0046301: Printing of images referring to URLs with authentication is not supported in HWM

Description

We have a client (Weldom), who has a custom module, which during the synchronization of a ticket consults an external service that can return a list of URLs referring to bonds (in image format) as royalties for the purchase made.

The requirement is to be able to print on the printer in addition to the ticket, the generated bonds to be able to give them to the buyer.

Each URL refers to an image so it is possible, for example, to send the following template to print on the printer:

      <? xml version = "1.0" encoding = "UTF-8"?>
      <output>
        <ticket>
          <line>
            <image type = "url">https://wspreprod.be-one.fr/BEOneDataWeldom/tickets/tickets-a645-1617941657970.bmp</image> [^]
          </line>
        </ticket>
       </output>

Which works fine if this URL is not protected by some HTTP authentication method. But this URL is protected with a basic HTTP authentication method. If we try to send the following template to print:

      <? xml version = "1.0" encoding = "UTF-8"?>
      <output>
        <ticket>
          <line>
            <image type = "url"> https://<user>:<password>@wspreprod.be-one.fr/BEOneDataWeldom/tickets/tickets-a645-1617941657970.bmp</image> [^]
          </line>
        </ticket>
       </output>

    replacing <user> and <password> with the authentication credentials, the image is still not possible to print, due to the way the HWM tries to download this image for printing. The other drawback of trying to solve the problem in this way is that we would be exposing unencrypted authentication data.

     Currently in the source file of the HWM, com.openbravo.pos.printer.TicketParser is where the way to read this image is implemented:

        image = ImageIO.read (new URL (text.toString ()));

     where text is the URL.

     The use of the java URL class is what prevents the authentication data from being taken into account.

Steps To Reproduce

1- Start HWM
2- Using Postman or similar tool Create a HTTP POST request to the printer(http://localhost:8090/printer [^])
3- In Body send a xml print template like the example show. But with an URL protected by a basic HTTP authentication
4- Check that the image is not printed

Proposed Solution

1- A proposal could be to add other attributes to the image tag of the xml template, for example:

       <? xml version = "1.0" encoding = "UTF-8"?>
       <output>
         <ticket>
           <line>
             <image type = "url" user = "usr" password = "encrypted_password" authType = "Basic"> https://wspreprod.be-one.fr/BEOneDataWeldom/tickets/tickets-a645-1617941657970.bmp [^] </image>
           </line>
         </ticket>
        </output>

      In this way, in the com.openbravo.pos.printer.TicketParser class, the new authentication attributes would be managed, as well as the suitable java APIs to read the image. The method that the class will use to decrypt the password must be defined.

2- Another proposal, would be to support the base-64 encoded image in the printing template. In this way, the developer would be in charge of downloading the image and generating the xml printing template with the base-64 encoded image. This could be a proposed code to add in TicketParser.endElement method:

  if ("data".equals(imgtype)) {
    image = ImageIO.read(new ByteArrayInputStream(Base64.getDecoder().decode(text.toString())));
  }

Tags

No tags attached.

Attached Files

0001-Fixes-ISSUE-46301-Support-is-added-to-print-embedded.patch [^] (1,616 bytes) 2021-04-22 19:03 [Show Content] [Hide Content]

From 812b38127a9be51c289fe0ff22dd524edee849e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20Carlos=20Toledano=20G=C3=B3mez?=
 <rctg82@gmail.com>
Date: Thu, 22 Apr 2021 13:00:10 -0400
Subject: [PATCH] Fixes ISSUE-46301: Support is added to print embedded images,
 encoded in base 64

---
 project/src/com/openbravo/pos/printer/TicketParser.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/project/src/com/openbravo/pos/printer/TicketParser.java b/project/src/com/openbravo/pos/printer/TicketParser.java
index f7ca006..65e5186 100644
--- a/project/src/com/openbravo/pos/printer/TicketParser.java
+++ b/project/src/com/openbravo/pos/printer/TicketParser.java
@@ -10,10 +10,12 @@
 package com.openbravo.pos.printer;
 
 import java.awt.image.BufferedImage;
+import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
 import java.io.StringReader;
 import java.net.URL;
+import java.util.Base64;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -287,6 +289,9 @@ public class TicketParser extends DefaultHandler {
               } else if ("classpath".equals(imgtype)) {
                 image = ImageIO
                     .read(getClass().getClassLoader().getResourceAsStream(text.toString()));
+              } else if ("data".equals(imgtype)) {
+                image = ImageIO
+                    .read(new ByteArrayInputStream(Base64.getDecoder().decode(text.toString())));
               } else {
                 image = ImageIO
                     .read(new File(new File(config.getProperty("images.folder")), text.toString()));
-- 
2.17.1

testdata.xml [^] (53,037 bytes) 2021-04-22 19:03

Relationships [ Relation Graph ] [ Dependency Graph ]

