setup.pl - Clicking create button causes Bad request: CSRF token failure
#8411
Comments
|
As s work around, the login button also creates a new company when you try to log into a non existent database. |
|
@ehuelsmann I think perhaps due to my using Digitalocean's managed databases, that's not much of an option (I'm not 100% sure). When I try logging in with a database I didn't create through the digitalocean dashboard, I get: |
|
So, after familiarising myself a bit with this codebase, and figuring out what I needed to do for #8410, I've been able to play with my own workaround for my specific setup getting around the I'm still figuring things out, but I'm better able to make progress now. @ehuelsmann Should this issue stay open? EDIT: I don't know how many people are facing this use case, but I'll keep the gist public for anyone that may stumble across this in the future. My specific use case is: Deploying ledgersmb app on the Digitalocean platform and connecting it with a managed Postgres database. |
|
@ehuelsmann After a lot of reading of your codebase, and the merging of PR #8414, I have settled on a workaround that stable for my use case. By the way, this file was really useful for me in understanding the usage of ledgersmb-admin script: https://github.com/ledgersmb/LedgerSMB/blob/1.11/UI/tests/specs/openapi/database.js Use Case OverviewLaunching LedgerSMB on DigitalOcean App Platform Steps Taken to launch LedgerSMB on DigitalOcean App PlatformModifications to Dockerfilehttps://gist.github.com/walidmujahid/db362783268147b3c3259be33dc76d1f Modifications include:
Create Container Registry on DigitalOceanFor easy deployments to App platform, the following container registry was created for our custom docker images. Create Managed Database
Our Launch Steps on App Platform
Prepare Company DatabseUse custom script to prepare the company in the Digitalocean managed database.
Create UserIn the App Platform console, Run: Load COAIn the App Platform console, Run: |
This commit adds a new 'prepare' command to the ledgersmb-admin tool, allowing users to prepare an existing database for use with LedgerSMB without recreating it. This is particularly useful in deployment scenarios where the database is pre-created, such as when using managed database services like DigitalOcean Managed Databases. The 'prepare' command: - Accepts a <db-uri> as a positional argument, consistent with other ledgersmb-admin commands. - Loads the base schema, applies changes, and loads modules into the specified database. - Utilizes environment variables (PG*) or defaults for connection parameters when they are not specified. This addition addresses the need to prepare existing databases in situations where the 'create' command cannot be used because it attempts to create the database, which may not be possible or desired in certain environments. This is inspired from the workaround for issue: ledgersmb#8411
This commit adds a new 'prepare' command to the ledgersmb-admin tool, allowing users to prepare an existing database for use with LedgerSMB without recreating it. This is particularly useful in deployment scenarios where the database is pre-created, such as when using managed database services like DigitalOcean Managed Databases. The 'prepare' command: - Accepts a <db-uri> as a positional argument, consistent with other ledgersmb-admin commands. - Loads the base schema, applies changes, and loads modules into the specified database. - Utilizes environment variables (PG*) or defaults for connection parameters when they are not specified. This addition addresses the need to prepare existing databases in situations where the 'create' command cannot be used because it attempts to create the database, which may not be possible or desired in certain environments. This is inspired from the workaround for issue: ledgersmb#8411
This commit adds a new 'prepare' command to the ledgersmb-admin tool, allowing users to prepare an existing database for use with LedgerSMB without recreating it. This is particularly useful in deployment scenarios where the database is pre-created, such as when using managed database services like DigitalOcean Managed Databases. The 'prepare' command: - Accepts a <db-uri> as a positional argument, consistent with other ledgersmb-admin commands. - Loads the base schema, applies changes, and loads modules into the specified database. - Utilizes environment variables (PG*) or defaults for connection parameters when they are not specified. This addition addresses the need to prepare existing databases in situations where the 'create' command cannot be used because it attempts to create the database, which may not be possible or desired in certain environments. This is inspired from the workaround for issue: ledgersmb#8411
This commit adds a '--prepare-only' option to the 'ledgersmb-admin create' command, allowing users to prepare an existing database without attempting to create it. This is particularly useful in deployment scenarios where the database is pre-created, such as when using managed database services like DigitalOcean Managed Databases. The '--prepare-only' option: - Skips the database creation step, avoiding errors when the database already exists. - Performs the preparation steps by loading the base schema, applying changes, and loading modules into the specified database. - Provides a consistent user experience by integrating the functionality into the existing 'create' command. This addition addresses the need to prepare existing databases in situations where the 'create' command cannot be used because it attempts to create the database, which may not be possible or desired in certain environments. This is inspired from the workaround for issue: ledgersmb#8411
This commit adds a '--prepare-only' option to the 'ledgersmb-admin create' command, allowing users to prepare an existing database without attempting to create it. This is particularly useful in deployment scenarios where the database is pre-created, such as when using managed database services like DigitalOcean Managed Databases. The '--prepare-only' option: - Skips the database creation step, avoiding errors when the database already exists. - Performs the preparation steps by loading the base schema, applying changes, and loading modules into the specified database. - Provides a consistent user experience by integrating the functionality into the existing 'create' command. This addition addresses the need to prepare existing databases in situations where the 'create' command cannot be used because it attempts to create the database, which may not be possible or desired in certain environments. This is inspired from the workaround for issue: ledgersmb#8411
This commit adds a '--prepare-only' option to the 'ledgersmb-admin create' command, allowing users to prepare an existing database without attempting to create it. This is particularly useful in deployment scenarios where the database is pre-created, such as when using managed database services like DigitalOcean Managed Databases. The '--prepare-only' option: - Skips the database creation step, avoiding errors when the database already exists. - Performs the preparation steps by loading the base schema, applying changes, and loading modules into the specified database. - Provides a consistent user experience by integrating the functionality into the existing 'create' command. This addition addresses the need to prepare existing databases in situations where the 'create' command cannot be used because it attempts to create the database, which may not be possible or desired in certain environments. This is inspired from the workaround for issue: ledgersmb#8411
|
Er soll need to investigate the reason for the rejection of the CSRF token. |
|
@ehuelsmann On our setup, I navigated to the setup.pl endpoint. If I hit the If I hit |
|
Does a digital ocean Pg database have an administrative database by another name, maybe? The "postgres" database is normally the database that is the administrator's "default database". The admin database to be used is configurable in the Docker YAML configuration file; see the configuration section in https://github.com/ledgersmb/LedgerSMB/blob/master/doc/conf/ledgersmb.yaml#L243-L255. See https://github.com/ledgersmb/ledgersmb-docker/blob/1.11/README.md#overriding-or-adding-configuration for more information on how to add the extra config to your container. |
@walidmujahid could it be that you restarted the container between the point where you loaded the page in setup.pl and the point where you clicked on "Create" or "Login" triggering the CSRF error? If so, this was a side-effect of restarting the container. |
ehuelsmann
added
the
waiting-for-user
|
@ehuelsmann I'm no longer seeing the CSRF token failure. I'm not really sure what resolved that. I' just seeing those other errors I mentioned. I'm going to looking into the default database question you posed on digitalocean and do some tests with the config yaml file.
|
github-actions
bot
removed
the
waiting-for-user
|
Let's create a separate issue for the DigitalOcean Login/Create failures and close the problem with the CSRF token as that's disappeared now that things settled down. |
ehuelsmann
added
the
waiting-for-user
@ehuelsmann Sounds good. |
Version
1.11.18-dev
What browsers are you seeing the problem on?
No response
What happened?
I'm running a modified docker image on Digitalocean's App Platform based on the code at commit 0bcd809: https://gist.github.com/walidmujahid/db362783268147b3c3259be33dc76d1f
I was trying to setup a company through setup.pl, however, when I click the create button, I get a
Bad request: CSRF token failure.This issue happened to me also when I initially tested with the docker hub
ledgersmb/ledgersmb:1.11.17image without nginx.What should have happened?
I was expecting to be able to setup the company after clicking the create button.
The text was updated successfully, but these errors were encountered: