Project

General

Profile

Actions
Copy link

Bug #10510

closed

"Invalid authenticity token" after login

Added by Anonymous about 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Dominic Cleal
Category:
Security
Target version:
1.8.1
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/2386
Fixed in Releases:
Found in Releases:
Nightly
Red Hat JIRA:

Description

I'm running Foreman nightlies on Debian/jessie. Since about three days I can't log in anymore:

2015-05-14 14:54:22 [I] Started GET "/users/login" for 2001:6f8:12f2:1::8 at 2015-05-14 14:54:22 +0200
2015-05-14 14:54:22 [I] Processing by UsersController#login as HTML
2015-05-14 14:54:22 [I]   Rendered users/login.html.erb within layouts/login (4.6ms)
2015-05-14 14:54:22 [I]   Rendered layouts/base.html.erb (2.2ms)
2015-05-14 14:54:22 [I] Completed 200 OK in 11.1ms (Views: 8.6ms | ActiveRecord: 0.0ms)
2015-05-14 14:54:26 [I] Started POST "/users/login" for 2001:6f8:12f2:1::8 at 2015-05-14 14:54:26 +0200
2015-05-14 14:54:26 [I] Processing by UsersController#login as HTML
2015-05-14 14:54:26 [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"UvOb9l5ujQ1LdspGB+OWmayxfXcI2OsDqgNrbLha6m8=", "login"=>{"login"=>"mmoll", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2015-05-14 14:54:26 [W] WARNING: Can't verify CSRF token authenticity
2015-05-14 14:54:26 [W] Operation FAILED: ERF42-4995 [Foreman::Exception]: Invalid authenticity token
2015-05-14 14:54:26 [I]   Rendered common/500.html.erb within layouts/application (5.5ms)
2015-05-14 14:54:26 [I]   Rendered layouts/base.html.erb (3.1ms)
2015-05-14 14:54:26 [I] Completed 500 Internal Server Error in 17.6ms (Views: 16.0ms | ActiveRecord: 0.0ms)
2015-05-14 14:55:10 [I] Started GET "/" for 192.168.200.11 at 2015-05-14 14:55:10 +0200
2015-05-14 14:55:10 [I] Processing by DashboardController#index as */*
2015-05-14 14:55:10 [I] Redirected to https://sledge.kvedulv.de/
2015-05-14 14:55:10 [I] Filter chain halted as #<Proc:0x00000003e60700@/usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-3.2.21/lib/action_controller/metal/force_ssl.rb:28> rendered or redirected
2015-05-14 14:55:10 [I] Completed 301 Moved Permanently in 1.7ms (ActiveRecord: 0.0ms)
2015-05-14 14:55:10 [I] Started GET "/users/login" for 192.168.200.11 at 2015-05-14 14:55:10 +0200
2015-05-14 14:55:10 [I] Processing by UsersController#login as */*
2015-05-14 14:55:10 [I]   Rendered users/login.html.erb within layouts/login (4.7ms)
2015-05-14 14:55:10 [I]   Rendered layouts/base.html.erb (2.0ms)
2015-05-14 14:55:10 [I] Completed 200 OK in 11.4ms (Views: 8.6ms | ActiveRecord: 0.0ms)

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #10275: CVE-2015-3155 - The _session_id cookie is issued without the Secure flagClosedShlomi Zadok04/27/2015Actions
Actions
Copy link

Also available in: Atom PDF