Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0035981
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajoralways2017-05-12 09:152017-10-25 12:21
ReporterjonibcView Statuspublic 
Assigned Tojorge-garcia 
PriorityhighResolutionfixedFixed in VersionRR18Q1
StatusclosedFix in branchFixed in SCM revisionc89293205f97
ProjectionnoneETAnoneTarget Versionpi
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tomarvintm
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0035981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode.

DescriptionButtons for customer and locations are not blocked in synchronized mode.
If the user click the button, it is possible to click it again, sending multiple requests.

A malicious user can block the whole server if thousands of requests are made.

It is reproducible in livebuilds.
Steps To Reproduce1.- Set "WebPOS Synchronized Mode" preference with value 'Y', check the selected flag.
2.- Login in the WebPOS.
3.- Open customer selection component.
4.- Insert some data for the customer.
5.- Click on Save button several times. It is possible to check in Chrome Developer Tools that several requests are done to the backend.

It is possible to reproduce the issue in address component:
1.- Set "WebPOS Synchronized Mode" preference with value 'Y', check the selected flag.
2.- Login in the WebPOS.
3.- Select a customer different from anonymous.
4.- Open the addresses component.
5.- Insert some data for the address,
6.- Click on Save button several times. It is possible to check in Chrome Developer Tools that several requests are done to the backend.
Proposed SolutionBlock the buttons once the user click them one time.

It would be nice to check if we have the same behavior in other buttons.
TagsNo tags attached.
Attached Filesdiff file icon issue35981Posterminal17Q1.diff [^] (11,494 bytes) 2017-10-23 17:47 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0036275 closedranjith_qualiantech_com [SERQA 3022] Error callback not done in runSyncProcess (PostCustomerSave hook) 
related to defect 0036701 closedjorge-garcia [SERQA 3212] EnableButtonsCallback is not done in cancellation of BeforeCustomerAddrSave hook 
related to defect 0037186 closedranjith_qualiantech_com "Save" button blocked in Edit Customer window when pressed after leaving mandatory field empty 

-  Notes
(0096737)
hgbot (developer)
2017-05-24 08:39

 Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: c39c5cd6c40102c2dce7872c48da36e7f049657e
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Fri May 19 13:47:38 2017 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c39c5cd6c40102c2dce7872c48da36e7f049657e [^]

Fixed issue 35981: [SERQA 2847] Buttons for customer and locations are not
blocked in synchronized mode.

The solution is to disable buttons of Save and Cancel during the synchronization
process, for both standard and synchronize flow.

Once the process is ended, the buttons are enable again.

Due to the code, it has been necessary to change also the data save process for
customer addresses.

---
M web/org.openbravo.retail.posterminal/js/data/datacustomeraddrsave.js
M web/org.openbravo.retail.posterminal/js/model/bplocation.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/components/sharedcomponents.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/editcreatecustomeraddress.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/components/sharedcomponents.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/editcreatecustomerform.js
---
(0096820)
marvintm (manager)
2017-05-25 19:15

 There is a problem currently with the Address popup, and you may end up with the buttons permanently disabled:
- Click on address selector
- Click on button "New Address"
- Fill address form fields.
- Click on Save. Address is saved, and "Edit" orange button is shown.
- Click on Edit button.
- Click on Save button again.
- Click on Edit button again.
- Verify that Save and Cancel buttons are now disabled, and the only way to get them enabled again is to refresh browser.
(0096859)
hgbot (developer)
2017-05-29 16:19

 Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 6e7556bd0d9982ed6f9832720e89b7b325c54554
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Mon May 29 11:50:13 2017 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/6e7556bd0d9982ed6f9832720e89b7b325c54554 [^]

Related to issue 35981: [SERQA 2847] Buttons for customer and locations are not
blocked in synchronized mode.

Added missed callback to reactivate disabled buttons.

---
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/components/sharedcomponents.js
---
(0099983)
hgbot (developer)
2017-10-23 09:44

 Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: e27d059326bf32decf03adf2664d78fda697fccb
Author: Miguel de Juana <miguel.dejuana <at> openbravo.com>
Date: Tue Oct 17 15:06:54 2017 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e27d059326bf32decf03adf2664d78fda697fccb [^]

Fixed issue 0035981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode.

