Support Forum
#supportforum Any doubts or questions on how to use Decidim? Check them with the Community!
Omniauth throws InvalidAuthenticityToken in combination with omniauth-ldap
Dear community,
I successfully integrated LDAP authorization with omniauth-ldap (see: https://github.com/buehl/decidim-buehl-intra/commit/c8d57a1759ce5bfbfffa0a1a779df4038cdb2353#diff-2245023265ae4cf87d02c8b6ba991139).
While this works perfectly, I'm still struggling since a couple of days with the integrated forgery protection. After typing my LDAP credentials on the corresponding form, the callback leads to a 422 error with the following log:
I, [2019-10-08T08:05:56.223573 #24115] INFO -- : [183af26c-1187-4cbd-ba59-f98adb9e56c5] Started POST "/users/auth/ldap" for 127.0.0.1 at 2019-10-08 08:05:56 +0200
D, [2019-10-08T08:05:56.225107 #24115] DEBUG -- : [183af26c-1187-4cbd-ba59-f98adb9e56c5] [1m[36mDecidim::Organization Load (0.5ms)[0m [1m[34mSELECT "decidim_organizations".* FROM "decidim_organizations" WHERE "decidim_organizations"."host" = $1 LIMIT $2[0m [["host", "mein.buehl.intra"], ["LIMIT", 1]]
I, [2019-10-08T08:06:00.425339 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Started POST "/users/auth/ldap/callback" for 127.0.0.1 at 2019-10-08 08:06:00 +0200
D, [2019-10-08T08:06:00.426894 #24115] DEBUG -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] [1m[36mDecidim::Organization Load (0.6ms)[0m [1m[34mSELECT "decidim_organizations".* FROM "decidim_organizations" WHERE "decidim_organizations"."host" = $1 LIMIT $2[0m [["host", "mein.buehl.intra"], ["LIMIT", 1]]
I, [2019-10-08T08:06:00.441086 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Processing by Decidim::Devise::OmniauthRegistrationsController#ldap as HTML
I, [2019-10-08T08:06:00.441166 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Parameters: {"username"=>"[FILTERED]", "password"=>"[FILTERED]"}
W, [2019-10-08T08:06:00.441595 #24115] WARN -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Can't verify CSRF token authenticity.
I, [2019-10-08T08:06:00.442112 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)
I, [2019-10-08T08:06:00.442600 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Processing by Decidim::Devise::OmniauthRegistrationsController#failure as HTML
I, [2019-10-08T08:06:00.442693 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Parameters: {"username"=>"itricedu", "password"=>"[FILTERED]"}
W, [2019-10-08T08:06:00.442881 #24115] WARN -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Can't verify CSRF token authenticity.
I, [2019-10-08T08:06:00.443210 #24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms)
F, [2019-10-08T08:06:00.444798 #24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051]
F, [2019-10-08T08:06:00.444860 #24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2019-10-08T08:06:00.444910 #24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051]
F, [2019-10-08T08:06:00.445003 #24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] actionpack (5.2.3) lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'
I already played around with all possible nginx settings, turned off the re-direct to https and used puma directly without nginx inbetween.
The only adaption that helped was to turn off forgery protection in app/controllers/decidim/devise/omniauth_registrations_controller.rb, but this shouldn't be a final solution to this problem.
Has anyone of you already encountered this problem and maybe knows a trick to enable csrf authenticity verification for omniauth-ldap?
I'm not sure whether this is a problem of my configuration, omniauth, omniauth-ldap or how decidim integrated omniauth registrationm, but after I struggled with this problem for multiple days, I'm coming to the end of my modest ruby knowledge.
Report inappropriate content
Is this content inappropriate?
0 comments
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...