Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0045962
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Retail Modules] Web POScriticalalways2021-02-26 13:142021-03-02 08:47
ReportermigueldejuanaView Statuspublic 
Assigned Toprakashmurugesan88 
PriorityimmediateResolutionfixedFixed in VersionRR20Q4.3
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget VersionRR20Q4.2
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionpiSCM revision 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerNo
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0045962: We are sending credentials using GET

DescriptionThe request used by Terminal Authentication is using GET method and we are setting credentials in the params.

For security reasons, we must use POST in this case.
Steps To Reproducen/a
Proposed SolutionThis component:

enyo.kind({
  kind: 'enyo.Ajax',
  name: 'OB.OBPOSLogin.UI.LoginRequest',
  classes: 'obObposLoginUiLoginRequest',
  url: '../../org.openbravo.retail.posterminal.service.loginutils',
  method: 'GET',
  handleAs: 'json',
  contentType: 'application/json;charset=utf-8'
});


must use POST and we should handle it properly in MobileCoreLoginUtilsServlet
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0045960 closedprakashmurugesan88 We are sending credentials using GET 

-  Notes
(0126446)
hgbot (developer)
2021-03-02 08:06

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/175 [^]
(0126447)
hgbot (developer)
2021-03-02 08:07

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/331 [^]
(0126458)
hgbot (developer)
2021-03-02 08:45

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/175 [^]
(0126459)
hgbot (developer)
2021-03-02 08:45

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 95d78b49365873e36d0f83145756a117186bd369
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T07:45:39+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/95d78b49365873e36d0f83145756a117186bd369 [^]

Fixed BUG-45962 : Changed Terminal Authentication request from GET to POST for security purpose
* Included post method in MobileCoreLoginUtilsServlet

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java
---
(0126460)
hgbot (developer)
2021-03-02 08:47

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/331 [^]
(0126461)
hgbot (developer)
2021-03-02 08:47

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^]
Changeset: d6cea1530cc3c7175f31a9719aafeb9753a7b1ea
Author: Prakash M <prakash@qualiantech.com>
Date: 2021-03-02T07:46:00+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/d6cea1530cc3c7175f31a9719aafeb9753a7b1ea [^]

Fixed BUG-45962 : Changed Terminal Authentication request from GET to POST for security purpose

---
M web/org.openbravo.retail.posterminal/js/login/model/login-model.js
---

- Issue History
Date Modified Username Field Change
2021-02-26 13:15 migueldejuana Type defect => backport
2021-02-26 13:15 migueldejuana Target Version => RR20Q4.2
2021-03-02 08:06 hgbot Merge Request Status => open
2021-03-02 08:06 hgbot Note Added: 0126446
2021-03-02 08:07 hgbot Note Added: 0126447
2021-03-02 08:27 hgbot Merge Request Status open => approved
2021-03-02 08:45 hgbot Resolution open => fixed
2021-03-02 08:45 hgbot Status scheduled => closed
2021-03-02 08:45 hgbot Note Added: 0126458
2021-03-02 08:45 hgbot Fixed in Version => RR20Q4.3
2021-03-02 08:45 hgbot Note Added: 0126459
2021-03-02 08:47 hgbot Note Added: 0126460
2021-03-02 08:47 hgbot Note Added: 0126461

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker