search

saeloun / miru-web

Miru | Time Tracking and Invoicing and Employee Benefits. Built using Ruby On Rails and ReactJS
https://miru.so
MIT License
185 stars 73 forks source link

Error while POSTing JSON to `/internal_api/v1/users/login` #1570

Closed Animesh-Ghosh closed 1 month ago

Animesh-Ghosh commented 10 months ago

Description

Create a GitHub Codespace and run the rails server. When you try to login, an ActionController::InvalidAuthenticityToken error is raised.

As a sidenote, bin/rails db:prepare, which runs the seed file, also raises an error - it seems like it can't reach the Elasticsearch instance, which the app needs.

Environment

GitHub Codespace

What is the expected behaviour?

You can login and run use the platform.

What is the current behaviour?

You can run the server and GET the homepage, but you can't POST to the login end-point.

How to reproduce the issue?

  1. Create Codespace
  2. Run the server 
    bundle exec rails s -b 0.0.0.0
  3. Try logging in using dummy data from seeds.rb
  4. See the error in the server logs

Screenshots or Screencast

Please provide any traces or logs that could help here.

Started POST "/internal_api/v1/users/login" for 10.240.2.146 at 2023-10-29 14:55:44 +0000
Cannot render console from 10.240.2.146! Allowed networks: 127.0.0.0/127.255.255.255, ::1
Processing by InternalApi::V1::Users::SessionsController#create as JSON
  Parameters: {"user"=>{"email"=>"hello@saeloun.com", "password"=>"[FILTERED]"}, "session"=>{"user"=>{"email"=>"hello@saeloun.com", "password"=>"[FILTERED]"}}}
HTTP Origin header (http://localhost:3000) didn't match request.base_url (https://zany-space-meme-5446g4x9v76f7vgw-3000.app.github.dev)
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 1090)

ActionController::InvalidAuthenticityToken (HTTP Origin header (http://localhost:3000) didn't match request.base_url (https://zany-space-meme-5446g4x9v76f7vgw-3000.app.github.dev)):

actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:253:in `handle_unverified_request'
actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:286:in `handle_unverified_request'
devise (4.8.1) lib/devise/controllers/helpers.rb:255:in `handle_unverified_request'
actionpack (7.0.8) lib/action_controller/metal/request_forgery_protection.rb:275:in `verify_authenticity_token'
activesupport (7.0.8) lib/active_support/callbacks.rb:400:in `block in make_lambda'
activesupport (7.0.8) lib/active_support/callbacks.rb:199:in `block (2 levels) in halting'
actionpack (7.0.8) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
activesupport (7.0.8) lib/active_support/callbacks.rb:200:in `block in halting'
activesupport (7.0.8) lib/active_support/callbacks.rb:595:in `block in invoke_before'
activesupport (7.0.8) lib/active_support/callbacks.rb:595:in `each'
activesupport (7.0.8) lib/active_support/callbacks.rb:595:in `invoke_before'
activesupport (7.0.8) lib/active_support/callbacks.rb:116:in `block in run_callbacks'
activesupport (7.0.8) lib/active_support/callbacks.rb:138:in `run_callbacks'
actionpack (7.0.8) lib/abstract_controller/callbacks.rb:233:in `process_action'
actionpack (7.0.8) lib/action_controller/metal/rescue.rb:23:in `process_action'
actionpack (7.0.8) lib/action_controller/metal/instrumentation.rb:67:in `block in process_action'
activesupport (7.0.8) lib/active_support/notifications.rb:206:in `block in instrument'
activesupport (7.0.8) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
activesupport (7.0.8) lib/active_support/notifications.rb:206:in `instrument'
actionpack (7.0.8) lib/action_controller/metal/instrumentation.rb:66:in `process_action'
actionpack (7.0.8) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
searchkick (5.1.2) lib/searchkick/controller_runtime.rb:15:in `process_action'
activerecord (7.0.8) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
actionpack (7.0.8) lib/abstract_controller/base.rb:151:in `process'
actionview (7.0.8) lib/action_view/rendering.rb:39:in `process'
actionpack (7.0.8) lib/action_controller/metal.rb:188:in `dispatch'
actionpack (7.0.8) lib/action_controller/metal.rb:251:in `dispatch'
actionpack (7.0.8) lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
actionpack (7.0.8) lib/action_dispatch/routing/route_set.rb:32:in `serve'
actionpack (7.0.8) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'
actionpack (7.0.8) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (7.0.8) lib/action_dispatch/journey/router.rb:50:in `block in serve'
actionpack (7.0.8) lib/action_dispatch/journey/router.rb:32:in `each'
actionpack (7.0.8) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (7.0.8) lib/action_dispatch/routing/route_set.rb:852:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
omniauth (2.1.1) lib/omniauth/strategy.rb:202:in `call!'
omniauth (2.1.1) lib/omniauth/strategy.rb:169:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
bullet (7.0.7) lib/bullet/rack.rb:17:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
newrelic_rpm (8.16.0) lib/new_relic/rack/agent_hooks.rb:30:in `traced_call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
newrelic_rpm (8.16.0) lib/new_relic/rack/browser_monitoring.rb:38:in `traced_call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
warden (1.2.9) lib/warden/manager.rb:36:in `block in call'
warden (1.2.9) lib/warden/manager.rb:34:in `catch'
warden (1.2.9) lib/warden/manager.rb:34:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/tempfile_reaper.rb:15:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/etag.rb:27:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/conditional_get.rb:40:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/head.rb:12:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/http/content_security_policy.rb:36:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.8) lib/rack/session/abstract/id.rb:260:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/cookies.rb:704:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
activerecord (7.0.8) lib/active_record/migration.rb:638:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (7.0.8) lib/active_support/callbacks.rb:99:in `run_callbacks'
actionpack (7.0.8) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/executor.rb:14:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
sentry-rails (5.7.0) lib/sentry/rails/rescued_exception_interceptor.rb:12:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/debug_exceptions.rb:28:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
web-console (4.2.0) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.2.0) lib/web_console/middleware.rb:19:in `block in call'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `catch'
web-console (4.2.0) lib/web_console/middleware.rb:17:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
sentry-ruby (5.7.0) lib/sentry/rack/capture_exceptions.rb:28:in `block (2 levels) in call'
sentry-ruby (5.7.0) lib/sentry/hub.rb:220:in `with_session_tracking'
sentry-ruby (5.7.0) lib/sentry-ruby.rb:375:in `with_session_tracking'
sentry-ruby (5.7.0) lib/sentry/rack/capture_exceptions.rb:19:in `block in call'
sentry-ruby (5.7.0) lib/sentry/hub.rb:59:in `with_scope'
sentry-ruby (5.7.0) lib/sentry-ruby.rb:355:in `with_scope'
sentry-ruby (5.7.0) lib/sentry/rack/capture_exceptions.rb:18:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/show_exceptions.rb:29:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
railties (7.0.8) lib/rails/rack/logger.rb:40:in `call_app'
railties (7.0.8) lib/rails/rack/logger.rb:25:in `block in call'
activesupport (7.0.8) lib/active_support/tagged_logging.rb:99:in `block in tagged'
activesupport (7.0.8) lib/active_support/tagged_logging.rb:37:in `tagged'
activesupport (7.0.8) lib/active_support/tagged_logging.rb:99:in `tagged'
railties (7.0.8) lib/rails/rack/logger.rb:25:in `call'
ahoy_matey (4.2.1) lib/ahoy/engine.rb:22:in `call_with_quiet_ahoy'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
sprockets-rails (3.4.2) lib/sprockets/rails/quiet_assets.rb:13:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/remote_ip.rb:93:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/request_id.rb:26:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/method_override.rb:24:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/runtime.rb:22:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
activesupport (7.0.8) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/server_timing.rb:61:in `block in call'
actionpack (7.0.8) lib/action_dispatch/middleware/server_timing.rb:26:in `collect_events'
actionpack (7.0.8) lib/action_dispatch/middleware/server_timing.rb:60:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/executor.rb:14:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/static.rb:23:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.8) lib/rack/sendfile.rb:110:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (7.0.8) lib/action_dispatch/middleware/host_authorization.rb:138:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack-cors (2.0.1) lib/rack/cors.rb:102:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack-mini-profiler (3.0.0) lib/mini_profiler/profiler.rb:393:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
shakapacker (6.0.0) lib/webpacker/dev_server_proxy.rb:25:in `perform_request'
rack-proxy (0.7.6) lib/rack/proxy.rb:87:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
railties (7.0.8) lib/rails/engine.rb:530:in `call'
newrelic_rpm (8.16.0) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
puma (6.3.1) lib/puma/configuration.rb:270:in `call'
puma (6.3.1) lib/puma/request.rb:100:in `block in handle_request'
puma (6.3.1) lib/puma/thread_pool.rb:344:in `with_force_shutdown'
puma (6.3.1) lib/puma/request.rb:99:in `handle_request'
puma (6.3.1) lib/puma/server.rb:443:in `process_client'
puma (6.3.1) lib/puma/server.rb:245:in `block in run'
puma (6.3.1) lib/puma/thread_pool.rb:151:in `block in spawn_thread'

Any possible solutions?

None come to mind, yet.

If the bug is confirmed, would you be willing to submit a PR?

Yes.

keshavbiswa commented 1 month ago

Hey @Animesh-Ghosh can you try reproducing it again? It seems fixed after CORS introduction. And authenticity token. Closing it for now.