Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Websocket connection not authenticated after changing password #1079

Open
hvanoch opened this issue Mar 8, 2022 · 1 comment
Open

Websocket connection not authenticated after changing password #1079

hvanoch opened this issue Mar 8, 2022 · 1 comment
Labels
bug scheduled for implementation

Comments

@hvanoch
Copy link

hvanoch commented Mar 8, 2022

Summary
Websocket connection is not authenticated properly when changing password and refreshing the page.

Steps to reproduce

  1. Login
  2. Open devtools
  3. Change password of logged in user
  4. Refresh the page

Actual Result

Console prints error:

Uncaught SyntaxError: Unexpected token H in JSON at position 0
    at JSON.parse (<anonymous>)

Expected Result
Websocket connection is authenticated

Details about your environment

  • OroPlatform version: 4.2.9
  • PHP version: 8.0.16

Additional information
Issue is that once the user is loaded in the entity manager, during the websocket server runtime, it is never refreshed from the database. So it will still use the old password (hash) for creating the ticket digest.
Reference: oro/platform/src/Oro/Bundle/SyncBundle/Security/TicketAuthenticationProvider.php:122
image
@webevt
Copy link
Contributor

webevt commented Mar 11, 2022

Thank you for your report, @hvanoch

Internal ticket id #BAP-21278.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug scheduled for implementation
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mbessolov @webevt @hvanoch