- Disable save button when the Save button is clicked. Earlier than we did. There are some hooks that can get time and allow the user to press again wrongly the Save button
- Add also double click check avoiding to press twice Save button

---
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/components/sharedcomponents.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/editcreatecustomeraddress.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/components/sharedcomponents.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/editcreatecustomerform.js
---
(0099984)
hgbot (developer)
2017-10-23 09:44

 Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: c89293205f97843b892e530578e79b43e0b4d2df
Author: Miguel de Juana <miguel.dejuana <at> openbravo.com>
Date: Wed Oct 18 10:13:15 2017 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c89293205f97843b892e530578e79b43e0b4d2df [^]

Fixed issue 0035981: [SERQA 2847] Buttons for customer and locations are not blocked in synchronized mode.

- Reduce time window for double click from 1 second to 0,5 seconds. We can create a bp and immediately edit it. 0,5 is more accurate for a double click problem

---
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customeraddress/editcreatecustomeraddress.js
M web/org.openbravo.retail.posterminal/js/pointofsale/view/subwindows/customers/editcreatecustomerform.js
---
(0100014)
migueldejuana (developer)
2017-10-24 10:04

 Last 2 commits are introduced in 18Q1. They just improve the fix done in 17Q3.
(0100052)
jorge-garcia (reporter)
2017-10-25 12:21

 Reviewed and tested.

- Issue History
Date Modified Username Field Change
2017-05-12 09:15 jonibc New Issue
2017-05-12 09:15 jonibc Assigned To => Retail
2017-05-12 09:15 jonibc Resolution time => 1495836000
2017-05-12 09:15 jonibc Triggers an Emergency Pack => No
2017-05-12 10:35 jonibc Description Updated View Revisions
2017-05-12 10:35 jonibc Proposed Solution updated
2017-05-19 09:53 jorge-garcia Status new => scheduled
2017-05-19 09:53 jorge-garcia Assigned To Retail => jorge-garcia
2017-05-24 08:39 hgbot Checkin
2017-05-24 08:39 hgbot Note Added: 0096737
2017-05-24 08:39 hgbot Status scheduled => resolved
2017-05-24 08:39 hgbot Resolution open => fixed
2017-05-24 08:39 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c39c5cd6c40102c2dce7872c48da36e7f049657e [^]
2017-05-25 19:15 marvintm Note Added: 0096820
2017-05-25 19:15 marvintm Status resolved => new
2017-05-25 19:15 marvintm Resolution fixed => open
2017-05-25 19:17 marvintm Type design defect => defect
2017-05-29 11:49 jorge-garcia Status new => scheduled
2017-05-29 16:19 hgbot Checkin
2017-05-29 16:19 hgbot Note Added: 0096859
2017-05-29 16:35 jorge-garcia Status scheduled => resolved
2017-05-29 16:35 jorge-garcia Resolution open => fixed
2017-05-30 17:34 marvintm Review Assigned To => marvintm
2017-05-30 17:34 marvintm Status resolved => closed
2017-05-30 17:34 marvintm Fixed in Version => RR17Q3
2017-06-19 17:15 jonibc Relationship added related to 0036275
2017-08-23 10:35 jonibc Relationship added related to 0036701
2017-10-23 09:44 hgbot Checkin
2017-10-23 09:44 hgbot Note Added: 0099983
2017-10-23 09:44 hgbot Status closed => resolved
2017-10-23 09:44 hgbot Fixed in SCM revision http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c39c5cd6c40102c2dce7872c48da36e7f049657e [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e27d059326bf32decf03adf2664d78fda697fccb [^]
2017-10-23 09:44 hgbot Checkin
2017-10-23 09:44 hgbot Note Added: 0099984
2017-10-23 09:44 hgbot Fixed in SCM revision http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e27d059326bf32decf03adf2664d78fda697fccb [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c89293205f97843b892e530578e79b43e0b4d2df [^]
2017-10-23 17:47 migueldejuana File Added: issue35981Posterminal17Q1.diff
2017-10-24 10:04 migueldejuana Note Added: 0100014
2017-10-25 12:21 jorge-garcia Note Added: 0100052
2017-10-25 12:21 jorge-garcia Status resolved => closed
2017-10-25 12:21 jorge-garcia Fixed in Version RR17Q3 => RR18Q1
2017-10-31 11:16 ranjith_qualiantech_com Relationship added related to 0037186

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker