Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0046303
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Retail Modules] Web POSminorhave not tried2021-04-20 08:102021-04-20 08:11
ReportercaristuView Statuspublic 
Assigned ToRetail 
PriorityhighResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0046303: Review if context change check mechanism should be deleted

DescriptionWith every backend request, it is checked whether the current context (client, org, user, role) has changed[1]. If changed, a confirmation is shown to the user in order to log in again.

In 3.0PR19Q1 version the CSRF token control mechanism was implemented. This is
a security token that changes with every new session.

So we have two mechanisms that keeps control about session changes. We should review if we can safely delete the context check on every request and use just the CSRF token control.

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/blob/master/web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js#L62 [^]
Steps To Reproduce.
Proposed SolutionRemove the context change check mechanism, in case we confirm that it can be safely replaced with the CSRF token check.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0046302 closedcaristu Retail Modules Context change is not properly checked in some requests 
related to feature request 0039123 closedjarmendariz Openbravo ERP Add CSRF Token support 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2021-04-20 08:10 caristu New Issue
2021-04-20 08:10 caristu Assigned To => Retail
2021-04-20 08:10 caristu Triggers an Emergency Pack => No
2021-04-20 08:10 caristu Issue generated from 0046302
2021-04-20 08:10 caristu Relationship added related to 0046302
2021-04-20 08:10 caristu Relationship added related to 0039123
2021-04-20 08:11 caristu Description Updated View Revisions


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker