Closed pwnedDesal closed 8 years ago
scriptsrc
commented
8 years ago Interesting. I'm not sure why it would do that.
Have you tried creating a second user with the manage.py command?
https://github.com/Netflix/sleepy-puppy/blob/master/manage.py#L58
pwnedDesal
commented
8 years ago problem solve thank you ! :dancer:
pwnedDesal
commented
8 years ago The problem occurs again after a few hours and the proposed solution(creating new user) doesn't solve the problem anymore :( . I currently trying sleepy-puppy via c9.io
scriptsrc
commented
8 years ago Hey @deadstar1,
I'm wondering if c9.io is clearing the database after some period of time. I'd connect to the DB and look through the user table. Do that once when it's working, and once when it's broken. My hunch is that the DB is getting reset on you.
pwnedDesal
commented
8 years ago I don't think so. When i create a user with a username, that already exists in the database, using manage.py. manage.py says user already exists! so c9.io does not clearing the database.
Sometimes the bug is triggered, sometimes not.
sbehrens
commented
8 years ago A proxy log of the requests would be helpful, if you can please use Burpsuite and record your proxy history during the login issues/403 forbidden. If you can send me that log it should help with troubleshooting. Alternatively if you have information you need to redact, maybe take some screenshots of the Burp proxy log.
pwnedDesal
commented
8 years ago HTTP Request
HTTP Response after an authentication
Console Log
sbehrens
commented
8 years ago Do you have a TLS certificate configured and is the server listening on 443?
pwnedDesal
commented
8 years ago I also installed sleepy-puppy in codeanywhere.com the same result was happened
sbehrens
commented
8 years ago Looking back over your screenshots it looks like one of the POST requests results in a 400 HTTP error. Something may be in the logs, could you perform the same authentication flow and send me over your nginx error log as well as any errors in sleepypuppy.log (in the root of the folder).
sbehrens
commented
8 years ago Also if you can provide the request/response screenshots for whatever call to /login is resulting in the 400 that would also be helpful!
sbehrens
commented
8 years ago Hi @deadstar1, just circling back on this. Are you still having the same problem?
pwnedDesal
commented
8 years ago look like there is no issue anymore. thanks
Hi, Whenever i authenticate myself using my credentials in sleepy-puppy web interface, My browser is alway redirected back to http://sleepy-puppy-ip/login/ and sometimes i get 403 forbidden error. i seem the session is not created.