search

alexbelgium / hassio-addons

My homeassistant addons
MIT License
1.43k stars 209 forks source link

🐛 [papermerge] Login leads to 403 Forbidden CSRF verification failed #1109

Closed bilogic closed 8 months ago

bilogic commented 8 months ago

Description

I'm able to load the login page, but after typing in admin/admin, it gives me a 403 and no useful errors in the logs

I checked the form and payload, CSRF token is there

image

Reproduction steps

1. Go to my hostname for papermerge
2. Enter admin/admin for username/password
3. Results in 403 
4. Restarted with `DEBUG=True` but the logs do not become more verbose

Addon Logs

System check identified no issues (0 silenced).
cont-init: info: /etc/cont-init.d/50-config exited 0
cont-init: info: running /etc/cont-init.d/90-custom-folders
cont-init: info: /etc/cont-init.d/90-custom-folders exited 0
cont-init: info: running /etc/cont-init.d/91-OCR.sh
[08:20:52] INFO: Configuring 2 languages
[08:20:52] INFO: OCRLANG variable is set, processing the language packages
[08:20:52] INFO: Writing new configuration
[08:20:58] INFO: Processing language eng
[08:20:59] INFO: Installing tesseract-ocr-eng
[08:21:01] INFO: eng identified as English
[08:21:01] INFO: Setting default language to eng
[08:21:01] INFO: ... eng installed
[08:21:01] INFO: Processing language fra
[08:21:02] INFO: Installing tesseract-ocr-fra
[08:21:06] INFO: fra identified as French
[08:21:06] INFO: ... fra installed
cont-init: info: /etc/cont-init.d/91-OCR.sh exited 0
cont-init: info: running /etc/cont-init.d/92-smb_mounts.sh
cont-init: info: /etc/cont-init.d/92-smb_mounts.sh exited 0
cont-init: info: running /etc/cont-init.d/99-configuration.sh
[08:21:06] INFO: Storage dir set to /share/workspace/data/tracked/papermerge/storage
[08:21:06] INFO: Import dir set to /share/workspace/data/tracked/papermerge/import
cont-init: info: /etc/cont-init.d/99-configuration.sh exited 0
cont-init: info: running /etc/cont-init.d/99-custom-scripts
[custom-init] no custom files found exiting...
cont-init: info: /etc/cont-init.d/99-custom-scripts exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-mods: starting
s6-rc: info: service init-mods successfully started
s6-rc: info: service init-mods-package-install: starting
s6-rc: info: service init-mods-package-install successfully started
s6-rc: info: service init-mods-end: starting
s6-rc: info: service init-mods-end successfully started
s6-rc: info: service init-services: starting
s6-rc: info: service init-services successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun papermerge (no readiness notification)
services-up: info: copying legacy longrun redis (no readiness notification)
629:C 02 Dec 2023 08:21:06.701 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
629:C 02 Dec 2023 08:21:06.701 # Redis version=5.0.7, bits=64, commit=00000000, modified=0, pid=629, just started
629:C 02 Dec 2023 08:21:06.701 # Configuration loaded
[uWSGI] getting INI configuration from uwsgi.ini
629:M 02 Dec 2023 08:21:06.703 * Running mode=standalone, port=6379.
629:M 02 Dec 2023 08:21:06.703 # Server initialized
629:M 02 Dec 2023 08:21:06.703 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
629:M 02 Dec 2023 08:21:06.703 * Ready to accept connections
[uwsgi-static] added mapping for /static => /app/papermerge/static
*** Starting uWSGI 2.0.18-debian (64bit) on [Sat Dec  2 08:21:06 2023] ***
compiled with version: 10.0.1 20200405 (experimental) [master revision 0be9efad938:fcb98e4978a:705510a708d3642c9c962beb663c476167e4e8a4] on 11 April 2020 11:15:55
os: Linux-6.1.59 #1 SMP PREEMPT_DYNAMIC Thu Oct 26 14:02:31 UTC 2023
nodename: db21ed7f-papermerge
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /app/papermerge
detected binary path: /usr/bin/uwsgi-core
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
your memory page size is 4096 bytes
detected max file descriptor number: 1073741816
building mime-types dictionary from file /etc/mime.types...s6-rc: info: service legacy-services successfully started
s6-rc: info: service 99-ci-service-check: starting
567 entry found
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to TCP address :8000 fd 3
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
[ls.io-init] done.
Python version: 3.8.10 (default, Jun 22 2022, 20:18:18)  [GCC 9.4.0]
s6-rc: info: service 99-ci-service-check successfully started
Python main interpreter initialized at 0x56503c570890
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
python threads support enabled
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 145840 bytes (142 KB) for 1 cores
*** Operational MODE: single process ***
WSGI app 0 (mountpoint='') ready in 1 seconds on interpreter 0x56503c570890 pid: 630 (default app)
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 630)
spawned uWSGI worker 1 (pid: 648, cores: 1)
[pid: 648|app: 0|req: 1/1] 172.30.32.1 () {60 vars in 1161 bytes} [Sat Dec  2 01:21:13 2023] GET / => generated 0 bytes in 108 msecs (HTTP/1.1 302) 7 headers in 216 bytes (1 switches on core 0)
[pid: 648|app: 0|req: 2/2] 172.30.32.1 () {60 vars in 1204 bytes} [Sat Dec  2 01:21:13 2023] GET /accounts/login/?next=/ => generated 2561 bytes in 130 msecs (HTTP/1.1 200) 7 headers in 349 bytes (1 switches on core 0)
[pid: 648|app: -1|req: -1/3] 172.30.32.1 () {58 vars in 1106 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/css/all.min.css => generated 56842 bytes in 1 msecs via sendfile() (HTTP/1.1 200) 3 headers in 112 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/4] 172.30.32.1 () {58 vars in 1132 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/css/icheck-bootstrap.min.css => generated 12505 bytes in 0 msecs via sendfile() (HTTP/1.1 200) 3 headers in 112 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/5] 172.30.32.1 () {58 vars in 1116 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/css/adminlte.min.css => generated 689969 bytes in 5 msecs via sendfile() (HTTP/1.1 200) 3 headers in 113 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/6] 172.30.32.1 () {58 vars in 1114 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/js/bootstrap.bundle.min.js => generated 78635 bytes in 0 msecs via sendfile() (HTTP/1.1 200) 3 headers in 126 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/7] 172.30.32.1 () {58 vars in 1170 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/img/logo_120x116_wbg.png => generated 5832 bytes in 0 msecs via sendfile() (HTTP/1.1 200) 3 headers in 112 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/8] 172.30.32.1 () {58 vars in 1094 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/js/jquery.min.js => generated 88145 bytes in 0 msecs via sendfile() (HTTP/1.1 200) 3 headers in 126 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/9] 172.30.32.1 () {58 vars in 1090 bytes} [Sat Dec  2 01:21:13 2023] GET /static/admin/js/adminlte.js => generated 57439 bytes in 0 msecs via sendfile() (HTTP/1.1 200) 3 headers in 126 bytes (0 switches on core 0)
[pid: 648|app: -1|req: -1/10] 172.30.32.1 () {54 vars in 1099 bytes} [Sat Dec  2 01:21:14 2023] GET /static/admin/img/favicon.ico => generated 3902 bytes in 0 msecs via sendfile() (HTTP/1.1 200) 3 headers in 127 bytes (0 switches on core 0)
[pid: 648|app: 0|req: 3/11] 172.30.32.1 () {66 vars in 1349 bytes} [Sat Dec  2 01:21:17 2023] POST /accounts/login/ => generated 1019 bytes in 2 msecs (HTTP/1.1 403) 6 headers in 173 bytes (1 switches on core 0)
[pid: 648|app: 0|req: 4/12] 172.30.32.1 () {54 vars in 1058 bytes} [Sat Dec  2 01:21:18 2023] GET /favicon.ico => generated 0 bytes in 1 msecs (HTTP/1.1 301) 7 headers in 234 bytes (1 switches on core 0)
[pid: 648|app: -1|req: -1/13] 172.30.32.1 () {56 vars in 1147 bytes} [Sat Dec  2 01:21:18 2023] GET /static/admin/img/favicon.ico => generated 0 bytes in 0 msecs (HTTP/1.1 304) 0 headers in 29 bytes (0 switches on core 0)

Architecture

amd64

OS

HAos

bilogic commented 8 months ago

After some struggling, I removed my Caddy2 (which has another issue of mixing up my hosts randomly) and switched to Nginx Proxy Manager, problem solved.

Culprit: Caddy2 Cause: unknown