Project

General

Profile

Actions

Bug #16075

closed

Changing any setting fails: Invalid authenticity token

Added by Guido Günther about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Settings
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

In current develop (42ba771cc8bfc09257c15c5d388542d4d1b69358)

changing a any setting via Administer->Settings fails with:

0:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [I] Started PUT "/settings/Default_variables_Lookup_Path" for 127.0.0.1 at 2016-08-11 20:11:33 +0200
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Processing by SettingsController#update as JSON
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"Default_variables_Lookup_Path"}
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [W] Can't verify CSRF token authenticity
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [F]
20:11:33 rails.1 | | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
20:11:33 rails.1 | | app/controllers/application_controller.rb:394:in `handle_unverified_request'
20:11:33 rails.1 | | lib/middleware/catch_json_parse_errors.rb:9:in `call'
20:11:33 rails.1 | | lib/middleware/tagged_logging.rb:18:in `call'

Related issues 1 (0 open1 closed)

Related to Foreman - Refactor #15037: Improve editable elementsClosedAmir Fefer05/12/2016Actions
Actions #1

Updated by Marek Hulán about 8 years ago

  • Status changed from New to Feedback

It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.

Actions #2

Updated by Guido Günther about 8 years ago

Marek Hulán wrote:

It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.

Nope. Logging out and back in does not help. Note that I can do things like e.g. adding domains, etc. it's just the settings page that looks broken.
-- Guido

Actions #3

Updated by Marek Hulán about 8 years ago

  • Category set to Web Interface
  • Status changed from Feedback to New

Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.

Actions #4

Updated by Guido Günther about 8 years ago

Marek Hulán wrote:

Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.

As I wrote in the description this is develop as of 42ba771cc8bfc09257c15c5d388542d4d1b69358.

About has 1.13.0-develop.

Actions #5

Updated by Dominic Cleal about 8 years ago

  • Subject changed from Changing any setting fails to Changing any setting fails: Invalid authenticity token
  • Category changed from Web Interface to Settings
  • Translation missing: en.field_release set to 160

I don't see the error about the authenticity token, but I do see that the token isn't passed any more when updating settings:

13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:38:06 +0100
13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I] Processing by SettingsController#update as JSON
13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment"}

I reverted #15037 and the token is passed again:

13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:37:21 +0100
13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I] Processing by SettingsController#update as JSON
13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment", "authenticity_token"=>""AHEgLa+C/BBJ4dFjzHPv/NLo71ngs/0VvNvbxTeh3xjY3u6SH7nPsZjQOBdvtOgtevKSZjt66QGznFbqFSES5w==""}

In either case, the token should be present, which is presumably why the invalid token error's occurring. I'm unsure why it isn't for me.

Actions #6

Updated by Dominic Cleal about 8 years ago

Actions #7

Updated by Amir Fefer about 8 years ago

  • Assignee set to Amir Fefer
Actions #8

Updated by The Foreman Bot about 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3730 added
Actions #9

Updated by Guido Günther about 8 years ago

Thanks for having a look.

The PR adds back the token but the error is still the same:

19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [I] Started PUT "/settings/trusted_puppetmaster_hosts" for 127.0.0.1 at 2016-08-12 19:34:38 +0200
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Processing by SettingsController#update as JSON
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Parameters: {"authenticity_token"=>""BpC/lkdXJPVdDYIMxBZLHkrDs/pjQWkqY8bNw7VVcgf1bj9pYFRgdBkU7bymrIcXHmfVWGzCtyIqssv13Veyag=="", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"trusted_puppetmaster_hosts"}
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [W] Can't verify CSRF token authenticity
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Completed 500 Internal Server Error in 0ms (ActiveRecord: 0.0ms)
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [F]
19:34:38 rails.1 | | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
19:34:38 rails.1 | | app/controllers/application_controller.rb:394:in `handle_unverified_request'
19:34:38 rails.1 | | lib/middleware/catch_json_parse_errors.rb:9:in `call'
19:34:38 rails.1 | | lib/middleware/tagged_logging.rb:18:in `call'

Note that I had this working after #15037 was merged (last update
presumably around start of August).

Another thing: when this kind of error happens there's no feedback to
the user at all. The spinner just sits there forever.

Actions #10

Updated by Dominic Cleal about 8 years ago

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

Actions #11

Updated by Amir Fefer about 8 years ago

Dominic Cleal wrote:

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

The additional HTML encoded quote has been removed:

2016-08-15T16:08:49 [app] [I]   Parameters: {"authenticity_token"=>"yRBou9s3m0pNirkGcICeeQdRf1aDQivCDq+FJvjTeL+IdftkQpPh/GZbhc0
s3ftgu2qC60ATCRfrTCP7kJ89Bw==", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"entries_per_page"}

Actions #12

Updated by Guido Günther about 8 years ago

Amir Fefer wrote:

Dominic Cleal wrote:

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

The additional HTML encoded quote has been removed:
[...]

The new PR fixes it for me, thanks a lot! I do wonder why I'm the only one seeing it though.

Actions #13

Updated by Amir Fefer about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #14

Updated by Daniel Lobato Garcia about 8 years ago

  • Target version set to 1.6.2
Actions

Also available in: Atom PDF