ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Taher Alkhateeb <slidingfilame...@gmail.com>
Subject Re: Issue with opening a bookmarked page when the user is logged out
Date Fri, 24 Aug 2018 08:16:24 GMT
Not enough information. What happens exactly? What is the bug? What do you
mean by it does not let us do that?

On Fri, Aug 24, 2018, 11:09 AM Ritesh Kumar <ritesh.kumar@hotwaxsystems.com>
wrote:

> Hello Taher,
>
> Changing form method to GET is just to make the query parameters visible in
> the URL so that a user is able to bookmark or share it. Using the POST
> method does not let us do that.
>
> On Fri, Aug 24, 2018 at 11:54 AM Taher Alkhateeb <
> slidingfilaments@gmail.com>
> wrote:
>
> > Why did you change the method to GET?
> >
> > On Fri, Aug 24, 2018, 9:20 AM Ritesh Kumar <
> ritesh.kumar@hotwaxsystems.com
> > >
> > wrote:
> >
> > > Just to put my point more clearly, let me add the steps to generate the
> > > above-mentioned case. Please refer demo-trunk
> > > <https://demo-trunk.ofbiz.apache.org/webtools/control/main>.
> > >
> > > 1. Open this link, FindWorkEffort
> > > <https://demo-trunk.ofbiz.apache.org/workeffort/control/FindWorkEffort
> >.
> > > Find Work Effort screen will be rendered.
> > > 2. Inspect and change the form method to "GET".
> > > 3. Apply any of the two statuses (say, Cancelled and Declined). Click
> on
> > > Find.
> > > 4. Records will be fetched according to the applied filters.
> > > 5. Check the URL. Cancelled and Declined statuses must be there in the
> > URL.
> > > 6. Bookmark this page and log out.
> > > 7. Now, open the bookmark.
> > > 8. The login page will be rendered. Check the URL here. It will be the
> > same
> > > as it was when the page was being bookmarked.
> > > 9. Type in the credentials and log in.
> > > 10. The result may be different. Check the URL. One of the statuses is
> > > gone.
> > >
> > > Due to business requirement, I need to show query parameters in the URL
> > so
> > > that the user is able to bookmark the page. And, we normally pass Id in
> > the
> > > parameters, but, due to some reason, I may have to pass values with
> space
> > > characters.
> > >
> > > I hope, this demo puts forth my concern.
> > >
> > >
> > >
> > > On Thu, Aug 23, 2018 at 6:27 PM Ritesh Kumar <
> > > ritesh.kumar@hotwaxsystems.com>
> > > wrote:
> > >
> > > > Hello All,
> > > >
> > > > I faced an issue while trying to open a bookmarked page with OFBiz.
> > > >
> > > > Suppose, the URL of this bookmarked page contains a parameter with
> > > > multiple values and the value may have space character. The query
> > string
> > > in
> > > > the URL looks somewhat like this
> > > >
> > > >
> > >
> >
> "?categoryHierarchy=3%2FCompany+Catalog%2FBrowse+Root%2FCloths%2FMen%2F"&statusId=approved&statusId=created".
> > > > The "%2F" and "+" are encoded value of  "/", a separator and space
> > > > character respectively. The status id parameter appears twice and the
> > > > category hierarchy value has space character.
> > > >
> > > > The user is logged out at this instance and this bookmarked page is
> > > > opened. Since the user is not logged in, the login page is rendered.
> I
> > > feed
> > > > in the credentials and the intended URL is hit. Here, I do not get
> the
> > > > required result.
> > > >
> > > > When I check the URL, the parameter with multiple values just has the
> > > last
> > > > value of the list and "+" is encoded into "%2B". The URL now is
> > > >
> > > >
> > >
> >
> "?categoryHierarchy=3%2FCompany%2BCatalog%2FBrowse%2BRoot%2FCloths%2FMen%2F"&statusId==created."
> > > >
> > > > I did some digging and found out that LoginWorker.checkLogin() comes
> > into
> > > > action and what it does is that it creates a new session object
> > (because
> > > > the previous session becomes invalid) and in the session object, it
> > puts
> > > > the previous URL parameters. This previous URL parameters are fetched
> > > using
> > > > UtilHttp.getUrlOnlyParameterMap(request) which internally calls
> > > > getQueryStringOnlyParameterMap(). This method returns a map by
> breaking
> > > the
> > > > query string into key and value pair. A map can not have duplicate
> keys
> > > (in
> > > > this case removes the approved status) and the value is not decoded
> > > before
> > > > putting it into the map ('+' is not decoded). This map is then used
> to
> > > > create an encoded ('+' is encoded into '%2B' ) redirect target and
> then
> > > > callRedirect() is called on this new redirect target, ending up with
> > > > unintended URL (inside RequestHandler.doRequest()).
> > > >
> > > > I could resolve this issue by decoding the already encoded value
> before
> > > > putting it into the Map and if the key is already present in the Map,
> > it
> > > > must create a list of the values.
> > > >
> > > > Am I missing something or is this really a bug and needs to be
> > addressed
> > > > OOTB?
> > > > If this is a bug, is proposed solution the right one?
> > > >
> > > > --
> > > > Best,
> > > > Ritesh Kumar
> > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message