admin redirects to logout on save anything

[neoacevedo]

I have exactly the same issue related in https://github.com/luyadev/luya/issues/1785 but no solution is found at that post, except the https://github.com/luyadev/luya/issues/1785#issuecomment-378682148 that doesn't help in anything.

BTW I'm only testing it in localhost. No plans yet to raise it in any Prod or dev server.

[nadar]

Do you have configured the user component? Could you provide me your composer.json? Is it a fresh installation? What webserver are you using?

[neoacevedo]

It's a fresh install. I have Apache+PHP-FPM with FastCGI

[nadar]

so you have the same problem means "unauthorized" response? Could you post me the request header? Is there an Auth header? Save means, POST request, can you identify other post requests which does not work? I need i little bit more infos to isolate that problem. Does it log you out, after login, ur when switch to a crud (like users) and create a new one? What if you edit?

[neoacevedo]

I get the same console output in the browser. I can't track it because immediately, just after click Save, the page is redirected to logout. I'm checking it's related to the blocks for the pages. For instance, I can create a new page and to add a block, for instance, a heading block and the page is saved, but when I try to add a content inside the block and click the save button, I got redirected to logout.

Possibly unhandled rejection: {"data":"\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n  \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">\n<head>\n<title>&iexcl;Acceso prohibido!</title>\n<link rev=\"made\" href=\"mailto:admin@localhost.co\" />\n<style type=\"text/css\"><!--/*--><![CDATA[/*><!--*/ \n    body { color: #000000; background-color: #FFFFFF; }\n    a:link { color: #0000CC; }\n    p, address {margin-left: 3em;}\n    span {font-size: smaller;}\n/*]]>*/--></style>\n</head>\n\n<body>\n<h1>&iexcl;Acceso prohibido!</h1>\n<p>\n\n\n   \n\n      Usted no tiene permiso para acceder al objeto solicitado.\n      El objeto est&aacute; protegido contra lectura o\n      el servidor no puede leerlo.\n\n  \n\n</p>\n<p>\nSi usted cree que esto es un error del servidor, por favor comun&iacute;queselo al\n<a href=\"mailto:admin@localhost.co\">administrador\ndel portal</a>.\n\n</p>\n\n<h2>Error 403</h2>\n<address>\n  <a href=\"/\">localhost</a><br />\n  <span>Apache</span>\n</address>\n</body>\n</html>\n\n","status":403,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"jsonpCallbackParam":"callback","url":"admin/api-cms-navitempageblockitem/update?id=1","data":{"json_config_values":{"__e":"__o","headingType":"h1","content":"Title"},"json_config_cfg_values":{"__e":"__o"},"variation":"0"},"headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer 4d14963374ddabbe749c4b1515bbfbd17d971a166c003d89c303dad2f9d28ae36QR9UkMBWL312k9CAmoKbbnfj0qPR3f8","X-CSRF-Token":"H66lfN45ZZJbr6gYDF9bcbQXraziNfllfPvPWpI9Tetr2PQNjE0H4AL340w8MSskzFLmydV_kQsjvoJp33UErg=="},"cached":false,"debugId":26},"statusText":"Forbidden","xhrStatus":"complete"} bower.js:3855:43
    e http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3855
    get http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2982
    g http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4285
    $digest http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4733
    $apply http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4842
    k http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3214
    v http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3361
    onload http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3383
    (Asíncrono: EventHandlerNonNull)
    Pg http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3378
    s http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3252
    b http://localhost/luya/public_html/assets/145b94da/dist/bower.js:3183
    k http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4305
    $digest http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4733
    $apply http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4842
    compile http://localhost/luya/public_html/assets/145b94da/dist/bower.js:6275
    jQuery 8
    compile http://localhost/luya/public_html/assets/145b94da/dist/bower.js:6262
    Va http://localhost/luya/public_html/assets/145b94da/dist/bower.js:379
    Ca http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2659
    p http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2203
    g http://localhost/luya/public_html/assets/145b94da/dist/bower.js:1967
    g http://localhost/luya/public_html/assets/145b94da/dist/bower.js:1967
    g http://localhost/luya/public_html/assets/145b94da/dist/bower.js:1967
    g http://localhost/luya/public_html/assets/145b94da/dist/bower.js:1967
    p http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2200
    g http://localhost/luya/public_html/assets/145b94da/dist/bower.js:1967
    da http://localhost/luya/public_html/assets/145b94da/dist/bower.js:1952
    Z http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2109
    d http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2000
    m http://localhost/luya/public_html/assets/145b94da/dist/bower.js:2147
    link http://localhost/luya/public_html/assets/145b94da/dist/bower.js:9204
    $digest http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4746
    $apply http://localhost/luya/public_html/assets/145b94da/dist/bower.js:4842
    compile http://localhost/luya/public_html/assets/145b94da/dist/bower.js:6275
    jQuery 6

192.168.23.2 - - [06/Nov/2020:16:41:42 -0500] "POST /luya/public_html/admin/api-admin-timestamp HTTP/1.1" 200 393 "http://localhost/luya/public_html/admin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"
192.168.23.2 - - [06/Nov/2020:16:41:45 -0500] "PUT /luya/public_html/admin/api-cms-navitempageblockitem/update?id=1 HTTP/1.1" 403 1042 "http://localhost/luya/public_html/admin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"
192.168.23.2 - - [06/Nov/2020:16:41:46 -0500] "GET /luya/public_html/admin/default/logout?autologout=1 HTTP/1.1" 302 - "http://localhost/luya/public_html/admin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"
192.168.23.2 - - [06/Nov/2020:16:41:46 -0500] "GET /luya/public_html/admin/login?autologout=1 HTTP/1.1" 200 34441 "http://localhost/luya/public_html/admin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"

[nadar]

So this is the request which ends into "no authorization" i assume?

"PUT /luya/public_html/admin/api-cms-navitempageblockitem/update?id=1 HTTP/1.1" 403 1042

Based on your information above the auth header is correctly available in the request, made by javascript:

{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer 4d14963374ddabbe749c4b1515bbfbd17d971a166c003d89c303dad2f9d28ae36QR9UkMBWL312k9CAmoKbbnfj0qPR3f8"}

Now you could track the request to /api-cms-navitempageblockitem/update?id= with yii2 debug toolbar, there you can also see the header informations, so we would know if the auth informations is received by this script or not.

[neoacevedo]

How do I track it with Yii2 debug toolbar if when is sent is redirected and the request is lost?

[nadar]

If yii2 sends the 403 status (redirect) you can see this redirect in the yii debug panel. Don't you find the put request? Then its already a problem that the request does not even receive the yii application.

Maybe its like the request does not even recieve the yii application, if i look at the response from the server (the "data" attribute from your xhr request above):

<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n  \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n
<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">
   \n
   <head>
      \n
      <title>&iexcl;Acceso prohibido!</title>
      \n
      <link rev=\"made\" href=\"mailto:admin@localhost.co\" />
      \n
      <style type=\"text/css\">
         <!--/*--><![CDATA[/*><!--*/ \n    body { color: #000000; background-color: #FFFFFF; }\n    a:link { color: #0000CC; }\n    p, address {margin-left: 3em;}\n    span {font-size: smaller;}\n/*]]>*/-->
      </style>
      \n
   </head>
   \n\n
   <body>
      \n
      <h1>&iexcl;Acceso prohibido!</h1>
      \n
      <p>\n\n\n   \n\n      Usted no tiene permiso para acceder al objeto solicitado.\n      El objeto est&aacute; protegido contra lectura o\n      el servidor no puede leerlo.\n\n  \n\n</p>
      \n
      <p>\nSi usted cree que esto es un error del servidor, por favor comun&iacute;queselo al\n<a href=\"mailto:admin@localhost.co\">administrador\ndel portal</a>.\n\n</p>
      \n\n
      <h2>Error 403</h2>
      \n
      <address>\n  <a href=\"/\">localhost</a><br />\n  <span>Apache</span>\n</address>
      \n
   </body>
   \n
</html>
\n\n"

This looks like an apache server message, not an yii application error message. So its a problem with your webserver, not with LUYA i would say.

[nadar]

Maybe there is a request verb limitation somewhere in your apache config? https://stackoverflow.com/a/25752881/4611030

[nadar]

@neoacevedo any news on this? could you please try the latest admin version 3.8?

[neoacevedo]

I'm sorry, I have been so busy.

No, isn't any Apache limitation. I have set these values and I get the same issue.

UPDATE: Finally it worked, the htaccess directive and updating the admin version.

[nadar]

UPDATE: Finally it worked, the htaccess directive and updating the admin version.

very nice. Thanks for the report @neoacevedo