Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0046814
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[POS2] POSminorsometimes2021-05-24 16:022021-06-21 13:53
ReporterjmelinView Statuspublic 
Assigned Tocaristu 
PriorityhighResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSLinux 64 bitDatabasePostgreSQLJava version7.x
OS VersionOpenbravo Appliance 14.04Database version9.3.xAnt version1.9.x
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0046814: JIRA 1730 - TerminalLogLoader - Error 401

DescriptionOn the POS, we have in console/network a 401 error on TerminalLogLoader

Request URL: https://agapes-test.cloud.openbravo.com/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.mobile.core.TerminalLogLoader?$timeout=15000 [^]
Request Method: POST
Status Code: 401 401

Response:
{"response":{"status":-1,"error":{"message":"Request CSRF Token does not match with the one provided by Session","messageType":"Error","title":""},"totalRows":0}}



EDIT ggi:

* Summary:

Most probably the problem is related to the synchronization buffer starting to soon.

* Details:

When the login finish it is saved the csrf token, that is needed for all the requests to backend to work.

Looks like the synchronization buffer is trying to start sending messages to backend when we still don't have this csrf token.

It fails with the terminal log messages because they are the most common messages, also are generated while logout and when user is doing login, so is common to have terminal log messages waiting that the synchronization buffer starts after login to start synchronizing them

* Proposed fix:

Delay the start of the synchronization buffer till we have the csrf token.
Steps To Reproduce1. Connect to POS
2. Start to create an order and wait sometimes

=> After sometimes, you have an error 401

In the log of the OB Central server:
2021-05-24 14:02:52,329 [http-6] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.mobile.core.TerminalLogLoader, SessionID=BD542A0BA4D64A1962BB9E9E9ECF8614, SessionToken=8FCA6897EF3E4F0AAD32EA39789DA5D2, RequestToken=3E07EB9164CC4D58AE6853F56C389079
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
depends on backport 0046896TAP closedcaristu JIRA 1730 - TerminalLogLoader - Error 401 
causes defect 0047255 closedcberner Profile change invalidates current session, requiring log-in again 

-  Notes
(0129251)
gorka_gil (administrator)
2021-06-09 12:02

Reducing from major to minor, since no information is lost, it will synchronize after the message with no problems
(0129358)
guilleaer (manager)
2021-06-10 17:57

Even being minor, this issue needs to be backported
(0129408)
hgbot (developer)
2021-06-11 12:22

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/554 [^]
(0129409)
hgbot (developer)
2021-06-11 12:47

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^]
(0129685)
hgbot (developer)
2021-06-21 13:53

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 6f1fb510e486382721ce7ef0c28245b60abca5a8
Author: Carlos Aristu <carlos.aristu@openbravo.com>
Date: 2021-06-21T10:21:00+02:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/6f1fb510e486382721ce7ef0c28245b60abca5a8 [^]

related to ISSUE-46814: include CSRF token on login response

---
M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java
---
(0129686)
hgbot (developer)
2021-06-21 13:53

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^]
(0129687)
hgbot (developer)
2021-06-21 13:53

Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 204b1a709ed0077358e345ae50063a0acb8e77da
Author: Carlos Aristu <carlos.aristu@openbravo.com>
Date: 2021-06-21T11:53:25+00:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^]

fixes ISSUE-46814: failed request due to incorrect CSRF token

  Fix failed request done right after login because it is done with an
invalid CSRF token.

  This problem happens because the synchronization buffer is started
before retrieving the CSRF token on login. Therefore, if there are
pending synchronization buffer messages to synchronize with the backend
which require an HTTP request to be processed, the request fails because
the CSRF token has not been retrieved yet.

  Fixing this problem by including the CSRF token on the login request
itself (see [1]), and saving it in the client before starting the
synchronization buffer.

[1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^]

---
M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js
M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js
M web-jspack/org.openbravo.core2/src/core/authentication/__test__/LoginProcess.test.js
M web-jspack/org.openbravo.core2/src/core/authentication/__test__/RestoreSession.test.js
---
(0129688)
hgbot (developer)
2021-06-21 13:53

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/554 [^]

- Issue History
Date Modified Username Field Change
2021-05-24 16:02 jmelin New Issue
2021-05-24 16:02 jmelin Assigned To => Retail
2021-05-24 16:02 jmelin Triggers an Emergency Pack => No
2021-05-25 12:11 gorka_gil Note Added: 0128611
2021-05-25 12:16 gorka_gil Description Updated View Revisions
2021-05-25 12:16 gorka_gil Note Deleted: 0128611
2021-05-25 12:20 guilleaer Resolution time => 1623103200
2021-05-25 12:20 guilleaer Assigned To Retail => platform
2021-05-25 12:20 guilleaer Status new => scheduled
2021-05-25 12:20 guilleaer Status scheduled => acknowledged
2021-05-25 18:48 guilleaer Resolution time 1623103200 => 1623362400
2021-05-28 13:23 gorka_gil Assigned To platform => gorka_gil
2021-05-28 22:19 guilleaer Status acknowledged => scheduled
2021-05-28 22:19 guilleaer Relationship deleted depends on 0046827
2021-06-09 12:02 gorka_gil Severity major => minor
2021-06-09 12:02 gorka_gil Note Added: 0129251
2021-06-09 16:57 guilleaer Severity minor => major
2021-06-10 17:56 guilleaer Assigned To gorka_gil => caristu
2021-06-10 17:56 guilleaer Severity major => minor
2021-06-10 17:57 guilleaer Note Added: 0129358
2021-06-10 17:57 guilleaer Resolution time 1623362400 => 1623967200
2021-06-10 17:59 guilleaer Resolution time 1623967200 => 1623880800
2021-06-11 12:22 hgbot Note Added: 0129408
2021-06-11 12:47 hgbot Note Added: 0129409
2021-06-21 13:53 hgbot Note Added: 0129685
2021-06-21 13:53 hgbot Note Added: 0129686
2021-06-21 13:53 hgbot Resolution open => fixed
2021-06-21 13:53 hgbot Status scheduled => closed
2021-06-21 13:53 hgbot Note Added: 0129687
2021-06-21 13:53 hgbot Note Added: 0129688
2021-06-28 16:12 caristu Relationship added causes 0047255


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker