Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0047255
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[POS2] POScriticalhave not tried2021-06-28 10:502021-06-28 16:20
ReportercbernerView Statuspublic 
Assigned Tocberner 
PriorityhighResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression levelPre packaging ( pi )
Regression date2021-06-21
Regression introduced in release
Regression introduced by commithttps://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^]
Triggers an Emergency PackNo
Summary

0047255: Profile change invalidates current session, requiring log-in again

DescriptionWhen changing profile, the session is invalidated, making it impossible to switch profile or pay tickets without relogging. It is not possible to switch back to the previous profile either, without relogging.

This makes profile button/feature useless, as it requires marking by default a profile, instead of using the expected switch to x profile, as expected.

In backend when the profile changes this is the message that appears in tomcat log:
2021-06-28 10:39:38,095 [http-nio-8080-exec-1] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.retail.posterminal.OrderLoader, SessionID=A0A04E29ED22683F1153877A5C1CAED7, SessionToken=3F503F025D9D40629D3BFDC99098FDD5, RequestToken=8FB1701AE7E14C48B6D25C88F2E8E4A7
Steps To Reproduce1. Open and login in WebPOS
2. Click on user and Profile, change it to something else
3. Try to pay a ticket, or opening profile popup again. (it will fail with a similar error as in attached screenshot)

You may reproduce it in livebuilds: https://livebuilds.openbravo.com/retail_pos2_pgsql/web/pos/?terminal=VBS-2 [^]
TagsNo tags attached.
Attached Filespng file icon localhost_3000__terminal=VBS-2(pos2) (70).png [^] (89,409 bytes) 2021-06-28 10:50

- Relationships Relation Graph ] Dependency Graph ]
depends on backport 0047257TAP closedcberner Profile change invalidates current session, requiring log-in again 
caused by defect 0046814 closedcaristu JIRA 1730 - TerminalLogLoader - Error 401 

-  Notes
(0129851)
cberner (developer)
2021-06-28 12:09

 This is a regression introduced by this commit: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^]
(0129853)
hgbot (developer)
2021-06-28 13:25

 Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/574 [^]
(0129856)
hgbot (developer)
2021-06-28 15:29

 Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: c26dab3c58d030fab5c26a3cc04b4bf6c765e6b0
Author: Cristian Berner <cristian.berner@openbravo.com>
Date: 2021-06-28T13:19:36+02:00
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/c26dab3c58d030fab5c26a3cc04b4bf6c765e6b0 [^]

Fixes ISSUE-47255: Profile change invalidates current session, requiring login again

Profile change removes the current session, resulting in it being
invalidated. However, after that restore session is executed(by
refreshing the window), it should take care of recovering the previous
session and adding new information, like for example the csrf token.

The problem is, InitializeAppData has been modified to only saving csrf token
on login, which is not always the case. If the session or token changes
between a refresh of the application, it is necessary to retrieve the
new one, without requiring to do login.

This commit fixes it by reverting the change done in
InitializeAppData(which removed saving csrf token). Now CSRF token is
saved in savePreRenderActionsResponse function and as such it is
possible to retrieve it in restore session flow, which also fixes the
profile change issue.

---
M web-jspack/org.openbravo.core2/src/components/AppBar/ProfileSelector/__test__/ProfileSelector.test.jsx
M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js
M web-jspack/org.openbravo.core2/src/core/authentication/__test__/RestoreSession.test.js
---
(0129857)
hgbot (developer)
2021-06-28 15:29

 Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/574 [^]

- Issue History
Date Modified Username Field Change
2021-06-28 10:50 cberner New Issue
2021-06-28 10:50 cberner Assigned To => platform
2021-06-28 10:50 cberner File Added: localhost_3000__terminal=VBS-2(pos2) (70).png
2021-06-28 10:50 cberner Resolution time => 1625436000
2021-06-28 10:50 cberner Triggers an Emergency Pack => No
2021-06-28 10:50 cberner Status new => acknowledged
2021-06-28 10:50 cberner Assigned To platform => cberner
2021-06-28 10:52 cberner Description Updated View Revisions
2021-06-28 12:09 cberner Note Added: 0129851
2021-06-28 13:11 cberner Status acknowledged => scheduled
2021-06-28 13:25 hgbot Note Added: 0129853
2021-06-28 15:29 hgbot Resolution open => fixed
2021-06-28 15:29 hgbot Status scheduled => closed
2021-06-28 15:29 hgbot Note Added: 0129856
2021-06-28 15:29 hgbot Note Added: 0129857
2021-06-28 16:12 caristu Relationship added caused by 0046814
2021-06-28 16:19 cberner Regression level => Coding ( Testing )
2021-06-28 16:19 cberner Regression date => 2021-06-21
2021-06-28 16:20 cberner Regression level Coding ( Testing ) => Pre packaging ( pi )
2021-06-28 16:20 cberner Regression introduced by commit => https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^]

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker