search

twilio / authy-devise

Authy Devise plugin to add Two-Factor Authentication
MIT License
200 stars 84 forks source link

Can't verify CSRF token authenticity #91

Closed mjfrey closed 6 years ago

mjfrey commented 6 years ago

After installing gem into a rails 5.2.0 environment I get the following error when trying to authenticate a user. This happens even after just installing the gem and not even adding anything to the User model.

If I remove the gem, login and authentication happens just fine. Not sure how to resolve this.

:22:45 PM web.1 | Can't verify CSRF token authenticity. 8:22:45 PM web.1 | method=POST path=/users/sign_in format=html controller=Devise::SessionsController action=create status=422 error='ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken' duration=136.83 view=0.00 db=0.98 8:22:45 PM web.1 | ActionController::InvalidAuthenticityToken excluded from capture: DSN not set 8:22:45 PM web.1 | ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/request_forgery_protection.rb:211:in handle_unverified_request' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/request_forgery_protection.rb:243:inhandle_unverified_request' 8:22:45 PM web.1 | devise (4.4.3) lib/devise/controllers/helpers.rb:255:in handle_unverified_request' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/request_forgery_protection.rb:238:inverify_authenticity_token' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:426:in block in make_lambda' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:198:inblock (2 levels) in halting' 8:22:45 PM web.1 | actionpack (5.2.0) lib/abstract_controller/callbacks.rb:34:in block (2 levels) in <module:Callbacks>' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:199:inblock in halting' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:513:in block in invoke_before' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:513:ineach' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:513:in invoke_before' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:107:inblock in run_callbacks' 8:22:45 PM web.1 | sentry-raven (2.7.3) lib/raven/integrations/rails/controller_transaction.rb:7:in block in included' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:118:ininstance_exec' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:118:in block in run_callbacks' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:136:inrun_callbacks' 8:22:45 PM web.1 | actionpack (5.2.0) lib/abstract_controller/callbacks.rb:41:in process_action' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/rescue.rb:22:inprocess_action' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/instrumentation.rb:34:in block in process_action' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/notifications.rb:168:inblock in instrument' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/notifications/instrumenter.rb:23:in instrument' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/notifications.rb:168:ininstrument' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/instrumentation.rb:32:in process_action' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal/params_wrapper.rb:256:inprocess_action' 8:22:45 PM web.1 | activerecord (5.2.0) lib/active_record/railties/controller_runtime.rb:24:in process_action' 8:22:45 PM web.1 | actionpack (5.2.0) lib/abstract_controller/base.rb:134:inprocess' 8:22:45 PM web.1 | actionview (5.2.0) lib/action_view/rendering.rb:32:in process' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal.rb:191:indispatch' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_controller/metal.rb:252:in dispatch' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/routing/route_set.rb:52:indispatch' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/routing/route_set.rb:34:in serve' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/routing/mapper.rb:18:inblock in ' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/routing/mapper.rb:48:in serve' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/journey/router.rb:52:inblock in serve' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/journey/router.rb:35:in each' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/journey/router.rb:35:inserve' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/routing/route_set.rb:840:in call' 8:22:45 PM web.1 | apartment (2.2.0) lib/apartment/reloader.rb:18:incall' 8:22:45 PM web.1 | warden (1.2.7) lib/warden/manager.rb:36:in block in call' 8:22:45 PM web.1 | warden (1.2.7) lib/warden/manager.rb:35:incatch' 8:22:45 PM web.1 | warden (1.2.7) lib/warden/manager.rb:35:in call' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/tempfile_reaper.rb:15:incall' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/etag.rb:25:in call' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/conditional_get.rb:38:incall' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/head.rb:12:in call' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/http/content_security_policy.rb:18:incall' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/session/abstract/id.rb:232:in context' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/session/abstract/id.rb:226:incall' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/cookies.rb:670:in call' 8:22:45 PM web.1 | activerecord (5.2.0) lib/active_record/migration.rb:559:incall' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/callbacks.rb:28:in block in call' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/callbacks.rb:98:inrun_callbacks' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/callbacks.rb:26:in call' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/executor.rb:14:incall' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/debug_exceptions.rb:61:in call' 8:22:45 PM web.1 | web-console (3.6.2) lib/web_console/middleware.rb:135:incall_app' 8:22:45 PM web.1 | web-console (3.6.2) lib/web_console/middleware.rb:30:in block in call' 8:22:45 PM web.1 | web-console (3.6.2) lib/web_console/middleware.rb:20:incatch' 8:22:45 PM web.1 | web-console (3.6.2) lib/web_console/middleware.rb:20:in call' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/show_exceptions.rb:33:incall' 8:22:45 PM web.1 | lograge (0.10.0) lib/lograge/rails_ext/rack/logger.rb:15:in call_app' 8:22:45 PM web.1 | railties (5.2.0) lib/rails/rack/logger.rb:26:inblock in call' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/tagged_logging.rb:71:in block in tagged' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/tagged_logging.rb:28:intagged' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/tagged_logging.rb:71:in tagged' 8:22:45 PM web.1 | railties (5.2.0) lib/rails/rack/logger.rb:26:incall' 8:22:45 PM web.1 | sprockets-rails (3.2.1) lib/sprockets/rails/quiet_assets.rb:13:in call' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/remote_ip.rb:81:incall' 8:22:45 PM web.1 | request_store (1.4.1) lib/request_store/middleware.rb:19:in call' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/request_id.rb:27:incall' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/method_override.rb:22:in call' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/runtime.rb:22:incall' 8:22:45 PM web.1 | activesupport (5.2.0) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in call' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/executor.rb:14:incall' 8:22:45 PM web.1 | actionpack (5.2.0) lib/action_dispatch/middleware/static.rb:127:in call' 8:22:45 PM web.1 | rack (2.0.5) lib/rack/sendfile.rb:111:incall' 8:22:45 PM web.1 | sentry-raven (2.7.3) lib/raven/integrations/rack.rb:51:in call' 8:22:45 PM web.1 | webpacker (4.0.0.pre.pre.2) lib/webpacker/dev_server_proxy.rb:18:inperform_request' 8:22:45 PM web.1 | rack-proxy (0.6.4) lib/rack/proxy.rb:57:in call' 8:22:45 PM web.1 | railties (5.2.0) lib/rails/engine.rb:524:incall' 8:22:45 PM web.1 | puma (3.11.4) lib/puma/configuration.rb:225:in call' 8:22:45 PM web.1 | puma (3.11.4) lib/puma/server.rb:632:inhandle_request' 8:22:45 PM web.1 | puma (3.11.4) lib/puma/server.rb:446:in process_client' 8:22:45 PM web.1 | puma (3.11.4) lib/puma/server.rb:306:inblock in run' 8:22:45 PM web.1 | puma (3.11.4) lib/puma/thread_pool.rb:120:in `block in spawn_thread'

mjfrey commented 6 years ago

Never mind -- figured it out.

JasperLab commented 5 years ago

Never mind -- figured it out.

Do you mind sharing the solution for this? I am running into exactly the same issue. Thank you!

alexford commented 5 years ago

@mjfrey Can you please share what you ended up needing to do? Or @vivanov26 did you find a solution to this?

JennyLi90 commented 5 years ago

Never mind -- figured it out.

Could you share the solution ? Thanks

mjfrey commented 5 years ago

I had to add the following to my base application_controller.rb

protect_from_forgery prepend: true, with: :exception

the latest rails does not prepend by default.