401 invalid token / handler.xsrf_token does not match with the cookie - gramex

we are stuck in the dbauth module:
Symptoms:
While signup, the user is created BUT:
The server does not send mail
Response received is 401 Invalid Token
Diagnosis Steps:
Started with scratch
Made a new Gramex project from scratch
Populated the template register.html
<form method="POST" action="" autocomplete="on" class="regForm">
<div class="form-content">
<div class="">
<div class="col-md-12">
<input type="hidden" name="_xsrf" value="{{ handler.xsrf_token }}">
<div class="form-group">
<input type="text" name="fname" id="fname" class="form-control" size="100" placeholder="Your First Name *" value="" />
</div>
<div class="form-group">
<input type="text" name="lname" id="lname" class="form-control" size="100" placeholder="Your Last Name *" value="" />
</div>
<div class="form-group">
<input type="email" name="user" class="form-control" id="email" placeholder="Your Email ID *" value="" required />
</div>
<div class="form-row">
<div class="form-group col-md-12">
<select class="form-control" name="industry" id="industry">
<option selected>Retail</option>
<option>Energy and Resources</option>
<option>Financial Services</option>
<option>Transportation</option>
<option>Others</option>
</select>
</div> <!-- form-group end.// -->
</div>
</div>
</div>
<div class="col-md-12">
<button type="submit" class="btnSubmit">Submit</button>
</div>
</div>
</form>
Made a minimal configuration with only one end point : gramex.yaml
url:
dbauthtest-login:
pattern: /$YAMLURL/login/
handler: DBAuth
kwargs:
template: $YAMLPATH/login.html
url: $YAMLPATH/auth.csv
# url: sqlite:///$YAMLPATH/auth.db
user:
column: user
arg: user
password:
column: password
arg: password
# function: passlib.hash.sha256_crypt.encrypt(content, salt="wqertyuio")
redirect:
query: next
url: /$YAMLURL/
headers: &HEADERS
X-Content-Type-Options: no sniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
forgot:
arg: email
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Dell MIP Password Reset
email_text: "
Hi {name},\n
\n
You recently requested to reset your password for DELL MIP application.\
Click on the link below to reset your password.
\n
Link: {reset_url}\n
\n
If you did not request a password change, please ignore the mail or reply back to the \
same mail.\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy#gramener.com\n
-veera.balakrishnan#dell.com\n
\n
\n
Thank You\n
Team Dell MIP\n
"
template: $YAMLPATH/forgotpassword.html
signup:
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry
# password: password
# validate: galaxy.validate(args)
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Galaxy Sign Up successful
email_text: "
Hi {name},\n
\n
Welcome to the Galaxy online portal! Below are your login credentials.
\n
Application Url: https://dellmi-uat.gramener.com
\n
Login ID: {user}
\n
Please set the password with this link: {reset_url}\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy#gramener.com\n
-veera.balakrishnan#dell.com\n
Thank You\n
Team Dell MIP
"
pool_pre_ping: True
pool_recycle: 60
auth.csv looks like
fname,lname,user,industry,password
Tested
Findings:
xsrf token (That is fetched from handler.xsrf_token and stored in the form in a hidden field) does not match the xsrf token in the cookie
Questions:
Is there a simpler way?
This issue is created even when we run the code copied from the documentation, So my guess is, this has something to do with generation of xsrf or may be session creation. Not sure, appreciate any inputs.
Do we have another project that is running and available to refer?
Do you have a direct solution to this?

Since user is created, there is no problem with xsrf token. Issue seems to be with sending mail. Make sure email service gramex-guide-email is defined.
Invalid Token error occurs when AuthHandler cannot find signup key.
In your gramex.yaml, update signup configuration to
signup:
key: signup
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry

Related

Unable to store cookies in Rails

LoginController:
class LoginController < ApplicationController
def new
cookies[:id]=rand(1000)
render "index"
end
end
index.html.erb:
<body>
<center>
<h1> Login </h1>
<form action='login/auth' method='POST'>
Name: <input type="text" name="name" widht=20><br>
Password: <input type="password" name="pass" widht=20><br>
<input type="submit" value="submit">
</form>
</center>
<br><br>
</body>
My requirement is, if login page is called, the response page should send with a cookie. So, I create a cookie with a random number in
new action. But the page "index.html" didn't have cookie in browser. But it is properly worked if "new" action call its default view file
"new.html.erb". Why the cookie only works in default view and not in some other view file. How to solve this problem ?
FYI, you have two typos in the form. "width" is typed as "widht."
<form action='login/auth' method='POST'>
Name: <input type="text" name="name" widht=20><br>
Password: <input type="password" name="pass" widht=20><br>
<input type="submit" value="submit">
</form>
This won't solve the problem, but it will remove one more error once the problem is solved.
Related to the original problem, I wonder if it could be that when you want to pass a variable to a non-default view, you may need an instance variable (but since cookies aren't expressed as instance variables, I'm not sure where to go with that)

How to log in using pin code instead username and password in Grails

I am using Grails 2.4.3 and Spring Security spring-security-core:2.0-RC5. I can easily log in with this using username and password. Now there is a requirement that I will have to log in with pin number not username and password.
There will be no username, password field in login form. Now this is the problem. I could not try it because I have no idea how to do it instead of username and password. Here I can share only my login form with username and password field which is working as below:
<form action='${postUrl}' method='POST' id='loginForm' class='cssform' autocomplete='off'>
<div>
<span><label>Username</label></span>
<span><input type="text" class="textbox" name='j_username' id="active"></span>
</div>
<div>
<span><label>Password</label></span>
<span><input type="password" name='j_password' class="password"></span>
</div>
<div class="sign">
<div class="submit">
<input type='submit' id="submit" value='${message(code: "springSecurity.login.button")}'/>
</div>
<div class="clear"> </div>
</div>
</form>
Well everything you want to alter lies in DefaultSecurityConfig.groovy under the plugin.
I remember doing this for email Id and had overridden several security configurations.
In order to set j_username form field to different name you may override
grails.plugin.springsecurity.apf.usernameParameter=zipcode //your domain field name
and to change the field which needs to be considered as user name from Domain class by overriding following in security config:
grails.plugins.springsecurity.userLookup.usernamePropertyName='zipcode'
Remember to dig into DefaultSecurityConfig.groovy file for any other such customization.I would suggest creating a separate Security config file and there override any configuration if required.

non-customized devise reset password button is doing absolutely nothing

I have devise login and logout working, been using it for a while now.
I have not copied devise's password controller or password views to my application, just using the out of the box form for password/new. After entering the email of a valid user, when I click the "send me password reset instructions" button, nothing happens. I checked my logs and there is no activity post-click. I've read through devise documentation but it doesn't seem like there is any special setup steps to get the reset password functionality working. What could be wrong?
For more context, I have followed devise's instructions for requiring admin to activate account before sign in. I have pulled the registrations and sessions controllers into my app for minimal customization, though that doesn't seem like it should matter. I'm using rails 4.2.0.rc2 and devise 3.4.1
Here's the rendered html for the form:
<h2>Forgot your password?</h2>
<form class="new_user" id="new_user" action="/users/password" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="✓" /><input type="hidden" name="authenticity_token" value="AE+YY8afzRavKa1ziDFZ5Z6FqFYQF1vI+zvc701JGqfg5k+ztvMIKHDX4Wdfr+KOp9yEcRBTsk4jfonpzUeP5w==" />
<div class="field">
<label for="user_email">Email</label><br />
<input autofocus="autofocus" type="email" value="" name="user[email]" id="user_email" />
</div>
<div class="actions">
<input type="submit" name="commit" value="Send me reset password instructions" />
</div>
</form>
your javascript is preventing the form from being submitted unless a terms-of-service field is checked.
from your application.js file:
if $('#user_terms').is(':checked')
else
e.preventDefault()
$('#terms-of-service-error').modal()
return

How do I edit a user's info in rails app?

