Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid form authenticity token for some users #1

Open
Norwan opened this issue Jul 21, 2010 · 11 comments
Open

Invalid form authenticity token for some users #1

Norwan opened this issue Jul 21, 2010 · 11 comments

Comments

@Norwan
Copy link

Norwan commented Jul 21, 2010

Hi,
We are not sure but it seems that since we installed this plugin some users got "Invalid form authenticity token" when they perform any action linked with a form : new demand, new project etc.
How do you rate it?
Thank you for your help
Stéphane
@AdamLantos
Copy link
Owner

Hi Stéphane,

first of all, please specify which version are you using (redmine and http_auth). Also please try to update if you're not using the latest version.
Also can you reliable reproduce these types of problems, or does it occur to be random, only with some users? Is it a browser-specific or user-specific issue?

thanks,
Adam

@Norwan
Copy link
Author

Norwan commented Jul 22, 2010

Hi Adam
We are using Redmine 0.9.4 and and the lastest version of http_auth. We tryed but did not success to reproduce the problem, but once a user got the problem, it got it for ever...
An other information which is perhaps linked, when we call the application by
https://server_name/account/login we got "Internal Error" and the log contains:

Processing AccountController#login (for x.x.x.x at 2010-07-21 15:42:52) [GET] Parameters: {"action"=>"login", "controller"=>"account"} Rendering template within layouts/base Rendering account/login ActionView::TemplateError (undefined method `signin_path' for #ActionView::Base:0x2b120b3fff00) on line #25 of app/views/layouts/base.rhtml:
22:


23:

24:

25: <%= render_menu :account_menu -%>
26:
27: <%= content_tag('div', "#{l(:label_logged_as)} #{link_to_user(User.current, :format => :username)}", :id => 'loggedas') if User.current.logged? %>
28: <%= render_menu :top_menu -%>

lib/redmine/menu_manager.rb:269:in `send'
lib/redmine/menu_manager.rb:269:in `extract_node_details'    lib/redmine/menu_manager.rb:186:in `render_menu_node'    lib/redmine/menu_manager.rb:177:in `render_menu'    lib/redmine/menu_manager.rb:254:in `menu_items_for'    lib/redmine/menu_manager.rb:251:in `each'    lib/redmine/menu_manager.rb:251:in `menu_items_for'    lib/redmine/menu_manager.rb:176:in `render_menu'    app/views/layouts/base.rhtml:25:in `_run_rhtml_app47views47layouts47base46rhtml'    public/dispatch.fcgi:23

Rendering /opt/redmine-0.9.4/public/500.html (500 Internal Server Error)

Thank you
Stéphane

@AdamLantos
Copy link
Owner

Hi,

this latter issue don't seem to be related to the http_auth plugin, and it should persist if you uninstall the plugin itself (you can try to move the vendor/plugins/redmine_http_auth directory out of the path and restart the container to see if this is the case).

The form_authenticity_token issue is probably related to http://www.redmine.org/issues/5230, unfortunately I can not reproduce it in my installation :(

thanks,
Adam

@AdamLantos
Copy link
Owner

also see http://www.redmine.org/issues/3968, maybe that helps

@Norwan
Copy link
Author

Norwan commented Jul 30, 2010

Hi Adam
We found out the initial cause of our problem! For a user the authentification is not case-sensitive but if you have a difference between the login entered and the login declared you got systematically the message "Invalid form authenticity token".
Regards
Stéphane

@AdamLantos
Copy link
Owner

Hi Stéphane,

I'm not sure I'm following you here... Could you please elaborate the followings?

  • username in the database
  • username from the HTTP container authentication
  • was the login by the http_auth plugin successful or did you try to login on the redmine form (/account/login)?
  • which url did you access after that

I know of one small issue: when the plugin is activated, the /account/login form doesn't work (instead it gives 'invalid form authenticity token'). Is your issue basically the same?

Are you using redmine>=r3807 (http://www.redmine.org/issues/2473)?

thanks,
Adam

@Norwan
Copy link
Author

Norwan commented Jul 30, 2010

Hi Adam
I'm going to explain better:
For exemple I have a user declared by the admin StephaneBalme
When I log as stephanebalme it works but I got the error message "Invalid Token" each time I use a form
Thanks
Stéphane

@Norwan
Copy link
Author

Norwan commented Aug 3, 2010

Hi Adam
I precise that we have two versions of Redmine, one with the plugin http_auth, one without, and that this problem occurs only with the first version.
Regards
Stéphane

@SergeST
Copy link

SergeST commented Apr 7, 2011

agree with Norwan. the problem is the case sensitive thing.

this is my apache config:

balbalbal
...
SSPIUsernameCase lowe
...
bablablab

If the user is: OzzyOsbourne -> it produces: ozzyosbourne

and now, if i try to log in as OssyOsbourne, redmine shows the error.
if i try to log in as ozzyosburne it does successfully

@AdamLantos
Copy link
Owner

Could you please retest with aaf7eb0 applied? That should fix the case sensitivity issue.

@SergeST
Copy link

SergeST commented Apr 7, 2011

the problem was the web client and the apache config

chrome no problem
IE does not authenticate at all
FF no problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AdamLantos @Norwan @SergeST