ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-9804) Link in verification email for Newsletter gives security error
Date Wed, 04 Oct 2017 12:15:01 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacques Le Roux updated OFBIZ-9804:
-----------------------------------
    Description: 
Steps to generate:
1. Go to Ecommerce store https://localhost:8443/ecommerce/control/main
2. In "Sign Up For Contact List" panel from the left menu, select Newsletter, provide email
and click on subscribe button.(Here you should have email configuration to receive email)
3.  Click on the verification link in the email.
It gives following error message

{quote}The Following Errors Occurred:

Error calling event: org.apache.ofbiz.webapp.event.EventHandlerException: Found URL parameter
[contactListId] passed to secure (https) request-map with uri [updateContactListPartyNoUserLogin]
with an event that calls service [updateContactListPartyNoUserLogin]; this is not allowed
for security reasons! The data should be encrypted by making it part of the request body (a
form field) instead of the request URL. Moreover it would be kind if you could create a Jira
sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for
this error does not exist). If you are not sure how to create a Jira issue please have a look
before at https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Contributors+Best+Practices
Thank you in advance for your help.{quote}

Try with the trunk link:
https://demo-trunk.ofbiz.apache.org/ecommerce/control/updateContactListPartyNoUserLogin?contactListId=9000&partyId=_NA_&fromDate=2017-10-04%2010:48:46.531&statusId=CLPT_ACCEPTED&optInVerifyCode=9084207171&baseLocation=/ecommerce&preferredContactMechId=10010

Stable 16 link:
https://demo-stable.ofbiz.apache.org/ecommerce/control/updateContactListPartyNoUserLogin?contactListId=9000&partyId=_NA_&fromDate=2017-10-04%2010:48:46.531&statusId=CLPT_ACCEPTED&optInVerifyCode=9084207171&baseLocation=/ecommerce&preferredContactMechId=10010

  was:
Steps to generate:
1. Go to Ecommerce store https://localhost:8443/ecommerce/control/main
2. In "Sign Up For Contact List" panel from the left menu, select Newsletter, provide email
and click on subscribe button.(Here you should have email configuration to receive email)
3.  Click on the verification link in the email.
It gives following error message

{quote}The Following Errors Occurred:

Error calling event: org.apache.ofbiz.webapp.event.EventHandlerException: Found URL parameter
[contactListId] passed to secure (https) request-map with uri [updateContactListPartyNoUserLogin]
with an event that calls service [updateContactListPartyNoUserLogin]; this is not allowed
for security reasons! The data should be encrypted by making it part of the request body (a
form field) instead of the request URL. Moreover it would be kind if you could create a Jira
sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for
this error does not exist). If you are not sure how to create a Jira issue please have a look
before at https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Contributors+Best+Practices
Thank you in advance for your help.{quote}

Try with the trunk link:
[https://demo-trunk.ofbiz.apache.org/ecommerce/control/updateContactListPartyNoUserLogin?contactListId=9000&partyId=_NA_&fromDate=2017-10-04%2010:48:46.531&statusId=CLPT_ACCEPTED&optInVerifyCode=9084207171&baseLocation=/ecommerce&preferredContactMechId=10010
]
Stable 16 link:
[https://demo-stable.ofbiz.apache.org/ecommerce/control/updateContactListPartyNoUserLogin?contactListId=9000&partyId=_NA_&fromDate=2017-10-04%2010:48:46.531&statusId=CLPT_ACCEPTED&optInVerifyCode=9084207171&baseLocation=/ecommerce&preferredContactMechId=10010
]


> Link in verification email for Newsletter gives security error
> --------------------------------------------------------------
>
>                 Key: OFBIZ-9804
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9804
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ecommerce
>    Affects Versions: Trunk, Release Branch 16.11
>            Reporter: Aditya Sharma
>         Attachments: screenshot-1.png
>
>
> Steps to generate:
> 1. Go to Ecommerce store https://localhost:8443/ecommerce/control/main
> 2. In "Sign Up For Contact List" panel from the left menu, select Newsletter, provide
email and click on subscribe button.(Here you should have email configuration to receive email)
> 3.  Click on the verification link in the email.
> It gives following error message
> {quote}The Following Errors Occurred:
> Error calling event: org.apache.ofbiz.webapp.event.EventHandlerException: Found URL parameter
[contactListId] passed to secure (https) request-map with uri [updateContactListPartyNoUserLogin]
with an event that calls service [updateContactListPartyNoUserLogin]; this is not allowed
for security reasons! The data should be encrypted by making it part of the request body (a
form field) instead of the request URL. Moreover it would be kind if you could create a Jira
sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for
this error does not exist). If you are not sure how to create a Jira issue please have a look
before at https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Contributors+Best+Practices
Thank you in advance for your help.{quote}
> Try with the trunk link:
> https://demo-trunk.ofbiz.apache.org/ecommerce/control/updateContactListPartyNoUserLogin?contactListId=9000&partyId=_NA_&fromDate=2017-10-04%2010:48:46.531&statusId=CLPT_ACCEPTED&optInVerifyCode=9084207171&baseLocation=/ecommerce&preferredContactMechId=10010
> Stable 16 link:
> https://demo-stable.ofbiz.apache.org/ecommerce/control/updateContactListPartyNoUserLogin?contactListId=9000&partyId=_NA_&fromDate=2017-10-04%2010:48:46.531&statusId=CLPT_ACCEPTED&optInVerifyCode=9084207171&baseLocation=/ecommerce&preferredContactMechId=10010



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message