details: https://code.openbravo.com/erp/devel/pi/rev/47941073c4da
changeset: 33646:47941073c4da
user: Asier Lostalé <asier.lostale <at> openbravo.com>
date: Tue Mar 06 14:10:50 2018 +0100
summary: fixed bug 38051: prevents concurrent sessions for same user not
working
When login.limit.user.session is enabled, only one session per named user is
allowed. In case there is another session for the same user that's currently
logging in, a confirmation message appears to tell the user other session will
be cancelled.
After confirmation, login should be completed, but it failed displaying a
blank
page.
The problem was caused because instead of resending a POST request to complete
login, a GET without param values was sent to LoginHandler.
Now it is fixed, in case of accepeted confirmation diagog, login will be sent
again.
diffstat:
src/org/openbravo/base/secureApp/LoginHandler.java | 7 +------
src/org/openbravo/erpCommon/security/Login.html | 4 ++--
web/js/login.js | 17 +++++++++--------
web/js/utils.js | 4 ++--
4 files changed, 14 insertions(+), 18 deletions(-)
diffs (107 lines):
diff -r 19b8956cb77e -r 47941073c4da
src/org/openbravo/base/secureApp/LoginHandler.java
--- a/src/org/openbravo/base/secureApp/LoginHandler.java Tue Mar 06
23:59:15 2018 +0000
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java Tue Mar 06
14:10:50 2018 +0100
@@ -424,12 +424,7 @@
String target = getUserStartPage(strUserAuth, userLoginDefaults,
vars.getSessionValue("target"),
vars.getSessionValue("targetQueryString"));
vars.removeSessionValue("target");
- if (forceNamedUserLogin) {
- // do redirect as login response has already been handled in the client
- res.sendRedirect(target);
- return;
- }
- // All checks passed successfully, continue logging in
+
goToTarget(res, target);
} finally {
OBContext.restorePreviousMode();
diff -r 19b8956cb77e -r 47941073c4da
src/org/openbravo/erpCommon/security/Login.html
--- a/src/org/openbravo/erpCommon/security/Login.html Tue Mar 06 23:59:15
2018 +0000
+++ b/src/org/openbravo/erpCommon/security/Login.html Tue Mar 06 14:10:50
2018 +0100
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2010-2017 Openbravo SLU
+ * All portions are Copyright (C) 2010-2018 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -55,7 +55,7 @@
var recBrowserSafari = '9.0.0.0';
// currentRevision must be the same value as the one returned by
getCurrentRevision() (see utils.js)
-var currentRevision = '32454';
+var currentRevision = '33640';
beforeLoadDo();
</script>
diff -r 19b8956cb77e -r 47941073c4da web/js/login.js
--- a/web/js/login.js Tue Mar 06 23:59:15 2018 +0000
+++ b/web/js/login.js Tue Mar 06 14:10:50 2018 +0100
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2017 Openbravo SLU
+ * All portions are Copyright (C) 2017-2018 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -69,7 +69,7 @@
}
}
-function doLogin() {
+function doLogin(command) {
if (document.getElementById('resetPassword').value === 'true' &&
document.getElementById('user').value !==
document.getElementById('password').value) {
setLoginMessage('Error', errorSamePassword,
errorDifferentPasswordInFields);
return true;
@@ -90,11 +90,8 @@
return true;
}
disableButton('buttonOK');
- if (document.getElementById('resetPassword').value === 'true') {
- submitXmlHttpRequest(loginResult, document.frmIdentificacion,
'FORCE_RESET_PASSWORD', '../secureApp/LoginHandler.html', false, null, null);
- } else {
- submitXmlHttpRequest(loginResult, document.frmIdentificacion, 'DEFAULT',
'../secureApp/LoginHandler.html', false, null, null);
- }
+ command = command || (document.getElementById('resetPassword').value ===
'true' ? 'FORCE_RESET_PASSWORD' : 'DEFAULT');
+ submitXmlHttpRequest(loginResult, document.frmIdentificacion, command,
'../secureApp/LoginHandler.html', false, null, null);
}
return false;
@@ -131,7 +128,11 @@
document.getElementById('confirmpasswordlabel').style.display = '';
}
if (shouldContinue) {
- window.location = result.target;
+ if (result.showMessage && result.messageType === 'Confirmation') {
+ doLogin(result.command)
+ } else {
+ window.location = result.target;
+ }
} else if (result.resetPassword) {
enableButton('buttonOK');
document.getElementById('user').value = '';
diff -r 19b8956cb77e -r 47941073c4da web/js/utils.js
--- a/web/js/utils.js Tue Mar 06 23:59:15 2018 +0000
+++ b/web/js/utils.js Tue Mar 06 14:10:50 2018 +0100
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2017 Openbravo SLU
+ * All portions are Copyright (C) 2001-2018 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -105,7 +105,7 @@
* Return a number that would be checked at the Login screen to know if the
file is cached with the correct version
*/
function getCurrentRevision() {
- var number = '32454';
+ var number = '33640';
return number;
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
