Support Forum

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.

Value: 064acfb298b9384ff26eb706ca07dd622b95c0d866de745c328ff420e2e8b76c

Source: {"body":{"en":"Dear community,\r\n\r\nI successfully integrated LDAP authorization with omniauth-ldap (see: https://github.com/buehl/decidim-buehl-intra/commit/c8d57a1759ce5bfbfffa0a1a779df4038cdb2353#diff-2245023265ae4cf87d02c8b6ba991139).\r\n\r\nWhile this works perfectly, I'm still struggling since a couple of days with the integrated forgery protection. After typing my LDAP credentials on the corresponding form, the callback leads to a 422 error with the following log:\r\n\r\nI, [2019-10-08T08:05:56.223573 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [183af26c-1187-4cbd-ba59-f98adb9e56c5] Started POST \"/users/auth/ldap\" for 127.0.0.1 at 2019-10-08 08:05:56 +0200\r\nD, [2019-10-08T08:05:56.225107 gid://metadecidim/Decidim::Hashtag/148/24115] DEBUG -- : [183af26c-1187-4cbd-ba59-f98adb9e56c5] \u001b[1m\u001b[36mDecidim::Organization Load (0.5ms)\u001b[0m \u001b[1m\u001b[34mSELECT \"decidim_organizations\".* FROM \"decidim_organizations\" WHERE \"decidim_organizations\".\"host\" = $1 LIMIT $2\u001b[0m [[\"host\", \"mein.buehl.intra\"], [\"LIMIT\", 1]]\r\nI, [2019-10-08T08:06:00.425339 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Started POST \"/users/auth/ldap/callback\" for 127.0.0.1 at 2019-10-08 08:06:00 +0200\r\nD, [2019-10-08T08:06:00.426894 gid://metadecidim/Decidim::Hashtag/148/24115] DEBUG -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] \u001b[1m\u001b[36mDecidim::Organization Load (0.6ms)\u001b[0m \u001b[1m\u001b[34mSELECT \"decidim_organizations\".* FROM \"decidim_organizations\" WHERE \"decidim_organizations\".\"host\" = $1 LIMIT $2\u001b[0m [[\"host\", \"mein.buehl.intra\"], [\"LIMIT\", 1]]\r\nI, [2019-10-08T08:06:00.441086 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Processing by Decidim::Devise::OmniauthRegistrationsController#ldap as HTML\r\nI, [2019-10-08T08:06:00.441166 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Parameters: {\"username\"=>\"[FILTERED]\", \"password\"=>\"[FILTERED]\"}\r\nW, [2019-10-08T08:06:00.441595 gid://metadecidim/Decidim::Hashtag/148/24115] WARN -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Can't verify CSRF token authenticity.\r\nI, [2019-10-08T08:06:00.442112 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms)\r\nI, [2019-10-08T08:06:00.442600 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Processing by Decidim::Devise::OmniauthRegistrationsController#failure as HTML\r\nI, [2019-10-08T08:06:00.442693 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Parameters: {\"username\"=>\"itricedu\", \"password\"=>\"[FILTERED]\"}\r\nW, [2019-10-08T08:06:00.442881 gid://metadecidim/Decidim::Hashtag/148/24115] WARN -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Can't verify CSRF token authenticity.\r\nI, [2019-10-08T08:06:00.443210 gid://metadecidim/Decidim::Hashtag/148/24115] INFO -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] Completed 422 Unprocessable Entity in 0ms (ActiveRecord: 0.0ms)\r\nF, [2019-10-08T08:06:00.444798 gid://metadecidim/Decidim::Hashtag/148/24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] \r\nF, [2019-10-08T08:06:00.444860 gid://metadecidim/Decidim::Hashtag/148/24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):\r\nF, [2019-10-08T08:06:00.444910 gid://metadecidim/Decidim::Hashtag/148/24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] \r\nF, [2019-10-08T08:06:00.445003 gid://metadecidim/Decidim::Hashtag/148/24115] FATAL -- : [dafc10d9-5520-4be4-a096-a62fe88e7051] actionpack (5.2.3) lib/action_controller/metal/request_forgery_protection.rb:211:in `handle_unverified_request'\r\n\r\nI already played around with all possible nginx settings, turned off the re-direct to https and used puma directly without nginx inbetween.\r\n\r\nThe only adaption that helped was to turn off forgery protection in app/controllers/decidim/devise/omniauth_registrations_controller.rb, but this shouldn't be a final solution to this problem.\r\n\r\nHas anyone of you already encountered this problem and maybe knows a trick to enable csrf authenticity verification for omniauth-ldap?\r\n\r\nI'm not sure whether this is a problem of my configuration, omniauth, omniauth-ldap or how decidim integrated omniauth registrationm, but after I struggled with this problem for multiple days, I'm coming to the end of my modest ruby knowledge."},"title":{"en":"Omniauth throws InvalidAuthenticityToken in combination with omniauth-ldap"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data. ×