Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0056149 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| design defect | [POS2] POS | major | have not tried | 2024-08-01 13:47 | 2024-09-09 18:30 | |||
| Reporter | njimenez | View Status | public | |||||
| Assigned To | caristu | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 24Q4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0056149: Authorization code open id protocol does not work while making login in sco | |||||||
| Description | Right now it is possible to make login with the open id protocol in the pos application. Also should be possible to do login with open id in the sco application too but there is a problem with the authorization code protocol The login in sco for external authorization was defined thinking on pkce protocol were the communication exchange take place in the pos application side. Once you receive the token with the user information the call to the backoffice is done to validate the received user identifier. This is why in sco there were no problem on making two different calls one to the switch user approval and the second to the login handler with the same user credentials information as at this point non communication is going to be performed with the authorization provider. The problem that we have found in the authorization code protocol is that we are expecting to make the communication exchange to obtain the token id with the user information in the backoffice side. So the second attept to make authorization, this is when the login handler calls, will always be refused as we are trying to call a second time to the authorization provider to obtain the token id with the same code. | |||||||
| Steps To Reproduce | 1. Configure an authentication provider at the backoffice with type opend id and authorization code protocol https://wiki.openbravo.com/wiki/Authentication#OpenID_Authentication [^] 2. Open the pos application 3. Do click on switch to sco mode button 4. Click on authorization provider button instead of providing user credentials 5. See how the screen gets blocked doing login | |||||||
| Proposed Solution | 1. In MobileCoreLoginHandler class we are going to add a new validation in doPost method to switch application. if (req.getParameter("switchAppMode")) { // Authenticate to make sure if the switch application mode can be done // The authenticated user will be saved } This validation will be done before calling LoginHandler in line 120. In login hanler a protected method called for example, authenticate(request, response) will be added. This method will be check the session value stored in the previous step. If it does exist the session value will be removed and returned to the login handler, otherwise, the reqular authentication will be performed. With those changes the class shouldn be needed but there are more validations performed here. Maybe will be needed to be done on mobile core or just remove the authentication from switch user. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0168199) hgbot (developer) 2024-08-19 09:31 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1331 [^] |
|
(0168326) hgbot (developer) 2024-08-21 14:50 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1567 [^] |
|
(0168327) hgbot (developer) 2024-08-21 14:51 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^] |
|
(0168328) hgbot (developer) 2024-08-21 14:51 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^] |
|
(0168587) hgbot (developer) 2024-08-30 12:45 |
Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^] |
|
(0168593) hgbot (developer) 2024-08-30 13:26 |
Merge request closed: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^] |
|
(0168978) hgbot (developer) 2024-09-09 18:04 |
Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: 8d1ea0c066af49b6a00b9f9cbe8a856b6e8f8262 Author: Ignacio De Andrés <ignacio.deandres@openbravo.com> Date: 09-09-2024 16:04:19 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/8d1ea0c066af49b6a00b9f9cbe8a856b6e8f8262 [^] related to BUG-56149: make getAuthenticationManager more generic --- M src/org/openbravo/base/secureApp/LoginHandler.java --- |
|
(0168979) hgbot (developer) 2024-09-09 18:04 |
Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1331 [^] |
|
(0168980) hgbot (developer) 2024-09-09 18:14 |
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 81b830a53e0861685180c75318969824dfe299ae Author: Ignacio De Andrés <ignacio.deandres@openbravo.com> Date: 09-09-2024 16:14:35 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/81b830a53e0861685180c75318969824dfe299ae [^] related to BUG-56149: custom authentication flow for user switch Add support to an special authentication when switching the user to enter with a new application mode. This is used to avoid requesting the credentials twice which makes the authentication with external providers not to work properly in this scenario. Note that although the user switching is a core2 feature, we are adding it here because the current hierarchy of LoginHandlers defined by mobile applications (like POS2) does not allow to place this infrastructure in the core2 module. --- A src/org/openbravo/mobile/core/login/SwitchedUserAuthenticationManager.java M src/org/openbravo/mobile/core/login/MobileCoreLoginHandler.java --- |
|
(0168981) hgbot (developer) 2024-09-09 18:14 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/740 [^] |
|
(0168982) hgbot (developer) 2024-09-09 18:16 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/1567 [^] |
|
(0168983) hgbot (developer) 2024-09-09 18:16 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: 72d51dc758f36ea1fb9e3fedce207e3e7aa24e77 Author: Ignacio De Andrés <ignacio.deandres@openbravo.com> Date: 09-09-2024 16:15:58 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/72d51dc758f36ea1fb9e3fedce207e3e7aa24e77 [^] fixes BUG-56149: support switch user with external authentication providers --- M src-db/database/sourcedata/AD_MESSAGE.xml M src/org/openbravo/core2/process/CheckUserSwitch.java M web-jspack/org.openbravo.core2/src/core/authentication/LoginProcess.js M web-jspack/org.openbravo.core2/src/model/session/__test__/ClearSession-actionPreparation.test.js M web-jspack/org.openbravo.core2/src/model/session/actions/ClearSessionActionPreparation.js M web-jspack/org.openbravo.core2/src/model/session/user-actions/SwitchUser.js --- |
|
(0168984) hgbot (developer) 2024-09-09 18:16 |
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout [^] Changeset: bd6f9812faad04bef992b54fde99820695279ef4 Author: Ignacio De Andrés <ignacio.deandres@openbravo.com> Date: 09-09-2024 16:16:52 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/commit/bd6f9812faad04bef992b54fde99820695279ef4 [^] related to BUG-56149: support switch user with external authentication providers --- M src-db/database/sourcedata/AD_MESSAGE.xml M src/org/openbravo/pos2/selfcheckout/login/SCOAutologinHandler.java M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchToPOS.js M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchToSelfCheckout.js M web-jspack/org.openbravo.pos2.selfcheckout/src/model/sco-mode/SwitchUserFunctions.js --- |
|
(0168985) hgbot (developer) 2024-09-09 18:16 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.pos2.selfcheckout/-/merge_requests/67 [^] |
|
(0168986) hgbot (developer) 2024-09-09 18:30 |
Repository: https://gitlab.com/openbravo/ci/backoffice-api [^] Changeset: e078e76e18e32a98f379da24ff9074c37a794ab9 Author: Carlos Aristu <carlos.aristu@openbravo.com> Date: 09-09-2024 18:30:06 URL: https://gitlab.com/openbravo/ci/backoffice-api/-/commit/e078e76e18e32a98f379da24ff9074c37a794ab9 [^] related to FR-56149: change LoginHandler.getAuthenticationManager signature --- M java/reference/java.japi.gz --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2024-08-01 13:47 | njimenez | New Issue | |
| 2024-08-01 13:47 | njimenez | Assigned To | => Triage Platform Conn |
| 2024-08-01 13:47 | njimenez | Triggers an Emergency Pack | => No |
| 2024-08-01 13:47 | njimenez | Relationship added | related to 0055941 |
| 2024-08-13 10:10 | adrianromero | Assigned To | Triage Platform Conn => ignacio_deandres |
| 2024-08-13 10:59 | njimenez | Proposed Solution updated | |
| 2024-08-19 09:31 | hgbot | Note Added: 0168199 | |
| 2024-08-21 14:50 | hgbot | Note Added: 0168326 | |
| 2024-08-21 14:51 | hgbot | Note Added: 0168327 | |
| 2024-08-21 14:51 | hgbot | Note Added: 0168328 | |
| 2024-08-30 12:45 | hgbot | Note Added: 0168587 | |
| 2024-08-30 13:26 | hgbot | Note Added: 0168593 | |
| 2024-09-02 11:33 | adrianromero | Assigned To | ignacio_deandres => caristu |
| 2024-09-09 18:04 | hgbot | Note Added: 0168978 | |
| 2024-09-09 18:04 | hgbot | Note Added: 0168979 | |
| 2024-09-09 18:14 | hgbot | Note Added: 0168980 | |
| 2024-09-09 18:14 | hgbot | Note Added: 0168981 | |
| 2024-09-09 18:16 | hgbot | Note Added: 0168982 | |
| 2024-09-09 18:16 | hgbot | Resolution | open => fixed |
| 2024-09-09 18:16 | hgbot | Status | new => closed |
| 2024-09-09 18:16 | hgbot | Fixed in Version | => 24Q4 |
| 2024-09-09 18:16 | hgbot | Note Added: 0168983 | |
| 2024-09-09 18:16 | hgbot | Note Added: 0168984 | |
| 2024-09-09 18:16 | hgbot | Note Added: 0168985 | |
| 2024-09-09 18:30 | hgbot | Note Added: 0168986 | |
| 2024-09-11 14:23 | jarmendariz | Relationship added | causes 0056430 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |