Bug #16075: Changing any setting fails: Invalid authenticity token - Foreman

Actions

Copy link

Bug #16075

closed

Changing any setting fails: Invalid authenticity token

Added by Guido Günther over 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Amir Fefer

Category:

Settings

Target version:

1.13.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/3730

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

In current develop (42ba771cc8bfc09257c15c5d388542d4d1b69358)

changing a any setting via Administer->Settings fails with:

0:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [I] Started PUT "/settings/Default_variables_Lookup_Path" for 127.0.0.1 at 2016-08-11 20:11:33 +0200
    20:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [I] Processing by SettingsController#update as JSON
    20:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"Default_variables_Lookup_Path"}
    20:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [W] Can't verify CSRF token authenticity
    20:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [I] Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)
    20:11:33 rails.1   | 2016-08-11T20:11:33 892bff75 [app] [F] 
    20:11:33 rails.1   |  | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
    20:11:33 rails.1   |  |   app/controllers/application_controller.rb:394:in `handle_unverified_request'
    20:11:33 rails.1   |  |   lib/middleware/catch_json_parse_errors.rb:9:in `call'
    20:11:33 rails.1   |  |   lib/middleware/tagged_logging.rb:18:in `call'

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by Marek Hulán over 8 years ago

Status changed from New to Feedback

It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.

Actions

Copy link

Updated by Guido Günther over 8 years ago

Marek Hulán wrote:

It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.

Nope. Logging out and back in does not help. Note that I can do things like e.g. adding domains, etc. it's just the settings page that looks broken.
-- Guido

Actions

Copy link

Updated by Marek Hulán over 8 years ago

Category set to Web Interface
Status changed from Feedback to New

Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.

Actions

Copy link

Updated by Guido Günther over 8 years ago

Marek Hulán wrote:

Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.

As I wrote in the description this is develop as of 42ba771cc8bfc09257c15c5d388542d4d1b69358.

About has 1.13.0-develop.

Actions

Copy link

Updated by Dominic Cleal over 8 years ago

Subject changed from Changing any setting fails to Changing any setting fails: Invalid authenticity token
Category changed from Web Interface to Settings
Translation missing: en.field_release set to 160

I don't see the error about the authenticity token, but I do see that the token isn't passed any more when updating settings:

13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:38:06 +0100
13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I] Processing by SettingsController#update as JSON
13:38:06 rails.1   | 2016-08-12T13:38:06 204be96c [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment"}

I reverted #15037 and the token is passed again:

13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:37:21 +0100
13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I] Processing by SettingsController#update as JSON
13:37:21 rails.1   | 2016-08-12T13:37:21 204be96c [app] [I]   Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment", "authenticity_token"=>"&quot;AHEgLa+C/BBJ4dFjzHPv/NLo71ngs/0VvNvbxTeh3xjY3u6SH7nPsZjQOBdvtOgtevKSZjt66QGznFbqFSES5w==&quot;"}

In either case, the token should be present, which is presumably why the invalid token error's occurring. I'm unsure why it isn't for me.

Actions

Copy link

Updated by Dominic Cleal over 8 years ago

Related to Refactor #15037: Improve editable elements added

Actions

Copy link

Updated by Amir Fefer over 8 years ago

Assignee set to Amir Fefer

Actions

Copy link

Updated by The Foreman Bot over 8 years ago

Status changed from New to Ready For Testing
Pull request https://github.com/theforeman/foreman/pull/3730 added

Actions

Copy link

Updated by Guido Günther over 8 years ago

Thanks for having a look.

The PR adds back the token but the error is still the same:

19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [I] Started PUT "/settings/trusted_puppetmaster_hosts" for 127.0.0.1 at 2016-08-12 19:34:38 +0200
    19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [I] Processing by SettingsController#update as JSON
    19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [I]   Parameters: {"authenticity_token"=>"&quot;BpC/lkdXJPVdDYIMxBZLHkrDs/pjQWkqY8bNw7VVcgf1bj9pYFRgdBkU7bymrIcXHmfVWGzCtyIqssv13Veyag==&quot;", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"trusted_puppetmaster_hosts"}
    19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [W] Can't verify CSRF token authenticity
    19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [I] Completed 500 Internal Server Error in 0ms (ActiveRecord: 0.0ms)
    19:34:38 rails.1   | 2016-08-12T19:34:38 0e025930 [app] [F] 
    19:34:38 rails.1   |  | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
    19:34:38 rails.1   |  |   app/controllers/application_controller.rb:394:in `handle_unverified_request'
    19:34:38 rails.1   |  |   lib/middleware/catch_json_parse_errors.rb:9:in `call'
    19:34:38 rails.1   |  |   lib/middleware/tagged_logging.rb:18:in `call'

Note that I had this working after #15037 was merged (last update
presumably around start of August).

Another thing: when this kind of error happens there's no feedback to
the user at all. The spinner just sits there forever.

Actions

Copy link

#10

Updated by Dominic Cleal over 8 years ago

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

Actions

Copy link

#11

Updated by Amir Fefer over 8 years ago

Dominic Cleal wrote:

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

The additional HTML encoded quote has been removed:

2016-08-15T16:08:49 [app] [I]   Parameters: {"authenticity_token"=>"yRBou9s3m0pNirkGcICeeQdRf1aDQivCDq+FJvjTeL+IdftkQpPh/GZbhc0
s3ftgu2qC60ATCRfrTCP7kJ89Bw==", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"entries_per_page"}

Actions

Copy link

#12

Updated by Guido Günther over 8 years ago

Amir Fefer wrote:

Dominic Cleal wrote:

{"authenticity_token"=>""BpC shows an additional HTML encoded quote that shouldn't be present.

The additional HTML encoded quote has been removed:
[...]

The new PR fixes it for me, thanks a lot! I do wonder why I'm the only one seeing it though.

Actions

Copy link

#13