Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Randomly 404 / ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.) - openid setup #5991

Open
himpierre opened this issue Feb 6, 2025 · 3 comments
Open

Randomly 404 / ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.) - openid setup #5991

himpierre opened this issue Feb 6, 2025 · 3 comments

Comments

@himpierre
Copy link

himpierre commented Feb 6, 2025
edited
Loading

Hello!

Very randomly I see the 404 page when calling the greenlight landing page of my bigbluebutton installation. The logs then show:

[4c1e7a10-8925-4a6b-8e3f-64bcd97860f3] puma (5.6.8) lib/puma/thread_pool.rb:147:in `block in spawn_thread'
D, [2025-02-06T11:24:43.020019 #1] DEBUG -- omniauth: (openid_connect) Request phase initiated.
E, [2025-02-06T11:24:43.021186 #1] ERROR -- omniauth: (openid_connect) Authentication failure! ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken, ActionController::InvalidAuthenticityToken
D, [2025-02-06T11:30:35.496459 #1] DEBUG -- omniauth: (openid_connect) Request phase initiated.
D, [2025-02-06T11:30:36.721388 #1] DEBUG -- omniauth: (openid_connect) Callback phase initiated.
W, [2025-02-06T13:30:26.431730 #1]  WARN -- : [ccf943d3-bf5a-4def-b18b-f7320ac75e17] Can't verify CSRF token authenticity.
F, [2025-02-06T13:30:26.434843 #1] FATAL -- : [ccf943d3-bf5a-4def-b18b-f7320ac75e17]   
[ccf943d3-bf5a-4def-b18b-f7320ac75e17] ActionController::InvalidAuthenticityToken (Can't verify CSRF token authenticity.):
[ccf943d3-bf5a-4def-b18b-f7320ac75e17]   
[ccf943d3-bf5a-4def-b18b-f7320ac75e17] actionpack (7.1.4.1) lib/action_controller/metal/request_forgery_protection.rb:293:in `handle_unverified_request'
[ccf943d3-bf5a-4def-b18b-f7320ac75e17] actionpack (7.1.4.1) lib/action_controller/metal/request_forgery_protection.rb:388:in `handle_unverified_request'

Currently it's connected to the nextcloud oidc provider but I had the very same before when greenlight was connected to a keycloak installation. Every now and the 404. Clearing the cache of the browser and reloading the page always solves the problem. Can't verify CSRF token authenticity is more of an integrated rails functionality, right? Found this page regarding that.

https://plata.news/blog/cant-verify-csrf-token-authenticity/

Any chance we get that sorted out?

cheers!
@farhatahmad
Copy link
Collaborator

Can you provide some sort of reproduction instructions? Its tricky to solve issues that we can't reproduce

@himpierre
Copy link
Author

himpierre commented Feb 11, 2025 via email

@himpierre
Copy link
Author

himpierre commented Feb 13, 2025
edited
Loading

I have an additional and reproducible bug that maybe ties to the original one. Sadly it seems only reproducible on mobile. When leaving a room I'm back on the greenlight rooms page. When I then immediately try to start the meeting again it errors out. Here is what the log says (Can't verify CSRF token authenticity.):

/usr/src/app/vendor/bundle/ruby/3.2.0/gems/puma-5.6.8/lib/puma/thread_pool.rb:147:in `block in spawn_thread'
I, [2025-02-13T21:42:45.903507 #1]  INFO -- : BigBlueButtonAPI: request=https://mydomain.bla/bigbluebutton/api/create?guestPolicy=ALWAYS_ACCEPT&loginURL=https%3A%2F%2Fmydomain.bla%2Frooms%2Fngd-iyk-yh6-vzp%2Fjoin&logoutURL=https%3A%2F%2Fmydomain.bla%2Frooms%2Fngd-iyk-yh6-vzp%2Fjoin&meetingID=htfyfjv6jqu7nev3aww0fu8dam1vybrecwxzfode&meta_bbb-context-id=ngd-iyk-yh6-vzp&meta_bbb-context-name=What+Up+With+That%21%3F&meta_bbb-origin=greenlight&meta_bbb-origin-server-name=mydomain.bla&meta_bbb-origin-version=release-3.4.5&meta_bbb-recording-ready-url=https%3A%2F%2Fmydomain.bla%2Frecording_ready&meta_endCallbackUrl=https%3A%2F%2Fmydomain.bla%2Fmeeting_ended&moderatorOnlyMessage=To+invite+someone+to+the+meeting%2C+send+them+this+link%3A%3Cbr%3Ehttps%3A%2F%2Fmydomain.bla%2Frooms%2Fngd-iyk-yh6-vzp%2Fjoin&muteOnStart=false&name=What+Up+With+That%21%3F&record=true&checksum=05cb113d9fa271ace0b1e908bebcfb716202a1a5 response_status=Net::HTTPOK response_code=200  message_key=
W, [2025-02-13T21:44:08.103298 #1]  WARN -- : [e8b3c499-ee47-4dbb-b3c7-c932cd02133d] Can't verify CSRF token authenticity.
E, [2025-02-13T21:44:08.103869 #1] ERROR -- : [e8b3c499-ee47-4dbb-b3c7-c932cd02133d] Can't verify CSRF token authenticity.
E, [2025-02-13T21:44:08.105263 #1] ERROR -- : [e8b3c499-ee47-4dbb-b3c7-c932cd02133d] /usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/request_forgery_protection.rb:293:in `handle_unverified_request'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/request_forgery_protection.rb:388:in `handle_unverified_request'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/request_forgery_protection.rb:377:in `verify_authenticity_token'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:403:in `block in make_lambda'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:202:in `block (2 levels) in halting'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:203:in `block in halting'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:598:in `block in invoke_before'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:598:in `each'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:598:in `invoke_before'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:119:in `block in run_callbacks'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:141:in `run_callbacks'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/abstract_controller/callbacks.rb:258:in `process_action'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/rescue.rb:25:in `process_action'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/instrumentation.rb:74:in `block in process_action'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/notifications.rb:206:in `block in instrument'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/notifications/instrumenter.rb:58:in `instrument'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/notifications.rb:206:in `instrument'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/instrumentation.rb:73:in `process_action'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal/params_wrapper.rb:261:in `process_action'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activerecord-7.1.4.1/lib/active_record/railties/controller_runtime.rb:32:in `process_action'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/abstract_controller/base.rb:160:in `process'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionview-7.1.4.1/lib/action_view/rendering.rb:40:in `process'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal.rb:227:in `dispatch'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_controller/metal.rb:309:in `dispatch'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/routing/route_set.rb:32:in `serve'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/journey/router.rb:51:in `block in serve'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/journey/router.rb:131:in `block in find_routes'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/journey/router.rb:124:in `each'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/journey/router.rb:124:in `find_routes'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/journey/router.rb:32:in `serve'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/routing/route_set.rb:882:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:470:in `call_app!'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/omniauth_openid_connect-0.7.1/lib/omniauth/strategies/openid_connect.rb:157:in `other_phase'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:195:in `call!'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.2/lib/omniauth/strategy.rb:169:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.2/lib/omniauth/builder.rb:44:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/etag.rb:27:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/conditional_get.rb:40:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/head.rb:12:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/http/permissions_policy.rb:36:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/http/content_security_policy.rb:33:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/cookies.rb:689:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/callbacks.rb:101:in `run_callbacks'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/callbacks.rb:28:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/lograge-0.14.0/lib/lograge/rails_ext/rack/logger.rb:18:in `call_app'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/railties-7.1.4.1/lib/rails/rack/logger.rb:24:in `block in call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/tagged_logging.rb:139:in `block in tagged'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/tagged_logging.rb:39:in `tagged'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/tagged_logging.rb:139:in `tagged'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/broadcast_logger.rb:241:in `method_missing'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/railties-7.1.4.1/lib/rails/rack/logger.rb:24:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/remote_ip.rb:92:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/request_store-1.5.1/lib/request_store/middleware.rb:19:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/request_id.rb:28:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/method_override.rb:24:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/runtime.rb:22:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/activesupport-7.1.4.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/static.rb:25:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/sendfile.rb:110:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.1.4.1/lib/action_dispatch/middleware/ssl.rb:79:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/railties-7.1.4.1/lib/rails/engine.rb:536:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/urlmap.rb:58:in `each'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/rack-2.2.10/lib/rack/urlmap.rb:58:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/puma-5.6.8/lib/puma/configuration.rb:252:in `call'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/puma-5.6.8/lib/puma/request.rb:77:in `block in handle_request'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/puma-5.6.8/lib/puma/thread_pool.rb:340:in `with_force_shutdown'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/puma-5.6.8/lib/puma/request.rb:76:in `handle_request'
/usr/src/app/vendor/bundle/ruby/3.2.0/gems/puma-5.6.8/lib/puma/server.rb:443:in `process_client'

cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@farhatahmad @himpierre