Project

General

Profile

Actions
Copy link

Bug #15843

open

Redirect to login page on CSRF error

Added by John Mitsch almost 9 years ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
John Mitsch
Category:
Security
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

To reproduce

1) Open two tabs in browser
2) Go to red hat repositories page on one and open to an enabled repository
3) On other tab logout
4) Go to RH repos tab and disable repo.
5) You should see a CSRF token error

This probably can be reproduced enabling a repo as well.

Ideally we would redirect to login page here.

2016-07-26 13:47:49 [app] [I] Started GET "/katello/products/130/available_repositories?content_id=2472&_=1469540849891" for 192.168.121.1 at 2016-07-26 13:47:49 +0000
2016-07-26 13:47:49 [app] [I] Processing by Katello::ProductsController#available_repositories as */*
2016-07-26 13:47:49 [app] [I]   Parameters: {"content_id"=>"2472", "_"=>"1469540849891", "id"=>"130"}
2016-07-26 13:47:56 [app] [I]   Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.68/app/views/katello/providers/redhat/_repos.html.erb (10.8ms)
2016-07-26 13:47:56 [app] [I] Completed 200 OK in 6985ms (Views: 11.5ms | ActiveRecord: 72.6ms)
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating throttle_limiter...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating client dispatcher...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] stop listening for new events...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating clock...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating throttle_limiter...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating client dispatcher...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] stop listening for new events...
2016-07-26 13:49:22 [foreman-tasks/dynflow] [I] start terminating clock...
2016-07-26 13:53:40 [app] [I] Started PUT "/katello/products/130/toggle_repository" for 192.168.121.1 at 2016-07-26 13:53:40 +0000
2016-07-26 13:53:40 [app] [I] Processing by Katello::ProductsController#toggle_repository as */*
2016-07-26 13:53:40 [app] [I]   Parameters: {"repo"=>"0", "pulp_id"=>"Default_Organization-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_7_Server_-_RH_Common_RPMs_x86_64_7Server", "content_id"=>"2472", "releasever"=>"7Server", "basearch"=>"x86_64", "id"=>"130"}
2016-07-26 13:53:40 [app] [W] Can't verify CSRF token authenticity
2016-07-26 13:53:40 [app] [I] Completed 500 Internal Server Error in 5ms
2016-07-26 13:53:40 [app] [F] 
 | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
 |   app/controllers/application_controller.rb:371:in `handle_unverified_request'
 |   lib/middleware/catch_json_parse_errors.rb:9:in `call'
 |
Actions
Copy link

Also available in: Atom PDF