Bug #16075
closedChanging any setting fails: Invalid authenticity token
Description
In current develop (42ba771cc8bfc09257c15c5d388542d4d1b69358)
changing a any setting via Administer->Settings fails with:
0:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Started PUT "/settings/Default_variables_Lookup_Path" for 127.0.0.1 at 2016-08-11 20:11:33 +0200
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Processing by SettingsController#update as JSON
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"Default_variables_Lookup_Path"}
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [W] Can't verify CSRF token authenticity
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [I] Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms)
20:11:33 rails.1 | 2016-08-11T20:11:33 892bff75 [app] [F]
20:11:33 rails.1 | | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
20:11:33 rails.1 | | app/controllers/application_controller.rb:394:in `handle_unverified_request'
20:11:33 rails.1 | | lib/middleware/catch_json_parse_errors.rb:9:in `call'
20:11:33 rails.1 | | lib/middleware/tagged_logging.rb:18:in `call'
Updated by Marek Hulán over 8 years ago
- Status changed from New to Feedback
It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.
Updated by Guido Günther over 8 years ago
Marek Hulán wrote:
It seems your session has timeout and you logged in different tab then you returned to previously opened tab with settings page. Try reloading the settings page and retry, it should help and ideally let us know.
Nope. Logging out and back in does not help. Note that I can do things like e.g. adding domains, etc. it's just the settings page that looks broken.
-- Guido
Updated by Marek Hulán over 8 years ago
- Category set to Web Interface
- Status changed from Feedback to New
Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.
Updated by Guido Günther over 8 years ago
Marek Hulán wrote:
Could you please let us know, what version of Foreman is this? You can find it at Administer -> About.
As I wrote in the description this is develop as of 42ba771cc8bfc09257c15c5d388542d4d1b69358.
About has 1.13.0-develop.
Updated by Dominic Cleal over 8 years ago
- Subject changed from Changing any setting fails to Changing any setting fails: Invalid authenticity token
- Category changed from Web Interface to Settings
- Translation missing: en.field_release set to 160
I don't see the error about the authenticity token, but I do see that the token isn't passed any more when updating settings:
13:38:06 rails.1 | 2016-08-12T13:38:06 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:38:06 +0100 13:38:06 rails.1 | 2016-08-12T13:38:06 204be96c [app] [I] Processing by SettingsController#update as JSON 13:38:06 rails.1 | 2016-08-12T13:38:06 204be96c [app] [I] Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment"}
I reverted #15037 and the token is passed again:
13:37:21 rails.1 | 2016-08-12T13:37:21 204be96c [app] [I] Started PUT "/settings/enc_environment" for 127.0.0.1 at 2016-08-12 13:37:21 +0100 13:37:21 rails.1 | 2016-08-12T13:37:21 204be96c [app] [I] Processing by SettingsController#update as JSON 13:37:21 rails.1 | 2016-08-12T13:37:21 204be96c [app] [I] Parameters: {"setting"=>{"value"=>"[FILTERED]"}, "id"=>"enc_environment", "authenticity_token"=>""AHEgLa+C/BBJ4dFjzHPv/NLo71ngs/0VvNvbxTeh3xjY3u6SH7nPsZjQOBdvtOgtevKSZjt66QGznFbqFSES5w==""}
In either case, the token should be present, which is presumably why the invalid token error's occurring. I'm unsure why it isn't for me.
Updated by Dominic Cleal over 8 years ago
- Related to Refactor #15037: Improve editable elements added
Updated by The Foreman Bot over 8 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3730 added
Updated by Guido Günther over 8 years ago
Thanks for having a look.
The PR adds back the token but the error is still the same:
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Started PUT "/settings/trusted_puppetmaster_hosts" for 127.0.0.1 at 2016-08-12 19:34:38 +0200
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Processing by SettingsController#update as JSON
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Parameters: {"authenticity_token"=>""BpC/lkdXJPVdDYIMxBZLHkrDs/pjQWkqY8bNw7VVcgf1bj9pYFRgdBkU7bymrIcXHmfVWGzCtyIqssv13Veyag=="", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"trusted_puppetmaster_hosts"}
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [W] Can't verify CSRF token authenticity
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [I] Completed 500 Internal Server Error in 0ms (ActiveRecord: 0.0ms)
19:34:38 rails.1 | 2016-08-12T19:34:38 0e025930 [app] [F]
19:34:38 rails.1 | | Foreman::Exception (ERF42-4995 [Foreman::Exception]: Invalid authenticity token):
19:34:38 rails.1 | | app/controllers/application_controller.rb:394:in `handle_unverified_request'
19:34:38 rails.1 | | lib/middleware/catch_json_parse_errors.rb:9:in `call'
19:34:38 rails.1 | | lib/middleware/tagged_logging.rb:18:in `call'
Note that I had this working after #15037 was merged (last update
presumably around start of August).
Another thing: when this kind of error happens there's no feedback to
the user at all. The spinner just sits there forever.
Updated by Dominic Cleal over 8 years ago
{"authenticity_token"=>""BpC
shows an additional HTML encoded quote that shouldn't be present.
Updated by Amir Fefer over 8 years ago
Dominic Cleal wrote:
{"authenticity_token"=>""BpC
shows an additional HTML encoded quote that shouldn't be present.
The additional HTML encoded quote has been removed:
2016-08-15T16:08:49 [app] [I] Parameters: {"authenticity_token"=>"yRBou9s3m0pNirkGcICeeQdRf1aDQivCDq+FJvjTeL+IdftkQpPh/GZbhc0 s3ftgu2qC60ATCRfrTCP7kJ89Bw==", "setting"=>{"value"=>"[FILTERED]"}, "id"=>"entries_per_page"}
Updated by Guido Günther over 8 years ago
Amir Fefer wrote:
Dominic Cleal wrote:
{"authenticity_token"=>""BpC
shows an additional HTML encoded quote that shouldn't be present.The additional HTML encoded quote has been removed:
[...]
The new PR fixes it for me, thanks a lot! I do wonder why I'm the only one seeing it though.
Updated by Amir Fefer over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset b22a953a4feee3f23a47a8be6b9b79ed1daf8a67.