Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | ||||||||
0046814 | ||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
defect | [POS2] POS | minor | sometimes | 2021-05-24 16:02 | 2021-06-21 13:53 | |||
Reporter | jmelin | View Status | public | |||||
Assigned To | caristu | |||||||
Priority | high | Resolution | fixed | Fixed in Version | ||||
Status | closed | Fix in branch | Fixed in SCM revision | |||||
Projection | none | ETA | none | Target Version | ||||
OS | Linux 64 bit | Database | PostgreSQL | Java version | 7.x | |||
OS Version | Openbravo Appliance 14.04 | Database version | 9.3.x | Ant version | 1.9.x | |||
Product Version | SCM revision | |||||||
Review Assigned To | ||||||||
Regression level | ||||||||
Regression date | ||||||||
Regression introduced in release | ||||||||
Regression introduced by commit | ||||||||
Triggers an Emergency Pack | No | |||||||
Summary | 0046814: JIRA 1730 - TerminalLogLoader - Error 401 | |||||||
Description | On the POS, we have in console/network a 401 error on TerminalLogLoader Request URL: https://agapes-test.cloud.openbravo.com/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.mobile.core.TerminalLogLoader?$timeout=15000 [^] Request Method: POST Status Code: 401 401 Response: {"response":{"status":-1,"error":{"message":"Request CSRF Token does not match with the one provided by Session","messageType":"Error","title":""},"totalRows":0}} EDIT ggi: * Summary: Most probably the problem is related to the synchronization buffer starting to soon. * Details: When the login finish it is saved the csrf token, that is needed for all the requests to backend to work. Looks like the synchronization buffer is trying to start sending messages to backend when we still don't have this csrf token. It fails with the terminal log messages because they are the most common messages, also are generated while logout and when user is doing login, so is common to have terminal log messages waiting that the synchronization buffer starts after login to start synchronizing them * Proposed fix: Delay the start of the synchronization buffer till we have the csrf token. | |||||||
Steps To Reproduce | 1. Connect to POS 2. Start to create an order and wait sometimes => After sometimes, you have an error 401 In the log of the OB Central server: 2021-05-24 14:02:52,329 [http-6] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.mobile.core.TerminalLogLoader, SessionID=BD542A0BA4D64A1962BB9E9E9ECF8614, SessionToken=8FCA6897EF3E4F0AAD32EA39789DA5D2, RequestToken=3E07EB9164CC4D58AE6853F56C389079 | |||||||
Tags | No tags attached. | |||||||
Attached Files | ||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | |||||||||||||||
|
Notes | |
(0129251) gorka_gil (administrator) 2021-06-09 12:02 |
Reducing from major to minor, since no information is lost, it will synchronize after the message with no problems |
(0129358) guilleaer (manager) 2021-06-10 17:57 |
Even being minor, this issue needs to be backported |
(0129408) hgbot (developer) 2021-06-11 12:22 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/554 [^] |
(0129409) hgbot (developer) 2021-06-11 12:47 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^] |
(0129685) hgbot (developer) 2021-06-21 13:53 |
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 6f1fb510e486382721ce7ef0c28245b60abca5a8 Author: Carlos Aristu <carlos.aristu@openbravo.com> Date: 2021-06-21T10:21:00+02:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/6f1fb510e486382721ce7ef0c28245b60abca5a8 [^] related to ISSUE-46814: include CSRF token on login response --- M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java --- |
(0129686) hgbot (developer) 2021-06-21 13:53 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^] |
(0129687) hgbot (developer) 2021-06-21 13:53 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: 204b1a709ed0077358e345ae50063a0acb8e77da Author: Carlos Aristu <carlos.aristu@openbravo.com> Date: 2021-06-21T11:53:25+00:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^] fixes ISSUE-46814: failed request due to incorrect CSRF token Fix failed request done right after login because it is done with an invalid CSRF token. This problem happens because the synchronization buffer is started before retrieving the CSRF token on login. Therefore, if there are pending synchronization buffer messages to synchronize with the backend which require an HTTP request to be processed, the request fails because the CSRF token has not been retrieved yet. Fixing this problem by including the CSRF token on the login request itself (see [1]), and saving it in the client before starting the synchronization buffer. [1] https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/234 [^] --- M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js M web-jspack/org.openbravo.core2/src/core/authentication/__test__/LoginProcess.test.js M web-jspack/org.openbravo.core2/src/core/authentication/__test__/RestoreSession.test.js --- |
(0129688) hgbot (developer) 2021-06-21 13:53 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/554 [^] |
Issue History | |||
Date Modified | Username | Field | Change |
2021-05-24 16:02 | jmelin | New Issue | |
2021-05-24 16:02 | jmelin | Assigned To | => Retail |
2021-05-24 16:02 | jmelin | Triggers an Emergency Pack | => No |
2021-05-25 12:11 | gorka_gil | Note Added: 0128611 | |
2021-05-25 12:16 | gorka_gil | Description Updated | View Revisions |
2021-05-25 12:16 | gorka_gil | Note Deleted: 0128611 | |
2021-05-25 12:20 | guilleaer | Resolution time | => 1623103200 |
2021-05-25 12:20 | guilleaer | Assigned To | Retail => platform |
2021-05-25 12:20 | guilleaer | Status | new => scheduled |
2021-05-25 12:20 | guilleaer | Status | scheduled => acknowledged |
2021-05-25 18:48 | guilleaer | Resolution time | 1623103200 => 1623362400 |
2021-05-28 13:23 | gorka_gil | Assigned To | platform => gorka_gil |
2021-05-28 22:19 | guilleaer | Status | acknowledged => scheduled |
2021-05-28 22:19 | guilleaer | Relationship deleted | depends on 0046827 |
2021-06-09 12:02 | gorka_gil | Severity | major => minor |
2021-06-09 12:02 | gorka_gil | Note Added: 0129251 | |
2021-06-09 16:57 | guilleaer | Severity | minor => major |
2021-06-10 17:56 | guilleaer | Assigned To | gorka_gil => caristu |
2021-06-10 17:56 | guilleaer | Severity | major => minor |
2021-06-10 17:57 | guilleaer | Note Added: 0129358 | |
2021-06-10 17:57 | guilleaer | Resolution time | 1623362400 => 1623967200 |
2021-06-10 17:59 | guilleaer | Resolution time | 1623967200 => 1623880800 |
2021-06-11 12:22 | hgbot | Note Added: 0129408 | |
2021-06-11 12:47 | hgbot | Note Added: 0129409 | |
2021-06-21 13:53 | hgbot | Note Added: 0129685 | |
2021-06-21 13:53 | hgbot | Note Added: 0129686 | |
2021-06-21 13:53 | hgbot | Resolution | open => fixed |
2021-06-21 13:53 | hgbot | Status | scheduled => closed |
2021-06-21 13:53 | hgbot | Note Added: 0129687 | |
2021-06-21 13:53 | hgbot | Note Added: 0129688 | |
2021-06-28 16:12 | caristu | Relationship added | causes 0047255 |
Copyright © 2000 - 2009 MantisBT Group |