details: https://code.openbravo.com/erp/devel/pi/rev/47941073c4da changeset: 33646:47941073c4da user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Tue Mar 06 14:10:50 2018 +0100 summary: fixed bug 38051: prevents concurrent sessions for same user not working
When login.limit.user.session is enabled, only one session per named user is allowed. In case there is another session for the same user that's currently logging in, a confirmation message appears to tell the user other session will be cancelled. After confirmation, login should be completed, but it failed displaying a blank page. The problem was caused because instead of resending a POST request to complete login, a GET without param values was sent to LoginHandler. Now it is fixed, in case of accepeted confirmation diagog, login will be sent again. diffstat: src/org/openbravo/base/secureApp/LoginHandler.java | 7 +------ src/org/openbravo/erpCommon/security/Login.html | 4 ++-- web/js/login.js | 17 +++++++++-------- web/js/utils.js | 4 ++-- 4 files changed, 14 insertions(+), 18 deletions(-) diffs (107 lines): diff -r 19b8956cb77e -r 47941073c4da src/org/openbravo/base/secureApp/LoginHandler.java --- a/src/org/openbravo/base/secureApp/LoginHandler.java Tue Mar 06 23:59:15 2018 +0000 +++ b/src/org/openbravo/base/secureApp/LoginHandler.java Tue Mar 06 14:10:50 2018 +0100 @@ -424,12 +424,7 @@ String target = getUserStartPage(strUserAuth, userLoginDefaults, vars.getSessionValue("target"), vars.getSessionValue("targetQueryString")); vars.removeSessionValue("target"); - if (forceNamedUserLogin) { - // do redirect as login response has already been handled in the client - res.sendRedirect(target); - return; - } - // All checks passed successfully, continue logging in + goToTarget(res, target); } finally { OBContext.restorePreviousMode(); diff -r 19b8956cb77e -r 47941073c4da src/org/openbravo/erpCommon/security/Login.html --- a/src/org/openbravo/erpCommon/security/Login.html Tue Mar 06 23:59:15 2018 +0000 +++ b/src/org/openbravo/erpCommon/security/Login.html Tue Mar 06 14:10:50 2018 +0100 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2010-2017 Openbravo SLU + * All portions are Copyright (C) 2010-2018 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -55,7 +55,7 @@ var recBrowserSafari = '9.0.0.0'; // currentRevision must be the same value as the one returned by getCurrentRevision() (see utils.js) -var currentRevision = '32454'; +var currentRevision = '33640'; beforeLoadDo(); </script> diff -r 19b8956cb77e -r 47941073c4da web/js/login.js --- a/web/js/login.js Tue Mar 06 23:59:15 2018 +0000 +++ b/web/js/login.js Tue Mar 06 14:10:50 2018 +0100 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2017 Openbravo SLU + * All portions are Copyright (C) 2017-2018 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -69,7 +69,7 @@ } } -function doLogin() { +function doLogin(command) { if (document.getElementById('resetPassword').value === 'true' && document.getElementById('user').value !== document.getElementById('password').value) { setLoginMessage('Error', errorSamePassword, errorDifferentPasswordInFields); return true; @@ -90,11 +90,8 @@ return true; } disableButton('buttonOK'); - if (document.getElementById('resetPassword').value === 'true') { - submitXmlHttpRequest(loginResult, document.frmIdentificacion, 'FORCE_RESET_PASSWORD', '../secureApp/LoginHandler.html', false, null, null); - } else { - submitXmlHttpRequest(loginResult, document.frmIdentificacion, 'DEFAULT', '../secureApp/LoginHandler.html', false, null, null); - } + command = command || (document.getElementById('resetPassword').value === 'true' ? 'FORCE_RESET_PASSWORD' : 'DEFAULT'); + submitXmlHttpRequest(loginResult, document.frmIdentificacion, command, '../secureApp/LoginHandler.html', false, null, null); } return false; @@ -131,7 +128,11 @@ document.getElementById('confirmpasswordlabel').style.display = ''; } if (shouldContinue) { - window.location = result.target; + if (result.showMessage && result.messageType === 'Confirmation') { + doLogin(result.command) + } else { + window.location = result.target; + } } else if (result.resetPassword) { enableButton('buttonOK'); document.getElementById('user').value = ''; diff -r 19b8956cb77e -r 47941073c4da web/js/utils.js --- a/web/js/utils.js Tue Mar 06 23:59:15 2018 +0000 +++ b/web/js/utils.js Tue Mar 06 14:10:50 2018 +0100 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2001-2017 Openbravo SLU + * All portions are Copyright (C) 2001-2018 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -105,7 +105,7 @@ * Return a number that would be checked at the Login screen to know if the file is cached with the correct version */ function getCurrentRevision() { - var number = '32454'; + var number = '33640'; return number; } ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openbravo-commits mailing list Openbravo-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbravo-commits