[Bug] CSRF token verification failed

[fabiencharrasse]

Hello !

RomM version
3.0

Describe the bug
Upgrade from 2.3.1, added the requirements in the migration guide but can't login, see error in title. Tried to remove the DB for fresh install, same result. Tried "admin" and "admin" too.

To Reproduce

My compose :

version: "3"
volumes:
  mysql_data:
services:
  romm:
    image: zurdi15/romm:latest 
    container_name: romm
    environment:
      - DB_HOST=romm_db
      - DB_PORT=3306
      - DB_USER=romm-user
      - DB_NAME=romm 
      - DB_PASSWD=xxx
      - IGDB_CLIENT_ID=xxx
      - IGDB_CLIENT_SECRET=xxx

      - ENABLE_RESCAN_ON_FILESYSTEM_CHANGE=true 
      - RESCAN_ON_FILESYSTEM_CHANGE_DELAY=5 
      - ENABLE_SCHEDULED_RESCAN=true 
      - SCHEDULED_RESCAN_CRON=0 3 * * * 
      - ENABLE_SCHEDULED_UPDATE_SWITCH_TITLEDB=true 
      - SCHEDULED_UPDATE_SWITCH_TITLEDB_CRON=0 4 * * * 
      - ENABLE_SCHEDULED_UPDATE_MAME_XML=true 
      - SCHEDULED_UPDATE_MAME_XML_CRON=0 5 * * * 
      - ROMM_AUTH_SECRET_KEY=xxx 
      - ROMM_AUTH_USERNAME=xxx 
      - ROMM_AUTH_PASSWORD=xxx 
    volumes:
      - /media/media_1/Jeux:/romm/library
      - /home/user/docker/romm/resources:/romm/resources 
      - /home/user/docker/romm/config:/romm/config
      - /home/user/docker/romm/assets:/romm/assets

    ports:
      - 4080:8080
    depends_on:
      - romm_db
    restart: "unless-stopped"

  romm_db:
    image: mariadb:latest
    container_name: romm_db
    environment:
      - MYSQL_ROOT_PASSWORD=xxx
      - MYSQL_DATABASE=romm
      - MYSQL_USER=romm-user
      - MYSQL_PASSWORD=xxx
    volumes:
      - /home/user/docker/romm/db:/var/lib/mysql 
    ports:
      - 3306:3306
    restart: "unless-stopped"

Expected behavior
To login

Desktop (please complete the following information):

• OS: Windows 10
• Browser Firefox
• Version 123.0.1

[fidoriel]

I was able to fix it by deleting the Website Cookies.

[fabiencharrasse]

Thanks, that's it ! Deleted the "csrftoken" cookie, loginwith admin / admin and change login / password.

[chandz05]

Hello, I am having the same issue on both Firefox as well as Chrome. I have tried clearing cookies, private/incognito modes, fresh install in a fresh DB, but I am still getting the CSRF error.

OS: Unraid 6.12.8
Browser Firefox
Version 123.0.1

[fabiencharrasse]

@chandz05 did you try to log with admin as login and password ?

[gantoine]

whether you're using unraid or docker compose, you'll need to remove and re-create the container to pickup the CSRF changes

[chandz05]

whether you're using unraid or docker compose, you'll need to remove and re-create the container to pickup the CSRF changes

So I removed and recreated the container, but I am probably using a cached version. Let me try pulling it fresh and report back

[gantoine]

you can change :latest to :3.0.0 to make sure its the right version

[chandz05]

Alright I got it working. Pulling fresh still resulted in the error. What fixed it was explicitly adding the below variables:

ROMM_AUTH_SECRET_KEY
ROMM_AUTH_USERNAME
ROMM_AUTH_PASSWORD

[gantoine]

ROMM_AUTH_SECRET_KEY

yeah this one is required to be set and non-changing, since it's the random "key" that hashes passwords

[chandz05]

ROMM_AUTH_SECRET_KEY

yeah this one is required to be set and non-changing, since it's the random "key" that hashes passwords

My bad I missed this in the 3.0 upgrade notes! Thanks for all the help!