platform icon indicating copy to clipboard operation
platform copied to clipboard

Published 20 hours ago verified publisher icon oroinc

Websocket connection not authenticated after changing password

Open hvanoch opened this issue 2 years ago • 1 comments

Summary
Websocket connection is not authenticated properly when changing password and refreshing the page.

Steps to reproduce

  1. Login
  2. Open devtools
  3. Change password of logged in user
  4. Refresh the page

Actual Result

Console prints error:

Uncaught SyntaxError: Unexpected token H in JSON at position 0
    at JSON.parse (<anonymous>)

Expected Result
Websocket connection is authenticated

Details about your environment

  • OroPlatform version: 4.2.9
  • PHP version: 8.0.16

Additional information
Issue is that once the user is loaded in the entity manager, during the websocket server runtime, it is never refreshed from the database. So it will still use the old password (hash) for creating the ticket digest. Reference: oro/platform/src/Oro/Bundle/SyncBundle/Security/TicketAuthenticationProvider.php:122 image

hvanoch avatar Mar 08 '22 14:03 hvanoch

Thank you for your report, @hvanoch

Internal ticket id #BAP-21278.

webevt avatar Mar 11 '22 19:03 webevt