Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | ||||||||
0047255 | ||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
defect | [POS2] POS | critical | have not tried | 2021-06-28 10:50 | 2021-06-28 16:20 | |||
Reporter | cberner | View Status | public | |||||
Assigned To | cberner | |||||||
Priority | high | Resolution | fixed | Fixed in Version | ||||
Status | closed | Fix in branch | Fixed in SCM revision | |||||
Projection | none | ETA | none | Target Version | ||||
OS | Any | Database | Any | Java version | ||||
OS Version | Database version | Ant version | ||||||
Product Version | SCM revision | |||||||
Review Assigned To | ||||||||
Regression level | Pre packaging ( pi ) | |||||||
Regression date | 2021-06-21 | |||||||
Regression introduced in release | ||||||||
Regression introduced by commit | https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^] | |||||||
Triggers an Emergency Pack | No | |||||||
Summary | 0047255: Profile change invalidates current session, requiring log-in again | |||||||
Description | When changing profile, the session is invalidated, making it impossible to switch profile or pay tickets without relogging. It is not possible to switch back to the previous profile either, without relogging. This makes profile button/feature useless, as it requires marking by default a profile, instead of using the expected switch to x profile, as expected. In backend when the profile changes this is the message that appears in tomcat log: 2021-06-28 10:39:38,095 [http-nio-8080-exec-1] ERROR org.openbravo.mobile.core.process.MobileService - CSRF token check failed. Request=/openbravo/org.openbravo.mobile.core.service.jsonrest/org.openbravo.retail.posterminal.OrderLoader, SessionID=A0A04E29ED22683F1153877A5C1CAED7, SessionToken=3F503F025D9D40629D3BFDC99098FDD5, RequestToken=8FB1701AE7E14C48B6D25C88F2E8E4A7 | |||||||
Steps To Reproduce | 1. Open and login in WebPOS 2. Click on user and Profile, change it to something else 3. Try to pay a ticket, or opening profile popup again. (it will fail with a similar error as in attached screenshot) You may reproduce it in livebuilds: https://livebuilds.openbravo.com/retail_pos2_pgsql/web/pos/?terminal=VBS-2 [^] | |||||||
Tags | No tags attached. | |||||||
Attached Files | localhost_3000__terminal=VBS-2(pos2) (70).png [^] (89,409 bytes) 2021-06-28 10:50
| |||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | |||||||||||||||
|
Notes | |
(0129851) cberner (developer) 2021-06-28 12:09 |
This is a regression introduced by this commit: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^] |
(0129853) hgbot (developer) 2021-06-28 13:25 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/574 [^] |
(0129856) hgbot (developer) 2021-06-28 15:29 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: c26dab3c58d030fab5c26a3cc04b4bf6c765e6b0 Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2021-06-28T13:19:36+02:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/c26dab3c58d030fab5c26a3cc04b4bf6c765e6b0 [^] Fixes ISSUE-47255: Profile change invalidates current session, requiring login again Profile change removes the current session, resulting in it being invalidated. However, after that restore session is executed(by refreshing the window), it should take care of recovering the previous session and adding new information, like for example the csrf token. The problem is, InitializeAppData has been modified to only saving csrf token on login, which is not always the case. If the session or token changes between a refresh of the application, it is necessary to retrieve the new one, without requiring to do login. This commit fixes it by reverting the change done in InitializeAppData(which removed saving csrf token). Now CSRF token is saved in savePreRenderActionsResponse function and as such it is possible to retrieve it in restore session flow, which also fixes the profile change issue. --- M web-jspack/org.openbravo.core2/src/components/AppBar/ProfileSelector/__test__/ProfileSelector.test.jsx M web-jspack/org.openbravo.core2/src/core/authentication/InitializeAppData.js M web-jspack/org.openbravo.core2/src/core/authentication/__test__/RestoreSession.test.js --- |
(0129857) hgbot (developer) 2021-06-28 15:29 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/574 [^] |
Issue History | |||
Date Modified | Username | Field | Change |
2021-06-28 10:50 | cberner | New Issue | |
2021-06-28 10:50 | cberner | Assigned To | => platform |
2021-06-28 10:50 | cberner | File Added: localhost_3000__terminal=VBS-2(pos2) (70).png | |
2021-06-28 10:50 | cberner | Resolution time | => 1625436000 |
2021-06-28 10:50 | cberner | Triggers an Emergency Pack | => No |
2021-06-28 10:50 | cberner | Status | new => acknowledged |
2021-06-28 10:50 | cberner | Assigned To | platform => cberner |
2021-06-28 10:52 | cberner | Description Updated | View Revisions |
2021-06-28 12:09 | cberner | Note Added: 0129851 | |
2021-06-28 13:11 | cberner | Status | acknowledged => scheduled |
2021-06-28 13:25 | hgbot | Note Added: 0129853 | |
2021-06-28 15:29 | hgbot | Resolution | open => fixed |
2021-06-28 15:29 | hgbot | Status | scheduled => closed |
2021-06-28 15:29 | hgbot | Note Added: 0129856 | |
2021-06-28 15:29 | hgbot | Note Added: 0129857 | |
2021-06-28 16:12 | caristu | Relationship added | caused by 0046814 |
2021-06-28 16:19 | cberner | Regression level | => Coding ( Testing ) |
2021-06-28 16:19 | cberner | Regression date | => 2021-06-21 |
2021-06-28 16:20 | cberner | Regression level | Coding ( Testing ) => Pre packaging ( pi ) |
2021-06-28 16:20 | cberner | Regression introduced by commit | => https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/204b1a709ed0077358e345ae50063a0acb8e77da [^] |
Copyright © 2000 - 2009 MantisBT Group |