Bug #1970
[labs] The error message when attempting to log in without cookies is unhelpful
Status:
fixed
Priority:
bug
Assignee:
% Done:
0%
Description
<bill-auger> lukeshu: any idea why i can not log into redmine with iceweasel? i may have found another bug <bill-auger> it gives me 422 Invalid form authenticity token. <bill-auger> maybe there is something in the server logs that would explain the 422 ? <bill-auger> nm - i figured out the problem i had cookies disabled <lukeshu> lol <lukeshu> Started POST "/login" for 127.0.0.1 at 2018-08-27 02:17:46 +0100 Processing by AccountController#login as HTML Parameters: {"utf8"=>" ", "authenticity_token"=>"1Kl1jHGxlicpcW5DY5++f+twUv/RQCq2bqJdbJzS3WPTjBEGYKUb5L28Z0trCODpNTTDccl55rUAMFd87bIkZA==", "back_url"=>"https://labs.parabola.nu/issues/1966", "username"=>"bill-auger", "password"=>"[FILTERED]", "login"=>"Login"} Can't verify CSRF token authenticity Rendered common/error.html.erb within layouts/base (4.1ms) Rendered hooks/parabola/_view_layouts_base_html_head.html.erb (0.1ms) Rendered hooks/parabola/_view_layouts_base_body_top.html.erb (0.1ms) Filter chain halted as :verify_authenticity_token rendered or redirected Completed 422 Unprocessable Entity in 49ms (Views: 41.0ms | ActiveRecord: 3.3ms) <lukeshu> is what I had just found in the logs :) <bill-auger> yes that it <bill-auger> you can see the auth token is sent - so that error message is not helpful <lukeshu> The helpful bit is the "Can't verify CSRF token authenticity" (IDK if that showed up in the rendered page), the CSRF check cross-references the a POST parameter with a cookie value and makes sure they are the same. <bill-auger> no it only shows "422 Invalid form authenticity token." <lukeshu> That's no good
History
Updated by bill-auger over 5 years ago
changed error message to
"Invalid form authenticity token. Ensure that your browser has cookies enabled for this domain."
https://git.parabola.nu/server/redmine.git/commit/?h=parabola