to allow
AuthenticationManager implementations to customize the password expiration
check.

---
M src/org/openbravo/authentication/AuthenticationManager.java
M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
---
(0094895)
hgbot (developer)
2017-03-10 09:33

Repository: erp/devel/pi
Changeset: 5985bdee4c4ef800091b02c315d6b04df2249476
Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com>
Date: Fri Mar 10 09:33:16 2017 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/5985bdee4c4ef800091b02c315d6b04df2249476 [^]

Related to issue 35435. Improved comment on user null check

---
M src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
---
(0094896)
alostale (developer)
2017-03-10 09:35

code reviewed

dafault authentication manager tested with:
* valid user
* incorrect user/password
* locked user
* expired password
(0095282)
hudsonbot (developer)
2017-03-15 20:21

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^]
Maturity status: Test
(0095283)
hudsonbot (developer)
2017-03-15 20:21

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2017-03-06 12:27 gorkaion New Issue
2017-03-06 12:27 gorkaion Assigned To => gorkaion
2017-03-06 12:27 gorkaion Modules => Core
2017-03-06 12:27 gorkaion Triggers an Emergency Pack => No
2017-03-06 12:27 gorkaion Review Assigned To => alostale
2017-03-09 16:42 hgbot Checkin
2017-03-09 16:42 hgbot Note Added: 0094884
2017-03-09 16:42 hgbot Status new => resolved
2017-03-09 16:42 hgbot Resolution open => fixed
2017-03-09 16:42 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/8a5a253ca4c6f48d2e4d0b7ea2b4d1410f977ff7 [^]
2017-03-10 09:33 hgbot Checkin
2017-03-10 09:33 hgbot Note Added: 0094895
2017-03-10 09:35 alostale Note Added: 0094896
2017-03-10 09:35 alostale Status resolved => closed
2017-03-10 09:35 alostale Fixed in Version => 3.0PR17Q2
2017-03-15 20:21 hudsonbot Checkin
2017-03-15 20:21 hudsonbot Note Added: 0095282
2017-03-15 20:21 hudsonbot Checkin
2017-03-15 20:21 hudsonbot Note Added: 0095283


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker