I've been racking my brain for ~ 8 hours now. I'm setting up a devise client to work with a custom provider built on doorkeeper.
Everything is working fine except the authorization of the devise client. For some reason anytime I click the user_omniauth_authorize_path(:doorkeeper) the omniauth Request phase initiated is triggered twice. I can't work out what could be causing this.
Here is a log of the sequence of events from both the client and provider.
CLIENT LOGS
jonathan#Jonathan doorkeeper-client (master) $ rails s -p 3001
=> Booting WEBrick
=> Rails 4.2.4 application starting in development on http://localhost:3001
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
[2015-10-24 23:37:27] INFO WEBrick 1.3.1
[2015-10-24 23:37:27] INFO ruby 2.2.2 (2015-04-13) [x86_64-darwin15]
[2015-10-24 23:37:27] INFO WEBrick::HTTPServer#start: pid=59452 port=3001
Started GET "/" for ::1 at 2015-10-24 23:37:33 -0500
ActiveRecord::SchemaMigration Load (0.4ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by ApplicationController#index as HTML
Rendered application/index.html.erb within layouts/application (1.9ms)
Completed 200 OK in 157ms (Views: 143.7ms | ActiveRecord: 0.0ms)
Started GET "/users/auth/doorkeeper" for ::1 at 2015-10-24 23:37:40 -0500
I, [2015-10-24T23:37:40.521903 #59452] INFO -- omniauth: (doorkeeper) Request phase initiated.
Started GET "/users/auth/doorkeeper" for ::1 at 2015-10-24 23:37:40 -0500
I, [2015-10-24T23:37:40.615061 #59452] INFO -- omniauth: (doorkeeper) Request phase initiated.
Started GET "/users/auth/doorkeeper/callback?code=e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee&state=d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9" for ::1 at 2015-10-24 23:38:37 -0500
I, [2015-10-24T23:38:37.618820 #59452] INFO -- omniauth: (doorkeeper) Callback phase initiated.
E, [2015-10-24T23:38:37.640490 #59452] ERROR -- omniauth: (doorkeeper) Authentication failure! invalid_credentials: OAuth2::Error, invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"code"=>"e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee", "state"=>"d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9"}
Redirected to http://localhost:3001/
Completed 302 Found in 332ms (ActiveRecord: 0.0ms)
Started GET "/" for ::1 at 2015-10-24 23:38:37 -0500
Processing by ApplicationController#index as HTML
Rendered application/index.html.erb within layouts/application (0.3ms)
Completed 200 OK in 21ms (Views: 20.3ms | ActiveRecord: 0.0ms)
PROVIDER LOGS
jonathan#Jonathan doorkeeper-provider (master) $ rails s
=> Booting WEBrick
=> Rails 4.2.4 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
[2015-10-24 23:37:24] INFO WEBrick 1.3.1
[2015-10-24 23:37:24] INFO ruby 2.2.3 (2015-08-18) [x86_64-darwin15]
[2015-10-24 23:37:24] INFO WEBrick::HTTPServer#start: pid=59448 port=3000
Started GET "/oauth/authorize?client_id=867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fusers%2Fauth%2Fdoorkeeper%2Fcallback&response_type=code&scope=user&state=61dbe5751135b43d5465f979e4dd1bcbbe9dc6935c65e595" for ::1 at 2015-10-24 23:37:40 -0500
ActiveRecord::SchemaMigration Load (0.5ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by Doorkeeper::AuthorizationsController#new as HTML
Parameters: {"client_id"=>"867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed", "redirect_uri"=>"http://localhost:3001/users/auth/doorkeeper/callback", "response_type"=>"code", "scope"=>"user", "state"=>"61dbe5751135b43d5465f979e4dd1bcbbe9dc6935c65e595"}
Redirected to http://localhost:3000/users/sign_in
Filter chain halted as :authenticate_resource_owner! rendered or redirected
Completed 302 Found in 11ms (ActiveRecord: 0.0ms)
Started GET "/oauth/authorize?client_id=867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed&redirect_uri=http%3A%2F%2Flocalhost%3A3001%2Fusers%2Fauth%2Fdoorkeeper%2Fcallback&response_type=code&scope=user&state=d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9" for ::1 at 2015-10-24 23:37:40 -0500
Processing by Doorkeeper::AuthorizationsController#new as HTML
Parameters: {"client_id"=>"867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed", "redirect_uri"=>"http://localhost:3001/users/auth/doorkeeper/callback", "response_type"=>"code", "scope"=>"user", "state"=>"d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9"}
User Load (0.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
Doorkeeper::Application Load (0.9ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 LIMIT 1 [["uid", "867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed"]]
Doorkeeper::AccessToken Load (0.7ms) SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = $1 AND "oauth_access_tokens"."resource_owner_id" = $2 AND "oauth_access_tokens"."revoked_at" IS NULL ORDER BY created_at desc LIMIT 1 [["application_id", 1], ["resource_owner_id", 1]]
Rendered /Users/jonathan/.rvm/gems/ruby-2.2.3/gems/doorkeeper-3.0.1/app/views/doorkeeper/authorizations/new.html.erb within layouts/doorkeeper/application (10.2ms)
Completed 200 OK in 168ms (Views: 129.9ms | ActiveRecord: 10.5ms)
Started POST "/oauth/authorize" for ::1 at 2015-10-24 23:38:37 -0500
Processing by Doorkeeper::AuthorizationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"[FILTERED]", "client_id"=>"867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed", "redirect_uri"=>"http://localhost:3001/users/auth/doorkeeper/callback", "state"=>"d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9", "response_type"=>"code", "scope"=>"user", "commit"=>"Authorize"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
Doorkeeper::Application Load (0.3ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 LIMIT 1 [["uid", "867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed"]]
(0.2ms) BEGIN
Doorkeeper::AccessGrant Exists (0.7ms) SELECT 1 AS one FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = 'e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee' LIMIT 1
SQL (0.5ms) INSERT INTO "oauth_access_grants" ("application_id", "resource_owner_id", "expires_in", "redirect_uri", "scopes", "token", "created_at") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["application_id", 1], ["resource_owner_id", 1], ["expires_in", 1200], ["redirect_uri", "http://localhost:3001/users/auth/doorkeeper/callback"], ["scopes", "user"], ["token", "e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee"], ["created_at", "2015-10-25 04:38:37.602105"]]
(0.4ms) COMMIT
Redirected to http://localhost:3001/users/auth/doorkeeper/callback?code=e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee&state=d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9
Completed 302 Found in 24ms (ActiveRecord: 4.2ms)
Started POST "/oauth/token" for ::1 at 2015-10-24 23:38:37 -0500
Processing by Doorkeeper::TokensController#create as */*
Parameters: {"client_id"=>"867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed", "client_secret"=>"[FILTERED]", "code"=>"[FILTERED]", "grant_type"=>"authorization_code", "redirect_uri"=>"http://localhost:3001/users/auth/doorkeeper/callback?code=e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee&state=d5166e94b40231ac06d65ae52f5a9b97a6aee828505f02b9"}
Doorkeeper::AccessGrant Load (0.4ms) SELECT "oauth_access_grants".* FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = $1 LIMIT 1 [["token", "e1aa1b123ecadb91088527dfa3529181a99fa1f607a88738badd51b24aa2e8ee"]]
Doorkeeper::Application Load (0.3ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 AND "oauth_applications"."secret" = $2 LIMIT 1 [["uid", "867e46cc052aafc5c580d328daa475d7024328df71eedfe3d640e197f651f0ed"], ["secret", "857c7e1f887d52064703ef19852032729e321643ab4638d302ab33eb0afe1a57"]]
Completed 401 Unauthorized in 4ms
So the duplicate request issue ended up just being javascript, likely turbolinks for some reason firing the request twice.
Thanks max
Related
I'm currently trying to find a way to change my redirection url upon unlocking an account. Currently when an account is locked the user is getting a email to unlock is account but then the te user get redirect on a default url. Since my rails project is an api it would be nice to redirect to my front-end
Started GET "/api/auth/unlock?unlock_token=YvR4nNssxhB9h8hvDAse" for
127.0.0.1 at 2017-12-04 15:28:08 -0500
Processing by Devise::UnlocksController#show as JSON
Parameters: {"unlock_token"=>"YvR4nNssxhB9h8hvDAse"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE
"users"."unlock_token" = $1 ORDER BY "users"."id" ASC LIMIT $2
[["unlock_token",
"6f3c4d7aa5254e143f89cd7f187e22ce56b11e6abe1f5eb252e34d86ac101908"],
["LIMIT", 1]]
(0.1ms) BEGIN
SQL (0.7ms) UPDATE "users" SET "locked_at" = $1, "failed_attempts" = $2,
"unlock_token" = $3, "updated_at" = $4 WHERE "users"."id" = $5
[["locked_at", nil], ["failed_attempts", 0], ["unlock_token", nil],
["updated_at", "2017-12-04 20:28:08.783744"], ["id", 1]]
(3.4ms) COMMIT
Redirected to http://localhost:3000/api/auth/sign_in
Completed 302 Found in 17ms (ActiveRecord: 5.0ms)
Started GET "/api/auth/sign_in" for 127.0.0.1 at 2017-12-04 15:28:08
-0500
Processing by DeviseTokenAuth::SessionsController#new as JSON
[active_model_serializers] Rendered ActiveModel::Serializer::Null with
Hash (0.14ms)
Completed 405 Method Not Allowed in 2ms (Views: 0.9ms | ActiveRecord:
0.0ms)
Started GET "/api/auth/sign_in" for 127.0.0.1 at 2017-12-04 15:31:26
-0500
Processing by DeviseTokenAuth::SessionsController#new as JSON
[active_model_serializers] Rendered ActiveModel::Serializer::Null with
Hash (0.11ms)
Completed 405 Method Not Allowed in 1ms (Views: 0.7ms | ActiveRecord:
0.0ms)
To do any customization with Devise, one must override the default controllers by creating a new controller and inheriting from it in your case that would be Devise::UnlocksController
For example:
CustomUnlocksController < Devise::UnlocksController
https://github.com/plataformatec/devise/blob/master/app/controllers/devise/unlocks_controller.rb
Override after_unlock_path_for to the path which you are going to redirect after.
I'm using Capybara 2.13.0 and I've got a test that relies on an Ajax request adding dynamic content into the DOM.
test 'contact data becomes visible when providing the correct password' do
login_as_researcher
visit '/participants/3'
assert page.has_css?("ul#redacted-contact-data")
click_button('Unlock Contact Data')
# Use the correct password
fill_in('enter your password', with: 'password1')
# Ajax happens here. It renders a partial and places it in the dom.
click_button('Submit')
# Test sometimes fails here..
assert page.has_css?("ul#contact-data"), -> { page.body }
end
I've read a lot of articles that say Capybara automatically waits for elements to appear in the HTML and there's no need to manually tell Capybara to wait anymore, but I'm not experiencing this in my case.
75% of the time this test passes and when it does fail and the page is dumped, it contains the content of the partial rendered in the JS response instead of the full HTML page.
Any idea what's going on here? I can only assume it's due to how long it takes the server to respond the Ajax request each time and Capybara not waiting long enough in certain situations.
I've set Capybara.default_max_wait_time = 5 in my test_helper.
I've tried with both the selenium and poltergeist drivers and it makes no difference.
Here's the output from test.log
Started GET "/" for 127.0.0.1 at 2017-05-01 18:09:23 +0100
Processing by HomeController#index as HTML
Researcher Load (0.3ms) SELECT "researchers".* FROM "researchers" WHERE "researchers"."id" IS NULL LIMIT 1
Redirected to http://www.example.com/session/new
Filter chain halted as :researcher_only rendered or redirected
Completed 302 Found in 30ms (ActiveRecord: 0.3ms)
Started GET "/session/new" for 127.0.0.1 at 2017-05-01 18:09:23 +0100
Processing by SessionsController#new as HTML
Rendered sessions/new.html.erb within layouts/application (9.5ms)
Researcher Load (0.1ms) SELECT "researchers".* FROM "researchers" WHERE "researchers"."id" IS NULL LIMIT 1
Completed 200 OK in 248ms (Views: 247.6ms | ActiveRecord: 0.1ms)
Started POST "/session" for 127.0.0.1 at 2017-05-01 18:09:23 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "username"=>"nick1", "password"=>"[FILTERED]", "commit"=>"Enter"}
Researcher Load (0.1ms) SELECT "researchers".* FROM "researchers" WHERE "researchers"."username" = ? LIMIT 1 [["username", "nick1"]]
Redirected to http://www.example.com/
Completed 302 Found in 78ms (ActiveRecord: 0.1ms)
Started GET "/" for 127.0.0.1 at 2017-05-01 18:09:23 +0100
Processing by HomeController#index as HTML
Researcher Load (0.1ms) SELECT "researchers".* FROM "researchers" WHERE "researchers"."id" = ? LIMIT 1 [["id", 2]]
Rendered home/index.html.erb within layouts/application (0.6ms)
Completed 200 OK in 10ms (Views: 8.6ms | ActiveRecord: 0.1ms)
Started GET "/participants/3" for 127.0.0.1 at 2017-05-01 18:09:23 +0100
Processing by ParticipantsController#show as HTML
Parameters: {"id"=>"3"}
Participant Load (1.9ms) SELECT "participants".* FROM "participants" WHERE "participants"."id" = ? LIMIT 1 [["id", 3]]
Researcher Load (0.1ms) SELECT "researchers".* FROM "researchers" WHERE "researchers"."id" = ? LIMIT 1 [["id", 2]]
ContactData Load (0.2ms) SELECT "contact_data".* FROM "contact_data" WHERE "contact_data"."participant_id" = ? LIMIT 1 [["participant_id", 3]]
AlcoholService Load (0.1ms) SELECT "alcohol_services".* FROM "alcohol_services" WHERE "alcohol_services"."id" = ? LIMIT 1 [["id", 16]]
Baseline Load (0.3ms) SELECT "baselines".* FROM "baselines" WHERE "baselines"."participant_id" = ? LIMIT 1 [["participant_id", 3]]
Rendered participants/_unlock_contact_data.html.erb (1.1ms)
Rendered participants/_details.html.erb (52.8ms)
Rendered participants/show.html.erb within layouts/application (58.8ms)
Completed 200 OK in 94ms (Views: 69.9ms | ActiveRecord: 3.0ms)
Started POST "/participants/unlock_contact_data?participant_id=3" for 127.0.0.1 at 2017-05-01 18:09:24 +0100
Processing by ParticipantsController#unlock_contact_data as JS
Parameters: {"utf8"=>"✓", "from"=>"show", "password"=>"[FILTERED]", "commit"=>"Submit", "participant_id"=>"3"}
Researcher Load (0.1ms) SELECT "researchers".* FROM "researchers" WHERE "researchers"."id" = ? LIMIT 1 [["id", 2]]
Participant Load (0.0ms) SELECT "participants".* FROM "participants" WHERE "participants"."id" = ? LIMIT 1 [["id", 3]]
ContactData Load (0.1ms) SELECT "contact_data".* FROM "contact_data" WHERE "contact_data"."participant_id" = ? LIMIT 1 [["participant_id", 3]]
AlcoholService Load (0.1ms) SELECT "alcohol_services".* FROM "alcohol_services" WHERE "alcohol_services"."id" = ? LIMIT 1 [["id", 16]]
Baseline Load (0.0ms) SELECT "baselines".* FROM "baselines" WHERE "baselines"."participant_id" = ? LIMIT 1 [["participant_id", 3]]
Rendered participants/_details.html.erb (4.6ms)
Rendered participants/unlock_contact_data.js.erb (6.7ms)
Completed 200 OK in 81ms (Views: 10.8ms | ActiveRecord: 0.3ms)
(0.1ms) rollback transaction
(0.1ms) begin transaction
Is there anything I might be missing?
I have a Rails 5 application in Heroku that does a login/logout using a sessions controller based on logic in Michael Hartl's Ruby on Rails Tutorial. I have done similar logic for several years starting with Rails 3. My application worked in localhost, production status using Passenger on my server and on Heroku. The same code is being executed. A couple of days ago I started getting the following errors when I try to log into the production version of my application on my server. However I'm still able to log into my application in localhost/development and on Heroku.
I, [2017-04-22T20:15:50.242323 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Started POST "/sessions" for 127.0.0.1 at 2017-04-22 20:15:50 -0500
I, [2017-04-22T20:15:50.243524 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Processing by SessionsController#create as HTML
I, [2017-04-22T20:15:50.243945 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Parameters: {"utf8"=>"✓", "authenticity_token"=>"RsEqEfiDw82E2YI17SVkkUcxhiqtUw75nC1i9GJmIYZlwjg6o0mXiHehCHP627iTOjyQoPA+mrmi+Bh99BxICQ==", "session"=>{"email_user"=>"pamela", "password"=>"[FILTERED]"}, "commit"=>"Login"}
W, [2017-04-22T20:15:50.245161 #65501] WARN -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Can't verify CSRF token authenticity.
I, [2017-04-22T20:15:50.246050 #65501] INFO -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, [2017-04-22T20:15:50.248110 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c]
F, [2017-04-22T20:15:50.248546 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2017-04-22T20:15:50.248894 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c]
F, [2017-04-22T20:15:50.249263 #65501] FATAL -- : [40a379f9-27c2-4923-a9ce-f310f96dbc4c] actionpack (5.0.2) lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'
[40a379f9-27c2-4923-a9ce-f310f96dbc4c] actionpack (5.0.2) lib/action_controller/metal/request_forgery_protection.rb:223:in `handle_unverified_request'
[40a379f9-27c2-4923-a9ce-f310f96dbc4c] actionpack (5.0.2) lib/action_controller/metal/request_forgery_protection.rb:218:in `verify_authenticity_token'
application_controller
protect_from_forgery with: :exception
include SessionsHelper
Log from localhost on the same machine where I'm able to successfully log in:
Started POST "/sessions" for ::1 at 2017-04-22 22:26:23 -0500
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"zhkoMofyRdPcwQ7v2GOYltlRv2PJM8duzbuxJsa5dAy0je/yj1CRedQM/H1Zku2ukQbbG7YF6OZd4ootV0qolA==", "session"=>{"email_user"=>"myuserid", "password"=>"[FILTERED]"}, "remember_me"=>"1", "commit"=>"Login"}
[1m[36mUser Load (74.2ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."email" = $1 LIMIT $2[0m [["email", "myuserid"], ["LIMIT", 1]]
[1m[36mUser Load (0.8ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."username" = $1 LIMIT $2[0m [["username", "myuserid"], ["LIMIT", 1]]
[1m[35m (0.2ms)[0m [1m[35mBEGIN[0m
[1m[35mSQL (22.6ms)[0m [1m[33mUPDATE "users" SET "remember_token" = $1, "updated_at" = $2 WHERE "users"."id" = $3[0m [["remember_token", "75f5152d815e24e6ce7709cc93f34265ad9161be"], ["updated_at", 2017-04-23 03:26:23 UTC], ["id", 3]]
[1m[35m (26.4ms)[0m [1m[35mCOMMIT[0m
Redirected to http://localhost:3000/
Completed 302 Found in 229ms (ActiveRecord: 124.5ms)
Started GET "/" for ::1 at 2017-04-22 22:26:23 -0500
Processing by PagesController#home as HTML
[1m[36mUser Load (7.4ms)[0m [1m[34mSELECT "users".* FROM "users" WHERE "users"."remember_token" = $1 LIMIT $2[0m [["remember_token", "75f5152d815e24e6ce7709cc93f34265ad9161be"], ["LIMIT", 1]]
Rendering pages/home.html.erb within layouts/application
Rendered pages/home.html.erb within layouts/application (1.1ms)
Rendered layouts/_meta_data.erb (2.3ms)
Rendered layouts/_shim.html.erb (0.4ms)
Rendered layouts/_header.html.erb (1.1ms)
Rendered layouts/_systemmessage.html.erb (0.5ms)
Rendered layouts/_footer.html.erb (1.0ms)
Completed 200 OK in 270ms (Views: 236.8ms | ActiveRecord: 7.4ms)
I have search solutions and just about all of them say to shut this off which I don't want to do especially considering that this is a database maintenance application. The only difference I can see between the three executions of the code is the value for remember_token in my table since each version is using a different database. I tried setting the remember_token field on the database to null but I still get the error. I have changed nothing related to the login/logout process so I'm really puzzled. I will clone what I have in Heroku and try again.
This is the first time I have seen this error in almost six years of Rails software development. I realize that I could very well have an attack but I don't know how to debug this error. The same code works in Heroku and localhost.
UPDATE: I looked at the page source of the production application on my server. This is what the header looked like before I attempted to log in and got the error. With my localhost version and the Heroku version the two statements like those below appear after login.
<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="JoPFlDzY0SYSpOSq0dXgafSICgZ9qXJz/x4tX31owZPh3cu7fNR553iGPn5c+RnZVOuxiEolnoOin0Rkoay4Ag==" />
UPDATE: Attempt at overriding the class InvalidAuthenticityToken raised on line 195 in rails/actionpack/lib/action_controller/metal/request_forgery_protection.rb. Currently this class has no statements. Huge guess at this point since I don't see any instructions for this or if this is even possible.
require 'action_controller/metal/request_forgery_protection'
class XxxLogger < ActionPack::ActionController::RequestForgeryProtection
source_root File.join(File.dirname(ActionPack::ActionController::RequestForgeryProtection.instance_method(:handle_unverified_request).source_location.first), "templates")
class InvalidAuthenticityToken < ActionControllerError #:nodoc:
logger.warn "Can't verify CSRF token authenticity
end
end
There are 2 tokens need to be verify, form token, csrf token. Any one of the tokens fail, will throw a InvalidAuthenticityToken exception.
At the production deploy directory, run bundle show rails, to find the exact rails directory, then add log to the related rails code, find detailed reason.
Add log in this way, logger.warn "Can't verify CSRF token authenticity.", it's the way how rails output log.
In actionpack/lib/action_controller/metal/request_forgery_protection.rb file, find why any_authenticity_token_valid? fail first.
And check this issue https://github.com/rails/rails/issues/24257#issuecomment-212203983, change to users_path, not users_url.
And take care of this,
For Rails 5, note that protect_from_forgery is no longer prepended to the before_action chain, so if you have set authenticate_user before protect_from_forgery, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use protect_from_forgery prepend: true.
I'm using rails 3.2 and Devise 3.4.1.
On development environment all is working great but on production I'm getting this:
Started POST "/users/sign_in" for 111.111.111.11 at 2015-01-18 15:04:58 +0000
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"PGRrSKfVz8fZiv1a1qBJN2TzmFRAvUgEfYRpmdWiPWk=", "user"=>{"email"=>"email#email.com", "password"=>"[FILTERED]"}, "commit"=>"Log in"}
User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'email#email.com' LIMIT 1
(0.2ms) BEGIN
(0.5ms) UPDATE `users` SET `last_sign_in_at` = '2015-01-18 15:04:53', `current_sign_in_at` = '2015-01-18 15:04:59', `sign_in_count` = 25, `updated_at` = '2015-01-18 15:04:59' WHERE `users`.`id` = 2
(1.2ms) COMMIT
Redirected to http://subdomain.domain.com/
Completed 302 Found in 100.0ms (ActiveRecord: 0.0ms)
Started GET "/" for 111.111.111.11 at 2015-01-18 15:04:59 +0000
Started GET "/authorized" for 111.111.111.11 at 2015-01-18 15:04:59 +0000
Processing by AuthorizedController#index as HTML
Completed 401 Unauthorized in 0.3ms
Started GET "/users/sign_in" for 111.111.111.11 at 2015-01-18 15:05:00 +0000
Processing by SessionsController#new as HTML
Rendered devise/shared/_links.html.erb (0.1ms)
Rendered devise/sessions/new.html.erb (4.0ms)
Completed 200 OK in 5.3ms (Views: 4.5ms | ActiveRecord: 0.0ms)
as you can see the user is being authorised but signing out immediately after that.
help?
well, the CDN just blocked Devise's cookie so it's solved now
thank you all!
I'm found an interesting problem in my app.
I'm using Rails 3 with ruby 2.0. I already have a production server where my app is running and another staging server. I'm configuring a new better one but I have a problem only with Safari.
Redirected to http://ip.server/
Completed 302 Found in 201.7ms (ActiveRecord: 0.0ms)
Started GET "/" for my.ip at 2014-10-13 08:17:18 +0200
Processing by DashboardController#index as HTML
Completed 401 Unauthorized in 1.2ms
Started GET "/user/sign_in" for my.ip at 2014-10-13 08:17:18 +0200
Processing by Devise::SessionsController#new as HTML
Rendered application/_field_errors.html.erb (0.0ms)
Rendered application/_field_errors.html.erb (0.0ms)
Rendered devise/sessions/new.html.erb within layouts/devise (2.3ms)
Completed 200 OK in 5.5ms (Views: 3.8ms | ActiveRecord: 0.0ms)
When I check on the network tab, I can see this:
Fail to load resource: the server responded with a status of 401 (unauthorized)
At the beginning I thought my problem came from Devise but then I checked on Google and find that:
cross browser problem
I tried on Chrome and it works. I tried also without AdBlock or with the private navigation but it still not working with Safari.
Edit:
I did 2 requests, one coming from Chrome and the second one from Safari. The only difference is this line:
WARNING: Can't verify CSRF token authenticity
Edit 2:
I've commented the line protect_from_forgery on my ApplicationController.rb and finally this error (about CSRF) wasn't responsible for my problem.
Here my stacks when I try with Chrome and with Safari.
With Chrome:
Started POST "/user/sign_in" for my.ip at 2014-10-14 13:27:51 +0200
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"c86MNR4MCSbQWJiAjkGtgfgPMg5YirG1tqf/2vqdBWc=", "user"=>{"email"=>"test#example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}}
User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'test#example.com' LIMIT 1
(0.1ms) BEGIN
WARNING: User#current is nil, are you including SentientController on your ApplicationController?
(0.3ms) UPDATE `users` SET `last_sign_in_at` = '2014-10-14 11:26:45', `current_sign_in_at` = '2014-10-14 11:27:51', `sign_in_count` = 52, `updated_at` = '2014-10-14 11:27:51' WHERE `users`.`type` IN ('User::Admin') AND `users`.`id` = 1
(26.1ms) COMMIT
Redirected to http://server.ip/
Completed 302 Found in 135.6ms (ActiveRecord: 0.0ms)
Started GET "/" for my.ip at 2014-10-14 13:27:51 +0200
Processing by DashboardController#index as HTML
User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
server.ip Rendered dashboard/index.html.erb within layouts/application (2.5ms)
Rendered application/_header.html.slim (57.6ms)
Rendered application/_sidebar.html.erb (48.1ms)
Rendered application/_page_header.html.slim (2.0ms)
Rendered application/_flash_messages.html.erb (0.5ms)
Rendered application/_footer.html.erb (0.8ms)
Completed 200 OK in 137.5ms (Views: 122.9ms | ActiveRecord: 5.1ms)
With Safari:
Started POST "/user/sign_in" for my.ip at 2014-10-14 13:27:58 +0200
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"TWKhSxus5q46H9sZdEvMnzD52r0zA5phw/Pv7K+NKuY=", "user"=>{"email"=>"test#example.com", "password"=>"[FILTERED]", "remember_me"=>"0"}}
User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = 'test#example.com' LIMIT 1
(0.1ms) BEGIN
(0.3ms) UPDATE `users` SET `last_sign_in_at` = '2014-10-14 11:27:51', `current_sign_in_at` = '2014-10-14 11:27:58', `sign_in_count` = 53, `updated_at` = '2014-10-14 11:27:58' WHERE `users`.`type` IN ('User::Admin') AND `users`.`id` = 1
(24.8ms) COMMIT
Redirected to http://server.ip/
Completed 302 Found in 138.2ms (ActiveRecord: 0.0ms)
Started GET "/" for my.ip at 2014-10-14 13:27:58 +0200
Processing by DashboardController#index as HTML
Completed 401 Unauthorized in 1.2ms
Started GET "/user/sign_in" for my.ip at 2014-10-14 13:27:58 +0200
Processing by Devise::SessionsController#new as HTML
Rendered application/_field_errors.html.erb (0.0ms)
Rendered application/_field_errors.html.erb (0.0ms)
Rendered devise/sessions/new.html.erb within layouts/devise (2.2ms)
Completed 200 OK in 5.2ms (Views: 3.7ms | ActiveRecord: 0.0ms)
Problem solved. It was not at all coming from my app but from my DNS redirection. I put an simple web redirection for tests and I forgot to add DNS redirection.
Now everything is working perfectly.
I hope this will help someone else!