Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error 403 when a new user registers #2381

Closed
Dryusdan opened this issue Apr 21, 2019 · 11 comments

Comments

@Dryusdan
Copy link

commented Apr 21, 2019

Hello :)

New user can't registers on my FreshRSS instance.
After test, I encounter this error :

Error 403 - Forbidden

You don’t have permission to access this page [CSRF]

But registration module is native with freshrss right ? So I don't forgot update it when I update frashrss ? 😅

So I have FreshRSS version 1.14.2 with Swage theme.

Can you help me ? :)

Regards

@wangz1yu

This comment has been minimized.

Copy link

commented Jun 8, 2019

I also encountered the same situation. @Alkarex

@aledeg

This comment has been minimized.

Copy link
Contributor

commented Jun 17, 2019

I've made some tests. I can reproduce. I search the code to find where this is triggered. At the moment, I don't know where. It's located deep in Minz because the process does not even enter the called method.
So far I am out of luck!

@Alkarex

This comment has been minimized.

Copy link
Member

commented Jun 21, 2019

@aledeg Could you please tell the sequence to reproduce?

@Alkarex Alkarex added this to the 1.15.0 milestone Jun 21, 2019
@aledeg

This comment has been minimized.

Copy link
Contributor

commented Jun 21, 2019

@Alkarex it's very easy. You increase the number of allowed user to be greater than the current number of user. Then you logout and try to create a new user from the login page. And then 403!

@Alkarex

This comment has been minimized.

Copy link
Member

commented Jun 21, 2019

Ah, right. @Dryusdan and @wangz1yu : do you believe it is the same issue you are facing?
In which case, we should probably just change the UI to e.g. remove the registration field when there are too many users already.

@Dryusdan

This comment has been minimized.

Copy link
Author

commented Jun 21, 2019

I'm not remember if I increase number of allowed user.
This value is set to 150 (at the start of my instance there is 100 user allowed). But I have only 41 users registed so... The registeration form does appear.

Capture d’écran du 2019-06-21 09-17-15

I try with 0 in allow user (unlimited so) and I have the same error.

@aledeg

This comment has been minimized.

Copy link
Contributor

commented Jun 21, 2019

@Alkarex I don't think it's a UI error. You cannot register new users even though there are some spots left.

@Alkarex

This comment has been minimized.

Copy link
Member

commented Jun 21, 2019

Ah, indeed, I can reproduce too

@Alkarex Alkarex modified the milestones: 1.15.0, 1.14.3 Jul 13, 2019
Alkarex added a commit to Alkarex/FreshRSS that referenced this issue Jul 14, 2019
@Alkarex

This comment has been minimized.

Copy link
Member

commented Jul 14, 2019

Here is a candidate fix #2442
Tests welcome

@Alkarex Alkarex closed this Jul 14, 2019
Alkarex added a commit that referenced this issue Jul 21, 2019
* Fix user self registration

Fix #2381

* CSRF for admin
@Alkarex

This comment has been minimized.

Copy link
Member

commented Jul 21, 2019

Merged in the /dev branch. Tests welcome

Alkarex added a commit that referenced this issue Jul 21, 2019
@Dryusdan

This comment has been minimized.

Copy link
Author

commented Jul 30, 2019

It's work, thank you ! :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.