I have built a small and simple rails app that I deployed on heroku where you have to sign up as a user by creating a profile, after which you can enter an address or zipcode to find the nearest gyms in your vicinity, which triggers the google places/geocoder api and brings you some results.
My issue is that in trying to CRUD my app, I can't get the U, basically the update to work. I'll paste my code below and as you'll see I put a binding.pry and tested it directly in the rails console to see if my code is right and it works, I'm able to edit a user's info which is then updated when I go into psql and look in my db. But trying to use the browser to make the update does not work.
This is in my users_controller.rb file:
def update
#user = User.find(params[:id])
# binding.pry
#user.update(name: params[:name], password: params[:password], email: params[:email], zipcode: params[:zipcode])
redirect_to '/users'
end
This is the template code:
<h4 id="edit"> Edit your profile below: </h4>
<form action="/users/<%= #user.id%>" method="POST">
<div id="label">
<label>
<input id="one" name="name" placeholder="Edit name"/>
</label>
<label>
<input id="two" name="email" placeholder="Edit email"/>
</label>
<br>
<br>
<label>
<input id="three" name="password" placeholder="Edit password"/>
</label>
<label>
<input id="four" name="zipcode" placeholder="Edit zipcode"/>
</label>
</div>
<input name="_method" value="PUT" type="hidden" />
<input name="authenticity_token" value="<%= form_authenticity_token()%>" type="hidden">
<div id="update">
<br>
<button id="update">Update your profile</button>
</div>
</form>
The routes work and I'm taken to a confirmation page that I set up, but when I try to login with my updated info, the old info is still persistent. No errors are shown either that stop me from doing anything in the app. Any help is greatly appreciated, thank you!
I see these errors in my terminal:
, #messages={:email=>["Not a valid email format"]}>
, #messages={:email=>["Not a valid email format"]}>
Solved I used the advice of RichadAE and looked into the logs of my terminal to see the error messages and I saw that one of the errors was that when I was updating my user info, I was just updating the name or the zip for testing purposes which is fine, but because I am using the gem 'validates_email_format_of' the email field cannot be left blank even when updating otherwise it breaks my code, I tried to edit the name and filled in the email input field to meet the requirement and it worked!!! Thank you for your help!!

MVC Display Data

Following this MVC Tutorial, but cannot get the display customer view to display after input the data. I don't see anything I do wrong
http://www.codeproject.com/Articles/207797/Learn-MVC-Model-View-Controller-step-by-step-in-7
here is my fill customer
<div>
<form action="DisplayCustomer.aspx" method="post">
Enter Customer Code: <input type="text" name="CustomerCode" /><br />
Enter Customer Name: <input type="text" name="CustomerName" /><br />
Ennter Customer Amout: <input type="text" name="CustomerAmount" /><br />
<input type="submit" value="Submit customer data" />
</form>
</div>
here is my display customer
public ActionResult DisplayCustomer()
{
Customer localCustomer = new Customer();
localCustomer.Code = Request.Form["CustomerCode"].ToString();
localCustomer.Name = Request.Form["CustomerName"].ToString();
localCustomer.Amount = Convert.ToDouble(Request.Form["CustomerAmount"].ToString());
return View(localCustomer);
}
then
<div>
The name of the customer is: <%:Model.Name = "test" %>
<br />
The code of the customer is: <%:Model.Code %>
<br />
The amout refund to the customer is: <%:Model.Amount%>
</div>
seems like something is wrong with the steps
I got this error when I tried
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /customer/DisplayCustomer.aspx
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
The correct path for the request is /customer/displaycustomer
The .aspx extension gets handled in a different way, so the MVC Routing Engine is never fired, and as that page doesn't exist at that path the result is a 404 error.
You actually need to remove .aspx extension. Just request the page as /Customer/DisplayCustomer.
As a side note, you may need to update your form aswell and remove the aspx extension, eg:
<form action="DisplayCustomer" method="post">
Enter customer id :- <input type="text" name="Id" /> <br />
Enter customer code :- <input type="text" name="CustomerCode" /><br />
Enter customer Amount :-<input type="text" name="Amount" /><br />
<input type="submit" value="Submit customer data" />
</form>
replaced the line:
<form action="DisplayCustomer.aspx" method="post">
to
<form action="DisplayCustomer" method="post">

Resources