Uploaded image for project: 'WebTop'
  1. WebTop
  2. WT-796

Access via OTP returns blank page under some conditions

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • High
    • Resolution: Done
    • Core
    • None
    • 5.7.6
    • release
    • 5.9.2
    • wt-5.10.1
    • 0383

    Description

      By activating the access with OTP and verification mode via Email address, if after entering the security code the "Don't ask again on this device" option is enabled, the login proceeds providing a blank page and you cannot access.

      Steps to reproduce:

      • activate the OTP security access with verification mode via mail address
      • logout and login
      • insert username and password
      • on the next page enter the security code received via email
      • enable the "Don't ask again on this device" option

       Expected behaviour:

      • the login is successful and the next login with the same device the OTP security code is no longer required

      Actual behaviour:

      • the login takes you to a blank page and you cannot log in

      The log shows this:

      2020-05-08 20:25:59 [ERROR] com.sonicle.commons.web.ServletUtils - Unable to encrypt cookie value
      java.lang.NullPointerException: null
              at com.sonicle.commons.web.ServletUtils.createChiper(ServletUtils.java:1427)
              at com.sonicle.commons.web.ServletUtils.encryptCookieValue(ServletUtils.java:1402)
              at com.sonicle.commons.web.ServletUtils.setEncryptedCookie(ServletUtils.java:1381)
              at com.sonicle.commons.web.ServletUtils.setEncryptedCookie(ServletUtils.java:1397)
              at com.sonicle.webtop.core.app.OTPManager.writeTrustedDeviceCookie(OTPManager.java:337)
              at com.sonicle.webtop.core.app.servlet.Otp.processRequest(Otp.java:113)
              at com.sonicle.webtop.core.app.AbstractServlet.doPost(AbstractServlet.java:62)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
              at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:470)
              at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395)
              at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316)
              at com.sonicle.commons.web.ServletUtils.forwardRequest(ServletUtils.java:1295)
              at com.sonicle.webtop.core.app.servlet.UIPrivate.processRequest(UIPrivate.java:131)
              at com.sonicle.webtop.core.app.AbstractServlet.doPost(AbstractServlet.java:62)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
              at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
              at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
              at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
              at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
              at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
              at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
              at com.sonicle.webtop.core.app.shiro.filter.GZip.doFilterInternal(GZip.java:60)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
              at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
              at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
              at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
              at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
              at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
              at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
              at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:748)
      2020-05-08 20:25:59 [ERROR] c.s.webtop.core.app.servlet.Otp - Error
      java.lang.RuntimeException: java.lang.NullPointerException
              at com.sonicle.commons.web.ServletUtils.setCookie(ServletUtils.java:1353)
              at com.sonicle.commons.web.ServletUtils.setEncryptedCookie(ServletUtils.java:1382)
              at com.sonicle.commons.web.ServletUtils.setEncryptedCookie(ServletUtils.java:1397)
              at com.sonicle.webtop.core.app.OTPManager.writeTrustedDeviceCookie(OTPManager.java:337)
              at com.sonicle.webtop.core.app.servlet.Otp.processRequest(Otp.java:113)
              at com.sonicle.webtop.core.app.AbstractServlet.doPost(AbstractServlet.java:62)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:112)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
              at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:470)
              at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395)
              at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316)
              at com.sonicle.commons.web.ServletUtils.forwardRequest(ServletUtils.java:1295)
              at com.sonicle.webtop.core.app.servlet.UIPrivate.processRequest(UIPrivate.java:131)
              at com.sonicle.webtop.core.app.AbstractServlet.doPost(AbstractServlet.java:62)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
              at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
              at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
              at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
              at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
              at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
              at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
              at com.sonicle.webtop.core.app.shiro.filter.GZip.doFilterInternal(GZip.java:60)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
              at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
              at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
              at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
              at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
              at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
              at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
              at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
              at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
              at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
              at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
              at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)
              at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
              at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
              at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
              at java.lang.Thread.run(Thread.java:748)
      Caused by: java.lang.NullPointerException: null
              at java.net.URLEncoder.encode(URLEncoder.java:204)
              at com.sonicle.commons.web.ServletUtils.setCookie(ServletUtils.java:1347)
              ... 69 common frames omitted
      
      

      Note: If you use Google Auth the problem does NOT occur

       

      (Internal Ref: #103528)

      Attachments

        Activity

          People

            federico.ballarini Federico Ballarini
            luca.gasparini Luca Gasparini
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package