Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0040454
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminoralways2019-03-26 12:232019-05-03 09:22
ReportercaristuView Statuspublic 
Assigned Tocaristu 
PriorityimmediateResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revision0441ef6e8ffd
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toalostale
Web browser
ModulesCore
Regression levelPackaging and release
Regression date2018-10-18
Regression introduced in release3.0PR19Q1
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/43a7e93a946d76de69bb30b066d41a6647508b30 [^]
Triggers an Emergency PackNo
Summary

0040454: CSRF Token Error after executing Copy Store Process

DescriptionA wrong CSRF Token Error is received after executing Copy Store Process. It seems that after executing that process the session token is changed. See the error retrieved in the log:

...
ERROR org.openbravo.service.datasource.DataSourceServlet - CSRF token check failed. Request=/retail_modules_pgsql_pi/org.openbravo.service.datasource/Organization, SessionID=8320D7B725AA96EDBC81E394718D94EB, SessionToken=D2CDD6FF000745EC89E6CD81BC4E1DF6, RequestToken=6A2759CF82CC4390B179CDE8C9FD55EA
2019-03-26 12:43:44,792 [ajp-bio-127.0.0.1-8009-exec-90] ERROR org.openbravo.service.datasource.DataSourceServlet - InvalidCSRFToken
org.openbravo.client.kernel.OBUserException: InvalidCSRFToken
    at org.openbravo.service.datasource.DataSourceServlet.checkCsrfToken(DataSourceServlet.java:939) [DataSourceServlet.class:?]
...
Steps To Reproduce0) Use an environment with the Retail pack + Copy Store module
1) Login as White Valley Group Admin
2) Open the [Organization] window
3) Open the "Copy Retail Store" process and execute it
4) Go back to the [Organization] window and try to edit a record. Note that is not possible because of the CSRF Token Error (see attached image)
TagsNo tags attached.
Attached Filespng file icon csrfTokenError.png [^] (79,202 bytes) 2019-03-26 12:23

- Relationships Relation Graph ] Dependency Graph ]
caused by feature request 0039123 closedjarmendariz Add CSRF Token support 

-  Notes
(0110670)
hgbot (developer)
2019-03-27 09:02

Repository: erp/pmods/org.openbravo.retail.copystore
Changeset: f740efe4f91425e42d3a0a413e8d9ba5173d39a5
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Wed Mar 27 08:58:48 2019 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.copystore/rev/f740efe4f91425e42d3a0a413e8d9ba5173d39a5 [^]

fixes issue 40454: CSRF Token Error after executing Copy Store Process

  The Copy Store process refreshes the session values to take into account the newly created organization (store). To do so, it invokes LoginUtils.fillSessionArguments which also sets in session a new value for the CSRF token which caused the issue.

  To avoid this problem we restore the old CSRF token in session after invoking fillSessionArguments in the Copy Store process.

---
M src/org/openbravo/retail/copystore/process/CopyStoreProcess.java
---
(0110915)
alostale (developer)
2019-03-29 09:03

reviewed + tested
(0111404)
hgbot (developer)
2019-04-30 19:00

Repository: erp/pmods/org.openbravo.retail.copystore
Changeset: 0441ef6e8ffdfb8a903475d407716b9487abfebb
Author: Carlos Aristu <carlos.aristu <at> openbravo.com>
Date: Wed Mar 27 08:58:48 2019 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.copystore/rev/0441ef6e8ffdfb8a903475d407716b9487abfebb [^]

fixes issue 40454: CSRF Token Error after executing Copy Store Process

  The Copy Store process refreshes the session values to take into account the newly created organization (store). To do so, it invokes LoginUtils.fillSessionArguments which also sets in session a new value for the CSRF token which caused the issue.

  To avoid this problem we restore the old CSRF token in session after invoking fillSessionArguments in the Copy Store process.

---
M src/org/openbravo/retail/copystore/process/CopyStoreProcess.java
---
(0111458)
alostale (developer)
2019-05-03 09:22

closed as it was incorrectly reopened by merge

- Issue History
Date Modified Username Field Change
2019-03-26 12:23 caristu New Issue
2019-03-26 12:23 caristu Assigned To => platform
2019-03-26 12:23 caristu File Added: csrfTokenError.png
2019-03-26 12:23 caristu Modules => Core
2019-03-26 12:23 caristu Triggers an Emergency Pack => No
2019-03-26 12:24 caristu Relationship added caused by 0039123
2019-03-26 12:27 caristu Regression level => Production - QA Approved
2019-03-26 12:27 caristu Regression date => 2018-10-18
2019-03-26 12:27 caristu Regression introduced in release => 3.0PR19Q1
2019-03-26 12:27 caristu Regression introduced by commit => https://code.openbravo.com/erp/devel/pi/rev/43a7e93a946d76de69bb30b066d41a6647508b30 [^]
2019-03-26 12:28 caristu Regression level Production - QA Approved => Packaging and release
2019-03-26 12:47 caristu Description Updated View Revisions
2019-03-26 12:48 caristu Steps to Reproduce Updated View Revisions
2019-03-26 19:23 caristu Assigned To platform => caristu
2019-03-27 09:02 hgbot Checkin
2019-03-27 09:02 hgbot Note Added: 0110670
2019-03-27 09:02 hgbot Status new => resolved
2019-03-27 09:02 hgbot Resolution open => fixed
2019-03-27 09:02 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.copystore/rev/f740efe4f91425e42d3a0a413e8d9ba5173d39a5 [^]
2019-03-27 09:02 caristu Review Assigned To => alostale
2019-03-29 09:03 alostale Note Added: 0110915
2019-03-29 09:03 alostale Status resolved => closed
2019-04-30 19:00 hgbot Checkin
2019-04-30 19:00 hgbot Note Added: 0111404
2019-04-30 19:00 hgbot Status closed => resolved
2019-04-30 19:00 hgbot Fixed in SCM revision http://code.openbravo.com/erp/pmods/org.openbravo.retail.copystore/rev/f740efe4f91425e42d3a0a413e8d9ba5173d39a5 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.copystore/rev/0441ef6e8ffdfb8a903475d407716b9487abfebb [^]
2019-05-03 09:22 alostale Note Added: 0111458
2019-05-03 09:22 alostale Status resolved => closed


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker