Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0035981 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | major | always | 2017-05-12 09:15 | 2017-10-25 12:21 | |||
| Reporter | jonibc | View Status | public | |||||
| Assigned To | jorge-garcia | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | RR18Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | c89293205f97 | ||||
| Projection | none | ETA | none | Target Version | pi | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | marvintm | |||||||
| OBNetwork customer | OBPS | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0035981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode. | |||||||
| Description | Buttons for customer and locations are not blocked in synchronized mode. If the user click the button, it is possible to click it again, sending multiple requests. A malicious user can block the whole server if thousands of requests are made. It is reproducible in livebuilds. | |||||||
| Steps To Reproduce | 1.- Set "WebPOS Synchronized Mode" preference with value 'Y', check the selected flag. 2.- Login in the WebPOS. 3.- Open customer selection component. 4.- Insert some data for the customer. 5.- Click on Save button several times. It is possible to check in Chrome Developer Tools that several requests are done to the backend. It is possible to reproduce the issue in address component: 1.- Set "WebPOS Synchronized Mode" preference with value 'Y', check the selected flag. 2.- Login in the WebPOS. 3.- Select a customer different from anonymous. 4.- Open the addresses component. 5.- Insert some data for the address, 6.- Click on Save button several times. It is possible to check in Chrome Developer Tools that several requests are done to the backend. | |||||||
| Proposed Solution | Block the buttons once the user click them one time. It would be nice to check if we have the same behavior in other buttons. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  issue35981Posterminal17Q1.diff [^] (11,494 bytes) 2017-10-23 17:47 [Show Content]
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0096737) hgbot (developer) 2017-05-24 08:39 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: c39c5cd6c40102c2dce7872c48da36e7f049657e Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Fri May 19 13:47:38 2017 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c39c5cd6c40102c2dce7872c48da36e7f049657e [^] Fixed issue 35981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode. The solution is to disable buttons of Save and Cancel during the synchronization process, for both standard and synchronize flow. Once the process is ended, the buttons are enable again. Due to the code, it has been necessary to change also the data save process for customer addresses. --- M web/org.openbravo.retail.posterminal/js/data/datacustomeraddrsave.js M web/org.openbravo.retail.posterminal/js/model/bplocation.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/components/sharedcomponents.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/editcreatecustomeraddress.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/components/sharedcomponents.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/editcreatecustomerform.js --- |
|
(0096820) marvintm (viewer) 2017-05-25 19:15 |
There is a problem currently with the Address popup, and you may end up with the buttons permanently disabled: - Click on address selector - Click on button "New Address" - Fill address form fields. - Click on Save. Address is saved, and "Edit" orange button is shown. - Click on Edit button. - Click on Save button again. - Click on Edit button again. - Verify that Save and Cancel buttons are now disabled, and the only way to get them enabled again is to refresh browser. |
|
(0096859) hgbot (developer) 2017-05-29 16:19 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: 6e7556bd0d9982ed6f9832720e89b7b325c54554 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Mon May 29 11:50:13 2017 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6e7556bd0d9982ed6f9832720e89b7b325c54554 [^] Related to issue 35981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode. Added missed callback to reactivate disabled buttons. --- M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/components/sharedcomponents.js --- |
|
(0099983) hgbot (developer) 2017-10-23 09:44 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: e27d059326bf32decf03adf2664d78fda697fccb Author: Miguel de Juana <miguel.dejuana <at> openbravo.com> Date: Tue Oct 17 15:06:54 2017 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e27d059326bf32decf03adf2664d78fda697fccb [^] Fixed issue 0035981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode. - Disable save button when the Save button is clicked. Earlier than we did. There are some hooks that can get time and allow the user to press again wrongly the Save button - Add also double click check avoiding to press twice Save button --- M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/components/sharedcomponents.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/editcreatecustomeraddress.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/components/sharedcomponents.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/editcreatecustomerform.js --- |
|
(0099984) hgbot (developer) 2017-10-23 09:44 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: c89293205f97843b892e530578e79b43e0b4d2df Author: Miguel de Juana <miguel.dejuana <at> openbravo.com> Date: Wed Oct 18 10:13:15 2017 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c89293205f97843b892e530578e79b43e0b4d2df [^] Fixed issue 0035981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode. - Reduce time window for double click from 1 second to 0,5 seconds. We can create a bp and immediately edit it. 0,5 is more accurate for a double click problem --- M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/editcreatecustomeraddress.js M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/editcreatecustomerform.js --- |
|
(0100014) migueldejuana (viewer) 2017-10-24 10:04 |
Last 2 commits are introduced in 18Q1. They just improve the fix done in 17Q3. |
|
(0100052) jorge-garcia (viewer) 2017-10-25 12:21 |
Reviewed and tested. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-05-12 09:15 | jonibc | New Issue | |
| 2017-05-12 09:15 | jonibc | Assigned To | => Retail |
| 2017-05-12 09:15 | jonibc | OBNetwork customer | => Yes |
| 2017-05-12 09:15 | jonibc | Resolution time | => 1495836000 |
| 2017-05-12 09:15 | jonibc | Triggers an Emergency Pack | => No |
| 2017-05-12 10:35 | jonibc | Description Updated | View Revisions |
| 2017-05-12 10:35 | jonibc | Proposed Solution updated | |
| 2017-05-19 09:53 | jorge-garcia | Status | new => scheduled |
| 2017-05-19 09:53 | jorge-garcia | Assigned To | Retail => jorge-garcia |
| 2017-05-24 08:39 | hgbot | Checkin | |
| 2017-05-24 08:39 | hgbot | Note Added: 0096737 | |
| 2017-05-24 08:39 | hgbot | Status | scheduled => resolved |
| 2017-05-24 08:39 | hgbot | Resolution | open => fixed |
| 2017-05-24 08:39 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c39c5cd6c40102c2dce7872c48da36e7f049657e [^] |
| 2017-05-25 19:15 | marvintm | Note Added: 0096820 | |
| 2017-05-25 19:15 | marvintm | Status | resolved => new |
| 2017-05-25 19:15 | marvintm | Resolution | fixed => open |
| 2017-05-25 19:17 | marvintm | Type | design defect => defect |
| 2017-05-29 11:49 | jorge-garcia | Status | new => scheduled |
| 2017-05-29 16:19 | hgbot | Checkin | |
| 2017-05-29 16:19 | hgbot | Note Added: 0096859 | |
| 2017-05-29 16:35 | jorge-garcia | Status | scheduled => resolved |
| 2017-05-29 16:35 | jorge-garcia | Resolution | open => fixed |
| 2017-05-30 17:34 | marvintm | Review Assigned To | => marvintm |
| 2017-05-30 17:34 | marvintm | Status | resolved => closed |
| 2017-05-30 17:34 | marvintm | Fixed in Version | => RR17Q3 |
| 2017-06-19 17:15 | jonibc | Relationship added | related to 0036275 |
| 2017-08-23 10:35 | jonibc | Relationship added | related to 0036701 |
| 2017-10-23 09:44 | hgbot | Checkin | |
| 2017-10-23 09:44 | hgbot | Note Added: 0099983 | |
| 2017-10-23 09:44 | hgbot | Status | closed => resolved |
| 2017-10-23 09:44 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c39c5cd6c40102c2dce7872c48da36e7f049657e [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e27d059326bf32decf03adf2664d78fda697fccb [^] |
| 2017-10-23 09:44 | hgbot | Checkin | |
| 2017-10-23 09:44 | hgbot | Note Added: 0099984 | |
| 2017-10-23 09:44 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e27d059326bf32decf03adf2664d78fda697fccb [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c89293205f97843b892e530578e79b43e0b4d2df [^] |
| 2017-10-23 17:47 | migueldejuana | File Added: issue35981Posterminal17Q1.diff | |
| 2017-10-24 10:04 | migueldejuana | Note Added: 0100014 | |
| 2017-10-25 12:21 | jorge-garcia | Note Added: 0100052 | |
| 2017-10-25 12:21 | jorge-garcia | Status | resolved => closed |
| 2017-10-25 12:21 | jorge-garcia | Fixed in Version | RR17Q3 => RR18Q1 |
| 2017-10-31 11:16 | ranjith_qualiantech_com | Relationship added | related to 0037186 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |