Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0056149
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[POS2] POSmajorhave not tried2024-08-01 13:472024-09-09 18:30
ReporternjimenezView Statuspublic 
Assigned Tocaristu 
PrioritynormalResolutionfixedFixed in Version24Q4
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0056149: Authorization code open id protocol does not work while making login in sco

DescriptionRight now it is possible to make login with the open id protocol in the pos application. Also should be possible to do login with open id in the sco application too but there is a problem with the authorization code protocol

The login in sco for external authorization was defined thinking on pkce protocol were the communication exchange take place in the pos application side. Once you receive the token with the user information the call to the backoffice is done to validate the received user identifier.

This is why in sco there were no problem on making two different calls one to the switch user approval and the second to the login handler with the same user credentials information as at this point non communication is going to be performed with the authorization provider.

The problem that we have found in the authorization code protocol is that we are expecting to make the communication exchange to obtain the token id with the user information in the backoffice side. So the second attept to make authorization, this is when the login handler calls, will always be refused as we are trying to call a second time to the authorization provider to obtain the token id with the same code.
Steps To Reproduce1. Configure an authentication provider at the backoffice with type opend id and authorization code protocol

https://wiki.openbravo.com/wiki/Authentication#OpenID_Authentication [^]

2. Open the pos application
3. Do click on switch to sco mode button
4. Click on authorization provider button instead of providing user credentials
5. See how the screen gets blocked doing login
Proposed Solution1. In MobileCoreLoginHandler class we are going to add a new validation in doPost method to switch application.

if (req.getParameter("switchAppMode")) {
 // Authenticate to make sure if the switch application mode can be done
 // The authenticated user will be saved
}

This validation will be done before calling LoginHandler in line 120.

In login hanler a protected method called for example, authenticate(request, response) will be added.

This method will be check the session value stored in the previous step. If it does exist the session value will be removed and returned to the login handler, otherwise, the reqular authentication will be performed.

With those changes the class shouldn be needed but there are more validations performed here. Maybe will be needed to be done on mobile core or just remove the authentication from switch user.





TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 0055941 closednjimenez Login and approvals in pos with oauth2 
causes defect 0056430 closedjarmendariz Unable to switch from SCO to POS 

-  Notes
(0168199)
hgbot (developer)
2024-08-19 09:31

Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1331 [^]
(0168326)
hgbot (developer)
2024-08-21 14:50

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1567 [^]
(0168327)
hgbot (developer)
2024-08-21 14:51

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^]
(0168328)
hgbot (developer)
2024-08-21 14:51

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^]
(0168587)
hgbot (developer)
2024-08-30 12:45

Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^]
(0168593)
hgbot (developer)
2024-08-30 13:26

Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^]
(0168978)
hgbot (developer)
2024-09-09 18:04

Repository: https://gitlab.com/openbravo/product/openbravo [^]
Changeset: 8d1ea0c066af49b6a00b9f9cbe8a856b6e8f8262
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:04:19
URL: https://gitlab.com/openbravo/product/openbravo/-/commit/8d1ea0c066af49b6a00b9f9cbe8a856b6e8f8262 [^]

related to BUG-56149: make getAuthenticationManager more generic

---
M src/org/openbravo/base/secureApp/LoginHandler.java
---
(0168979)
hgbot (developer)
2024-09-09 18:04

Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1331 [^]
(0168980)
hgbot (developer)
2024-09-09 18:14

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 81b830a53e0861685180c75318969824dfe299ae
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:14:35
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/81b830a53e0861685180c75318969824dfe299ae [^]

related to BUG-56149: custom authentication flow for user switch

  Add support to an special authentication when switching the user to enter with a new application mode. This is used to avoid requesting the credentials twice which makes the authentication with external providers not to work properly in this scenario.

  Note that although the user switching is a core2 feature, we are adding it here because the current hierarchy of LoginHandlers defined by mobile applications (like POS2) does not allow to place this infrastructure in the core2 module.

---
A src/org/openbravo/mobile/core/login/SwitchedUserAuthenticationManager.java
M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java
---
(0168981)
hgbot (developer)
2024-09-09 18:14

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^]
(0168982)
hgbot (developer)
2024-09-09 18:16

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1567 [^]
(0168983)
hgbot (developer)
2024-09-09 18:16

Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^]
Changeset: 72d51dc758f36ea1fb9e3fedce207e3e7aa24e77
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:15:58
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/72d51dc758f36ea1fb9e3fedce207e3e7aa24e77 [^]

fixes BUG-56149: support switch user with external authentication providers

---
M src-db/database/sourcedata/AD_MESSAGE.xml
M src/org/openbravo/core2/process/CheckUserSwitch.java
M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js
M web-jspack/org.openbravo.core2/src/model/session/__test__/ClearSession-actionPreparation.test.js
M web-jspack/org.openbravo.core2/src/model/session/actions/ClearSessionActionPreparation.js
M web-jspack/org.openbravo.core2/src/model/session/user-actions/SwitchUser.js
---
(0168984)
hgbot (developer)
2024-09-09 18:16

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout [^]
Changeset: bd6f9812faad04bef992b54fde99820695279ef4
Author: Ignacio De Andrés <ignacio.deandres@openbravo.com>
Date: 09-09-2024 16:16:52
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/commit/bd6f9812faad04bef992b54fde99820695279ef4 [^]

related to BUG-56149: support switch user with external authentication providers

---
M src-db/database/sourcedata/AD_MESSAGE.xml
M src/org/openbravo/pos2/selfcheckout/login/SCOAutologinHandler.java
M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchToPOS.js
M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchToSelfCheckout.js
M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchUserFunctions.js
---
(0168985)
hgbot (developer)
2024-09-09 18:16

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^]
(0168986)
hgbot (developer)
2024-09-09 18:30

Repository: https://gitlab.com/openbravo/ci/backoffice-api [^]
Changeset: e078e76e18e32a98f379da24ff9074c37a794ab9
Author: Carlos Aristu <carlos.aristu@openbravo.com>
Date: 09-09-2024 18:30:06
URL: https://gitlab.com/openbravo/ci/backoffice-api/-/commit/e078e76e18e32a98f379da24ff9074c37a794ab9 [^]

related to FR-56149: change LoginHandler.getAuthenticationManager signature

---
M java/reference/java.japi.gz
---

- Issue History
Date Modified Username Field Change
2024-08-01 13:47 njimenez New Issue
2024-08-01 13:47 njimenez Assigned To => Triage Platform Conn
2024-08-01 13:47 njimenez Triggers an Emergency Pack => No
2024-08-01 13:47 njimenez Relationship added related to 0055941
2024-08-13 10:10 adrianromero Assigned To Triage Platform Conn => ignacio_deandres
2024-08-13 10:59 njimenez Proposed Solution updated
2024-08-19 09:31 hgbot Note Added: 0168199
2024-08-21 14:50 hgbot Note Added: 0168326
2024-08-21 14:51 hgbot Note Added: 0168327
2024-08-21 14:51 hgbot Note Added: 0168328
2024-08-30 12:45 hgbot Note Added: 0168587
2024-08-30 13:26 hgbot Note Added: 0168593
2024-09-02 11:33 adrianromero Assigned To ignacio_deandres => caristu
2024-09-09 18:04 hgbot Note Added: 0168978
2024-09-09 18:04 hgbot Note Added: 0168979
2024-09-09 18:14 hgbot Note Added: 0168980
2024-09-09 18:14 hgbot Note Added: 0168981
2024-09-09 18:16 hgbot Note Added: 0168982
2024-09-09 18:16 hgbot Resolution open => fixed
2024-09-09 18:16 hgbot Status new => closed
2024-09-09 18:16 hgbot Fixed in Version => 24Q4
2024-09-09 18:16 hgbot Note Added: 0168983
2024-09-09 18:16 hgbot Note Added: 0168984
2024-09-09 18:16 hgbot Note Added: 0168985
2024-09-09 18:30 hgbot Note Added: 0168986
2024-09-11 14:23 jarmendariz Relationship added causes 0056430


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker