Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0045961
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Retail Modules] Web POScriticalalways2021-02-26 13:142021-03-02 08:44
ReportermigueldejuanaView Statuspublic 
Assigned Toprakashmurugesan88 
PriorityimmediateResolutionfixedFixed in VersionRR21Q1
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget VersionRR21Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionpiSCM revision 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerNo
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0045961: We are sending credentials using GET

DescriptionThe request used by Terminal Authentication is using GET method and we are setting credentials in the params.

For security reasons, we must use POST in this case.
Steps To Reproducen/a
Proposed SolutionThis component:

enyo.kind({
  kind: 'enyo.Ajax',
  name: 'OB.OBPOSLogin.UI.LoginRequest',
  classes: 'obObposLoginUiLoginRequest',
  url: '../../org.openbravo.retail.posterminal.service.loginutils',
  method: 'GET',
  handleAs: 'json',
  contentType: 'application/json;charset=utf-8'
});


must use POST and we should handle it properly in MobileCoreLoginUtilsServlet
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0045960 closedprakashmurugesan88 We are sending credentials using GET 

-  Notes
(0126442)
hgbot (developer)
2021-03-02 07:57

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/329 [^]
(0126443)
hgbot (developer)
2021-03-02 07:57

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/173 [^]
(0126454)
hgbot (developer)
2021-03-02 08:44

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 692e71ecef55941d2eaeaddd4be0417bdba2d4fb
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T11:37:57+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/692e71ecef55941d2eaeaddd4be0417bdba2d4fb [^]

Fixed BUG-45961 : Changed Terminal Authentication request from GET to POST for security purpose
* Included post method in MobileCoreLoginUtilsServlet

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java
---
(0126455)
hgbot (developer)
2021-03-02 08:44

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/173 [^]
(0126456)
hgbot (developer)
2021-03-02 08:44

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^]
Changeset: 570b7518d244f397e809c0a425f5ea1ffabde1eb
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T11:38:39+05:30
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/570b7518d244f397e809c0a425f5ea1ffabde1eb [^]

Fixed BUG-45961 : Changed Terminal Authentication request from GET to POST for security purpose

---
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---
(0126457)
hgbot (developer)
2021-03-02 08:44

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/329 [^]

- Issue History
Date Modified Username Field Change
2021-02-26 13:15 migueldejuana Type defect => backport
2021-02-26 13:15 migueldejuana Target Version => RR21Q1
2021-03-02 07:57 hgbot Merge Request Status => open
2021-03-02 07:57 hgbot Note Added: 0126442
2021-03-02 07:57 hgbot Note Added: 0126443
2021-03-02 08:27 hgbot Merge Request Status open => approved
2021-03-02 08:44 hgbot Resolution open => fixed
2021-03-02 08:44 hgbot Status scheduled => closed
2021-03-02 08:44 hgbot Fixed in Version => RR21Q1
2021-03-02 08:44 hgbot Note Added: 0126454
2021-03-02 08:44 hgbot Note Added: 0126455
2021-03-02 08:44 hgbot Note Added: 0126456
2021-03-02 08:44 hgbot Note Added: 0126457

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker