New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checking page_id and app_user for creating session #49

Open
OliverLemm opened this Issue Mar 2, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@OliverLemm
Copy link

OliverLemm commented Mar 2, 2016

In the package oos_util_apex in the procedure create_session the parameter p_user_name and p_page_id are not checked.
If using collections or other features relying on a session created with that function there can be errors when the page or the user doesn't exist.

plz check these values like:
select page_id from apex_application_pages p where p.page_id = p_page_id and p.application_id = p_app_id;

and
select u.user_name from apex_workspace_apex_users u where u.workspace_id = l_workspace_id;

@martindsouza martindsouza self-assigned this Mar 7, 2016

@martindsouza martindsouza added this to the 0.1.0 milestone Mar 7, 2016

martindsouza added a commit that referenced this issue Mar 7, 2016

@martindsouza

This comment has been minimized.

Copy link
Member

martindsouza commented Mar 7, 2016

@OliverLemm I have applied the suggested check that p_page_id exists. Regarding the p_user_name do you know what happens if the application uses a different authentication scheme from the default APEX authentication scheme?

@OliverLemm

This comment has been minimized.

Copy link

OliverLemm commented Mar 9, 2016

No, but i got following error when creating a session with a wrong username and working with collections:

ORA-01400: Einfügen von NULL in ("APEX_050000"."WWV_FLOW_COLLECTIONS$"."USER_ID") nicht möglich

in english it should be:
ORA-01400: INSERT NULL in ("APEX_050000"."WWV_FLOW_COLLECTIONS$"."USER_ID") is not possible

@martindsouza

This comment has been minimized.

Copy link
Member

martindsouza commented Mar 12, 2016

@OliverLemm Can you please check what happens when a custom authentication scheme is used and you pass in a valid user name (for the authentication scheme) that is not an APEX Workspace user. If that works then I don't think we can create a p_user_name check.

@martindsouza martindsouza modified the milestones: 1.1.0, 1.0.0 Jun 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment