Project

General

Profile

Bug #16075

Changing any setting fails: Invalid authenticity token

Added by Guido Günther over 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Settings
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

In current develop (42ba771cc8bfc09257c15c5d388542d4d1b69358)

changing a any setting via Administer->Settings fails with:

0:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [I] Started PUT "/settings/Default_variables_Lookup_Path" for 127.0.0.1 at 2016-08-11 20:11:33 +0200
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Processing by SettingsController#update as JSON
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"Default_variables_Lookup_Path"}
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [W] Can't verify CSRF token authenticity
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [F]
20:11:33 rails.1 | | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
20:11:33 rails.1 | | app/controllers/application_controller.rb:394:in `handle_unverified_request'
20:11:33 rails.1 | | lib/middleware/catch_json_parse_errors.rb:9:in `call'
20:11:33 rails.1 | | lib/middleware/tagged_logging.rb:18:in `call'

Related issues

Related to Foreman - Refactor #15037: Improve editable elementsClosed2016-05-12

Associated revisions

Revision b22a953a (diff)
Added by Amir Fefer over 3 years ago

Fixes #16075 - add authenticity token in setting params

History

#1 Updated by Marek Hulán over 3 years ago

  • Status changed from New to Feedback

It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.

#2 Updated by Guido Günther over 3 years ago

Marek Hulán wrote:

It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.

Nope. Logging out and back in does not help. Note that I can do things like e.g. adding domains, etc. it's just the settings page that looks broken.
-- Guido

#3 Updated by Marek Hulán over 3 years ago

  • Category set to Web Interface
  • Status changed from Feedback to New

Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.

#4 Updated by Guido Günther over 3 years ago

Marek Hulán wrote:

Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.

As I wrote in the description this is develop as of 42ba771cc8bfc09257c15c5d388542d4d1b69358.

About has 1.13.0-develop.

#5 Updated by Dominic Cleal over 3 years ago

  • Subject changed from Changing any setting fails to Changing any setting fails: Invalid authenticity token
  • Category changed from Web Interface to Settings
  • Legacy Backlogs Release (now unused) set to 160

I don't see the error about the authenticity token, but I do see that the token isn't passed any more when updating settings:

13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:38:06 +0100
13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I] Processing by SettingsController#update as JSON
13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment"}

I reverted #15037 and the token is passed again:

13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:37:21 +0100
13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I] Processing by SettingsController#update as JSON
13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment", "authenticity_token"=>""AHEgLa+C/BBJ4dFjzHPv/NLo71ngs/0VvNvbxTeh3xjY3u6SH7nPsZjQOBdvtOgtevKSZjt66QGznFbqFSES5w==""}

In either case, the token should be present, which is presumably why the invalid token error's occurring. I'm unsure why it isn't for me.

#6 Updated by Dominic Cleal over 3 years ago

#7 Updated by Amir Fefer over 3 years ago

  • Assignee set to Amir Fefer

#8 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3730 added

#9 Updated by Guido Günther over 3 years ago

Thanks for having a look.

The PR adds back the token but the error is still the same:

19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [I] Started PUT "/settings/trusted_puppetmaster_hosts" for 127.0.0.1 at 2016-08-12 19:34:38 +0200
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Processing by SettingsController#update as JSON
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Parameters: {"authenticity_token"=>""BpC/lkdXJPVdDYIMxBZLHkrDs/pjQWkqY8bNw7VVcgf1bj9pYFRgdBkU7bymrIcXHmfVWGzCtyIqssv13Veyag=="", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"trusted_puppetmaster_hosts"}
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [W] Can't verify CSRF token authenticity
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Completed 500 Internal Server Error in 0ms (ActiveRecord: 0.0ms)
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [F]
19:34:38 rails.1 | | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
19:34:38 rails.1 | | app/controllers/application_controller.rb:394:in `handle_unverified_request'
19:34:38 rails.1 | | lib/middleware/catch_json_parse_errors.rb:9:in `call'
19:34:38 rails.1 | | lib/middleware/tagged_logging.rb:18:in `call'

Note that I had this working after #15037 was merged (last update
presumably around start of August).

Another thing: when this kind of error happens there's no feedback to
the user at all. The spinner just sits there forever.

#10 Updated by Dominic Cleal over 3 years ago

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

#11 Updated by Amir Fefer over 3 years ago

Dominic Cleal wrote:

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

The additional HTML encoded quote has been removed:

2016-08-15T16:08:49 [app] [I]   Parameters: {"authenticity_token"=>"yRBou9s3m0pNirkGcICeeQdRf1aDQivCDq+FJvjTeL+IdftkQpPh/GZbhc0
s3ftgu2qC60ATCRfrTCP7kJ89Bw==", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"entries_per_page"}

#12 Updated by Guido Günther over 3 years ago

Amir Fefer wrote:

Dominic Cleal wrote:

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

The additional HTML encoded quote has been removed:
[...]

The new PR fixes it for me, thanks a lot! I do wonder why I'm the only one seeing it though.

#13 Updated by Amir Fefer over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#14 Updated by Daniel Lobato Garcia over 3 years ago

  • Target version set to 1.6.2

Also available in: Atom PDF