Notes
(0127474) hgbot (developer) 2021-04-22 21:48	Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager.sources/-/merge_requests/21 [^]

(0127590) hgbot (developer) 2021-04-27 17:12	Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager.sources/-/merge_requests/21 [^]

(0127591) hgbot (developer) 2021-04-27 17:22	Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager.sources/-/merge_requests/23 [^]

(0127592) hgbot (developer) 2021-04-27 17:24	Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager/-/merge_requests/16 [^]

(0127594) hgbot (developer) 2021-04-27 17:52	Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager [^] Changeset: 9e247136c80f83d0f62ad0a8f316b76d9ad629aa Author: Rafael Queralta <rafaelcuba81@gmail.com> Date: 2021-04-27T11:20:46-04:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager/-/commit/9e247136c80f83d0f62ad0a8f316b76d9ad629aa [^] Fixed BUG-46301: Support is added to print embedded images, encoded in base 64 --- M bin/poshw.jar M bin/rev.id ---

(0127595) hgbot (developer) 2021-04-27 17:52	Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager/-/merge_requests/16 [^]

(0127596) hgbot (developer) 2021-04-27 17:52	Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager.sources/-/merge_requests/23 [^]

(0127597) hgbot (developer) 2021-04-27 17:52	Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager.sources [^] Changeset: 885c104c6c0339f974a87b88ac98ed5c932b848b Author: Rafael Queralta <rafaelcuba81@gmail.com> Date: 2021-04-27T11:13:37-04:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.poshwmanager.sources/-/commit/885c104c6c0339f974a87b88ac98ed5c932b848b [^] Fixed BUG-46301: Support is added to print embedded images, encoded in base 64 --- M project/src/com/openbravo/pos/printer/TicketParser.java ---

Issue History
Date Modified	Username	Field	Change
2021-04-19 22:55	rtoledano	New Issue
2021-04-19 22:55	rtoledano	Assigned To	=> Retail
2021-04-19 22:55	rtoledano	OBNetwork customer	=> No
2021-04-19 22:55	rtoledano	Triggers an Emergency Pack	=> No
2021-04-19 23:04	rtoledano	Description Updated	View Revisions
2021-04-20 17:03	rtoledano	Proposed Solution updated
2021-04-20 17:03	rtoledano	Proposed Solution updated
2021-04-20 18:37	rtoledano	Proposed Solution updated
2021-04-20 20:16	rtoledano	Proposed Solution updated
2021-04-22 17:13	rtoledano	OBNetwork customer	No => Gold
2021-04-22 17:13	rtoledano	Resolution time	=> 1620079200
2021-04-22 17:20	rtoledano	Type	feature request => design defect
2021-04-22 17:21	rtoledano	Type	design defect => defect
2021-04-22 19:03	rtoledano	File Added: 0001-Fixes-ISSUE-46301-Support-is-added-to-print-embedded.patch
2021-04-22 19:03	rtoledano	File Added: testdata.xml
2021-04-22 21:34	rqueralta	Assigned To	Retail => rqueralta
2021-04-22 21:35	rqueralta	Status	new => scheduled
2021-04-22 21:48	hgbot	Merge Request Status	=> open
2021-04-22 21:48	hgbot	Note Added: 0127474
2021-04-27 13:10	hgbot	Merge Request Status	open => approved
2021-04-27 17:12	hgbot	Note Added: 0127590
2021-04-27 17:22	hgbot	Note Added: 0127591
2021-04-27 17:24	hgbot	Note Added: 0127592
2021-04-27 17:52	hgbot	Resolution	open => fixed
2021-04-27 17:52	hgbot	Status	scheduled => closed
2021-04-27 17:52	hgbot	Fixed in Version	=> RR21Q3
2021-04-27 17:52	hgbot	Note Added: 0127594
2021-04-27 17:52	hgbot	Note Added: 0127595
2021-04-27 17:52	hgbot	Note Added: 0127596
2021-04-27 17:52	hgbot	Note Added: 0127597