search

certtools / intelmq-manager

IntelMQ Manager is a graphical interface to manage configurations for IntelMQ framework.
https://docs.intelmq.org/latest/user/manager/
101 stars 55 forks source link

saving configuration unauthorized but already logged in #244

Closed MarcosxDeveloper closed 3 years ago

MarcosxDeveloper commented 3 years ago

action => saving configuration in web ui

status code => 401 Unauthorized

installation type => python pip

intelmqctl check => No issues found

browser devtools logs:

https://intelmq.csirt.gob.do/v1/api//save?file=runtime  => 401 unauthorized
https://intelmq.csirt.gob.do/v1/api//save?file=pipeline  => 401 unauthorized
https://intelmq.csirt.gob.do/v1/api//save?file=positions  => 401 unauthorized
https://intelmq.csirt.gob.do/v1/api//save?file=defaults => 401 unauthorized

apache2 webserver logs:

[Fri Mar 05 16:34:01.875281 2021] [wsgi:error] [pid 19157] [client 167.99.148.151:55758] FileNotFoundError: [Errno 2] No such file or directory: '/opt/intelmq/etc/manager/positions.conf', referer: https://intelmq.csirt.gob.do/intelmq-manager/configs.html

ghost commented 3 years ago

Can you please show intelmqctl debug?

MarcosxDeveloper commented 3 years ago

ok! here you have the result:

Paths:
BOTS_FILE: '/opt/intelmq/etc/BOTS'
DEFAULTS_CONF_FILE: '/opt/intelmq/etc/defaults.conf'
HARMONIZATION_CONF_FILE: '/opt/intelmq/etc/harmonization.conf'
PIPELINE_CONF_FILE: '/opt/intelmq/etc/pipeline.conf'
RUNTIME_CONF_FILE: '/opt/intelmq/etc/runtime.conf'
VAR_RUN_PATH: '/opt/intelmq/var/run/'
STATE_FILE_PATH: '/opt/intelmq/var/lib/state.json'
DEFAULT_LOGGING_PATH: '/opt/intelmq/var/log/'
__file__: '/usr/local/lib/python3.6/dist-packages/intelmq/bin/intelmqctl.py'
CONFIG_DIR: '/opt/intelmq/etc/'
ROOT_DIR: '/opt/intelmq/'
Environment variables:
INTELMQ_ROOT_DIR: None
INTELMQ_PATHS_NO_OPT: None
INTELMQ_PATHS_OPT: None
INTELMQ_MANAGER_CONTROLLER_CMD: None
PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin'
ghost commented 3 years ago

Looks good so far.

1) I guess /opt/intelmq/etc/manager/ does not exist. Should then be writable by the webserver (or alternatively only the file itself). 2) I guess that the configuration files /opt/intelmq/etc/*.conf are not writable by the webserver.

MarcosxDeveloper commented 3 years ago

/opt/intelmq/etc/manager/ dont exist in that folder

intelmqsetup command not added that folder

actually pip install intelmq-api manager folder in this path => /usr/local/lib/python3.6/dist-packages/etc/intelmq/manager

i added permission to /opt/intelmq folder with next command => chown intelmq.www-data /opt/intelmq/etc/*.conf

MarcosxDeveloper commented 3 years ago

the following error in showing in web when i press "save configuration"

6:21 PM There was an error saving pipeline: Status: undefined Error: undefined

MarcosxDeveloper commented 3 years ago

actually copy /usr/local/lib/python3.6/dist-packages/etc/intelmq/manager to /opt/intelmq/etc/manager dont fix the problem

MarcosxDeveloper commented 3 years ago

Hello! I identified the problem.

In the file config.js from intelmq-manager folder.

Promise.all([
        $.post(API + '/save?file=runtime', generate_runtime_conf(app.nodes))
            .done(saveSucceeded)
            .fail(() => {
                alert_error('runtime', ...arguments)
            }),
        $.post(API + '/save?file=pipeline', generate_pipeline_conf(app.edges))
            .done(saveSucceeded)
            .fail(() => {
                alert_error('pipeline', ...arguments)
            }),
        $.post(API + '/save?file=positions', generate_positions_conf())
            .done(saveSucceeded)
            .fail(() => {
                alert_error('positions', ...arguments)
            }),
        $.post(API + '/save?file=defaults', generate_defaults_conf(app.defaults))
            .done(saveSucceeded)
            .fail(() => {
                alert_error('defaults', ...arguments)
            }),])
        .then(function () {
            // all files were correctly saved

            app.nodes = add_defaults_to_nodes(app.nodes, app.defaults);
            $saveButton.unblinking();
        });

jquery post data not include login token in requests.

MarcosxDeveloper commented 3 years ago

I fixed the problem add the next code before the promise.all()

let token = sessionStorage.getItem("login_token");
    if (token !== null) {
        $.ajaxSetup({
           beforeSend: function (xhr)
           {
             xhr.setRequestHeader("Authorization", token);        
           }
        });
    }
ghost commented 3 years ago

Thank you very much for debugging this and proposing a fix! I have seen some interesting behaviour like this in the past, but it was not really reproducible across browsers and clients and we were unable to both describe the problem properly nor to fix it. It turned out, that this was indeed a bug (in the JS code, and not the backend) and not a client-problem as suspected before.

Would you like to create a PR? Otherwise we incorporate the change ourselves, giving credit to you in the commit mesage and changelog as well of course.

cc @bernhard-herzog (original author of the code)

MarcosxDeveloper commented 3 years ago

Hello @wagner-certat! thanks for the offer.

this will be my first merge request in the open source world.