Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0045962 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Retail Modules] Web POS | critical | always | 2021-02-26 13:14 | 2021-03-02 08:47 | |||
| Reporter | migueldejuana | View Status | public | |||||
| Assigned To | prakashmurugesan88 | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | RR20Q4.3 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | RR20Q4.2 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | pi | SCM revision | ||||||
| Review Assigned To | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0045962: We are sending credentials using GET | |||||||
| Description | The request used by Terminal Authentication is using GET method and we are setting credentials in the params. For security reasons, we must use POST in this case. | |||||||
| Steps To Reproduce | n/a | |||||||
| Proposed Solution | This component: enyo.kind({ kind: 'enyo.Ajax', name: 'OB.OBPOSLogin.UI.LoginRequest', classes: 'obObposLoginUiLoginRequest', url: '../../org.openbravo.retail.posterminal.service.loginutils', method: 'GET', handleAs: 'json', contentType: 'application/json;charset=utf-8' }); must use POST and we should handle it properly in MobileCoreLoginUtilsServlet | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0126446) hgbot (developer) 2021-03-02 08:06 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/175 [^] |
|
(0126447) hgbot (developer) 2021-03-02 08:07 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/331 [^] |
|
(0126458) hgbot (developer) 2021-03-02 08:45 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/175 [^] |
|
(0126459) hgbot (developer) 2021-03-02 08:45 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 95d78b49365873e36d0f83145756a117186bd369 Author: Prakash M <prakash@qualiantech.com> Date: 2021-03-02T07:45:39+00:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/95d78b49365873e36d0f83145756a117186bd369 [^] Fixed BUG-45962 : Changed Terminal Authentication request from GET to POST for security purpose * Included post method in MobileCoreLoginUtilsServlet --- M src/org/openbravo/mobile/core/login/MobileCoreLoginUtilsServlet.java --- |
|
(0126460) hgbot (developer) 2021-03-02 08:47 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/331 [^] |
|
(0126461) hgbot (developer) 2021-03-02 08:47 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^] Changeset: d6cea1530cc3c7175f31a9719aafeb9753a7b1ea Author: Prakash M <prakash@qualiantech.com> Date: 2021-03-02T07:46:00+00:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/d6cea1530cc3c7175f31a9719aafeb9753a7b1ea [^] Fixed BUG-45962 : Changed Terminal Authentication request from GET to POST for security purpose --- M web/org.openbravo.retail.posterminal/js/login/model/login-model.js --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2021-02-26 13:15 | migueldejuana | Type | defect => backport |
| 2021-02-26 13:15 | migueldejuana | Target Version | => RR20Q4.2 |
| 2021-03-02 08:06 | hgbot | Note Added: 0126446 | |
| 2021-03-02 08:07 | hgbot | Note Added: 0126447 | |
| 2021-03-02 08:45 | hgbot | Resolution | open => fixed |
| 2021-03-02 08:45 | hgbot | Status | scheduled => closed |
| 2021-03-02 08:45 | hgbot | Note Added: 0126458 | |
| 2021-03-02 08:45 | hgbot | Fixed in Version | => RR20Q4.3 |
| 2021-03-02 08:45 | hgbot | Note Added: 0126459 | |
| 2021-03-02 08:47 | hgbot | Note Added: 0126460 | |
| 2021-03-02 08:47 | hgbot | Note Added: 0126461 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |