search

simplesamlphp / simplesamlphp-module-oidc

A SimpleSAMLphp module for OIDC OP support.
Other
46 stars 23 forks source link

Error with CSRF token protection with nette forms #249

Closed miclip closed 1 month ago

miclip commented 1 month ago

Hello,

I'm seeing this issue that appears to have been fixed in 2021 in the latest version. I get this error when adding a new client on simplesaml/module.php/oidc/admin-clients/new.php

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
2 src/SimpleSAML/Error/ExceptionHandler.php:36 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler)
1 vendor/symfony/error-handler/ErrorHandler.php:538 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
0 [builtin] (N/A)
Caused by: Nette\InvalidStateException: Create a form or call Nette\Forms\Form::initialize() before the headers are sent to initialize CSRF protection. (output started at /var/simplesamlphp/vendor/composer/ClassLoader.php:576). 
Backtrace:
18 vendor/nette/forms/src/Forms/Form.php:773 (Nette\Forms\Form::initialize)
17 vendor/nette/forms/src/Forms/Form.php:789 (Nette\Forms\Form::getHttpRequest)
16 vendor/nette/forms/src/Forms/Form.php:562 (Nette\Forms\Form::receiveHttpData)
15 vendor/nette/forms/src/Forms/Form.php:468 (Nette\Forms\Form::getHttpData)
14 vendor/nette/forms/src/Forms/Form.php:431 (Nette\Forms\Form::isSubmitted)
13 vendor/nette/forms/src/Forms/Controls/BaseControl.php:71 (Nette\Forms\Controls\BaseControl::Nette\Forms\Controls\{closure})
12 vendor/nette/component-model/src/ComponentModel/Component.php:268 (Nette\ComponentModel\Component::refreshMonitors)
11 vendor/nette/component-model/src/ComponentModel/Component.php:193 (Nette\ComponentModel\Component::setParent)
10 vendor/nette/component-model/src/ComponentModel/Container.php:83 (Nette\ComponentModel\Container::addComponent)
9 vendor/nette/forms/src/Forms/Container.php:280 (Nette\Forms\Container::addComponent)
8 modules/oidc/src/Forms/ClientForm.php:212 (SimpleSAML\Module\oidc\Forms\ClientForm::buildForm)
7 modules/oidc/src/Forms/ClientForm.php:59 (SimpleSAML\Module\oidc\Forms\ClientForm::__construct)
6 modules/oidc/src/Factories/FormFactory.php:42 (SimpleSAML\Module\oidc\Factories\FormFactory::build)
5 modules/oidc/src/Controller/Client/CreateController.php:54 (SimpleSAML\Module\oidc\Controller\Client\CreateController::__invoke)
4 modules/oidc/src/Services/RoutingService.php:93 (SimpleSAML\Module\oidc\Services\RoutingService::callController)
3 modules/oidc/src/Services/RoutingService.php:59 (SimpleSAML\Module\oidc\Services\RoutingService::call)
2 modules/oidc/public/admin-clients/new.php:20 (require)
1 src/SimpleSAML/Module.php:302 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)

I've tried going back a couple of versions...

cicnavi commented 1 month ago

I don't understand which version of the oidc module and SimpleSAMlphp you are using in the end. This shouldn't be a problem in the latest release.

But, maybe you have (unintentional) output of notices, warnings or similar. Try totally disabling error output and then opening the form: https://www.php.net/manual/en/function.error-reporting.php.

miclip commented 1 month ago

sorry, it's simplesamlphp 2.3.2 and v5.1.0 of the oidc module installed via composer. Error reporting is disabled and I haven't modified any of the oidc php files yet.

composer require simplesamlphp/simplesamlphp-module-oidc:v5.1.0 --with-all-dependencies

I do see this error when the migations execute 

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
2 src/SimpleSAML/Error/ExceptionHandler.php:36 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler)
1 vendor/symfony/error-handler/ErrorHandler.php:538 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
0 [builtin] (N/A)
Caused by: Laminas\HttpHandlerRunner\Exception\EmitterException: Unable to emit response; headers already sent in /var/simplesamlphp/vendor/composer/ClassLoader.php:576
Backtrace:
7 vendor/laminas/laminas-httphandlerrunner/src/Exception/EmitterException.php:15 (Laminas\HttpHandlerRunner\Exception\EmitterException::forHeadersSent)
6 vendor/laminas/laminas-httphandlerrunner/src/Emitter/SapiEmitterTrait.php:38 (Laminas\HttpHandlerRunner\Emitter\SapiEmitter::assertNoPreviousOutput)
5 vendor/laminas/laminas-httphandlerrunner/src/Emitter/SapiEmitter.php:21 (Laminas\HttpHandlerRunner\Emitter\SapiEmitter::emit)
4 modules/oidc/src/Services/RoutingService.php:120 (SimpleSAML\Module\oidc\Services\RoutingService::callController)
3 modules/oidc/src/Services/RoutingService.php:59 (SimpleSAML\Module\oidc\Services\RoutingService::call)
2 modules/oidc/public/install.php:20 (require)
1 src/SimpleSAML/Module.php:302 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)
cicnavi commented 1 month ago

Again, 'headers already sent' issue.

cicnavi commented 1 month ago

No feedback, closing...