Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0047888 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | major | unable to reproduce | 2021-10-20 06:57 | 2021-12-31 14:08 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | cberner | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | RR22Q1 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | RR22Q1 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | OBPS | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0047888: checkServerAvailability does not fail even if the session is corrupted | |||||||
| Description | If a session is corrupted and its csrf token is lost, POS goes offline on the next online POST request as it returns correctly 401 due to missing token, which is correct. When in offline checkServerAvailability requests are sent, they respond with 200 so POS considers it is online, although the next POST request will also fail. | |||||||
| Steps To Reproduce | Although it is unclear why the session got corrupted, this is part of a sequence of requests seen in an actual customer (attached the full sequence of requests received for that session): 1. 19:04 - 19:12 regular activity 2. 19:12:14 AppCacheManifest 200 -> reload page? Might the session be corrupted after this one 3. 19:21:09 ProcessCashClose 401 -> the request is sent without csrf token which makes the validation fail which makes the pos to go offline 4. checkServerAvailability every 10s 200 -> 3 successful requests make pos to go online 5. ProcessCashClose 401 -> actual request fails again so pos is offline again 6. repeats steps 4 and 5 | |||||||
| Proposed Solution | checkServerAvailability should include a csrf token check and in case it is not valid the user should be notified and sent back to login window as their session is not valid anymore. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  25390BD087868B3F5BEB2CDCEAD44D9E.log [^] (950,589 bytes) 2021-10-20 06:58 | |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||
|
|||||||||
 Relationships |
|
Notes |
|
|
(0133308) hgbot (developer) 2021-11-23 17:25 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/303 [^] |
|
(0133334) hgbot (developer) 2021-11-24 18:25 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/672 [^] |
|
(0133391) hgbot (developer) 2021-11-26 14:36 |
Merge Request created: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/merge_requests/5 [^] |
|
(0133785) hgbot (developer) 2021-12-16 18:12 |
Repository: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration [^] Changeset: ddf1e62d995685d8ff42361d4f549dfa5ca721cd Author: Cristian Berner <cristian.berner@openbravo.com> Date: 26-11-2021 11:56:59 URL: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/commit/ddf1e62d995685d8ff42361d4f549dfa5ca721cd [^] Related to ISSUE-47888: Proxy request with error should not proceed Previously proxy bp requests allowed errors to slip through, this means that if for example we get a 401 error when doing the request, it will fail because there's no data present in the response. This is fixed by rejecting the request if it contains an error. --- M web/org.openbravo.retail.samplebpintegration/js/SampleBPIntegrationProxy.js --- |
|
(0133786) hgbot (developer) 2021-12-16 18:12 |
Merge request merged: https://gitlab.com/openbravo/ci/modules/org.openbravo.retail.samplebpintegration/-/merge_requests/5 [^] |
|
(0134085) hgbot (developer) 2021-12-31 14:08 |
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: 038f77b993724e9e8dc621f0cab8295fa313fecf Author: Cristian Berner <cristian.berner@openbravo.com> Date: 31-12-2021 14:06:47 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/038f77b993724e9e8dc621f0cab8295fa313fecf [^] Related to ISSUE-47888: Show dialog when user session is broken and requires logging out If session is in an unrecoverable offline mode, the user requires to logs out and back in to have a new csrf token for him. This project shows this dialog to the user every 2 minutes and informs him on the actions required to have a valid online session. --- M src-db/database/sourcedata/AD_MESSAGE.xml M web-jspack/org.openbravo.core2/src/components/BaseDialog/BaseDialog.scss M web-jspack/org.openbravo.core2/src/components/StatusBar/ServerStatusButton.jsx M web-jspack/org.openbravo.core2/src/components/StatusBar/stories/ServerStatusButton.stories.jsx M web-jspack/org.openbravo.core2/src/components/StatusBar/stories/StatusBarStoriesUtils.jsx M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js M web-jspack/org.openbravo.core2/src/core/remote-server/BackendServer.js M web-jspack/org.openbravo.core2/src/core/remote-server/__test__/BackendServer.test.js M web-jspack/org.openbravo.core2/src/model/session/__test__/Logout.test.js M web-jspack/org.openbravo.core2/src/model/session/user-actions/Logout.js --- |
|
(0134086) hgbot (developer) 2021-12-31 14:08 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/672 [^] |
|
(0134087) hgbot (developer) 2021-12-31 14:08 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 595f45b20ba8d2572b92d0fc5f9e095cd6602501 Author: Cristian Berner <cristian.berner@openbravo.com> Date: 31-12-2021 14:04:17 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/595f45b20ba8d2572b92d0fc5f9e095cd6602501 [^] Fixes ISSUE-47888: CSRF token offline improvements Shows the user a confirmation message when it's session has been broken when csrf token mismatchs and informs that it's in an unrecoverable offline state until he logs back in again. This message is shown every 2 minutes until the users logs out so the session can be regenerated. --- A web/org.openbravo.mobile.core/app/model/business-object/remote-server/actions/SetUnrecoverableOffline.js M src-db/database/sourcedata/AD_MESSAGE.xml M src/org/openbravo/mobile/core/MobileCoreComponentProvider.java M web-test/integration/remote-server/BackendServer.test.js M web-test/integration/remote-server/RemoteServer.test.js M web/org.openbravo.mobile.core/app/integration/remote-server/BackendServer.js M web/org.openbravo.mobile.core/app/integration/remote-server/RemoteServer.js M web/org.openbravo.mobile.core/app/util/network/Request.js M web/org.openbravo.mobile.core/app/view/DialogUIHandler.js M web/org.openbravo.mobile.core/source/component/ob-menu.js --- |
|
(0134088) hgbot (developer) 2021-12-31 14:08 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/303 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2021-10-20 06:57 | alostale | New Issue | |
| 2021-10-20 06:57 | alostale | Assigned To | => platform |
| 2021-10-20 06:57 | alostale | OBNetwork customer | => No |
| 2021-10-20 06:57 | alostale | Triggers an Emergency Pack | => No |
| 2021-10-20 06:57 | alostale | Steps to Reproduce Updated | View Revisions |
| 2021-10-20 06:58 | alostale | File Added: 25390BD087868B3F5BEB2CDCEAD44D9E.log | |
| 2021-10-20 07:14 | alostale | Relationship added | related to 0039123 |
| 2021-10-20 12:22 | alostale | OBNetwork customer | No => OBPS |
| 2021-11-16 16:54 | egoitz | Issue Monitored: egoitz | |
| 2021-11-23 17:25 | hgbot | Merge Request Status | => open |
| 2021-11-23 17:25 | hgbot | Note Added: 0133308 | |
| 2021-11-24 18:25 | hgbot | Note Added: 0133334 | |
| 2021-11-26 14:36 | hgbot | Note Added: 0133391 | |
| 2021-12-16 18:12 | hgbot | Merge Request Status | open => approved |
| 2021-12-16 18:12 | hgbot | Note Added: 0133785 | |
| 2021-12-16 18:12 | hgbot | Note Added: 0133786 | |
| 2021-12-27 16:08 | AugustoMauch | Assigned To | platform => cberner |
| 2021-12-27 16:08 | AugustoMauch | Status | new => scheduled |
| 2021-12-31 14:08 | hgbot | Note Added: 0134085 | |
| 2021-12-31 14:08 | hgbot | Note Added: 0134086 | |
| 2021-12-31 14:08 | hgbot | Resolution | open => fixed |
| 2021-12-31 14:08 | hgbot | Status | scheduled => closed |
| 2021-12-31 14:08 | hgbot | Fixed in Version | => RR22Q1 |
| 2021-12-31 14:08 | hgbot | Note Added: 0134087 | |
| 2021-12-31 14:08 | hgbot | Note Added: 0134088 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |