Closed umputun closed 4 years ago
umputun
commented
4 years ago @Reeywhaar - I think this is something (likely typo) on your side. In the token created by demo for anon I get really strange aud with "remark?from=....". The backend didn't care about it much, but with strict aud matching it breaks the auth flow completely.
The request you send seems to have a typo in(note the second ?)
Reeywhaar
commented
4 years ago oh, I see you've already added the commit :-)
umputun
commented
4 years ago used all my "search-and-replace" abilities ;) Hopefully, changed in the right place
umputun
commented
4 years ago hmm, it didn't help. still getting bad one
invalid site - site mismatch, "remark?from=https://demo.remark42.com/web/iframe.html?selfClose" not allowed to post to remark - 403 (4)
maybe some other place should be changed too?
Reeywhaar
commented
4 years ago hm, just checked it, works fine for me if we speak of anonymous login
Reeywhaar
commented
4 years ago I noticed not along ago, that there could be difficulties with "127.0.0.1" and "localhost" on dev env.
umputun
commented
4 years ago I can login, this part worked. But attempt to post fails on Forbidden. This is on demo site
umputun
commented
4 years ago could be safari caching. On fresh chrome it worked
Reeywhaar
commented
4 years ago What I noticed not long ago. An error when trying to login with anonymous from dev server which looks on https://demo.remark42.com/:
I login with
http://127.0.0.1:9000/auth/anonymous/login?user=deve&aud=remark&from=http%3A%2F%2F127.0.0.1%3A9000%2Fweb%2Fiframe.html%3FselfClose&site=remarkand get
{"name":"deve","id":"anonymous_fcf5e2c911978d755b10e8a9b92d9ea1ad89d9f2","picture":"https://demo.remark42.com/api/v1/avatar/cc46822d083a94db7504dc1f09dec47e2a7badbe.image","attrs":{"admin":false,"blocked":false}}then, upon page reload during auth with
http://127.0.0.1:9000/api/v1/user?site=remarkcookies: JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZW1hcmsiLCJleHAiOjE1NzI5ODAzMzYsImp0aSI6IjcwYjBlNDAzMTI5ZTMwYzE5MzcxMzU1NzBkOTg1YmZlOTdkODE1NzkiLCJpYXQiOjE1NzI5ODAwMzYsImlzcyI6InJlbWFyazQyIiwidXNlciI6eyJuYW1lIjoicmVlIiwiaWQiOiJhbm9ueW1vdXNfNGU0ZjFlOWQ5NmU4YTliYjA4YmNiMDc3MzZlNmU2ZDljMTZjOTJlZiIsInBpY3R1cmUiOiJodHRwOi8vMTI3LjAuMC4xOjgwODAvYXBpL3YxL2F2YXRhci83OGFkY2I0MjQ4MWRiYzdhNDZhN2YxOWRlY2Q5ZTAzMDQ5NGE1OGIxLmltYWdlIiwiYXR0cnMiOnsiYWRtaW4iOmZhbHNlLCJibG9ja2VkIjpmYWxzZX19fQ.OV-UeuqTAyghHp9J596T32ELtU1l4zRR_wKj20qMfIo XSRF-TOKEN: 70b0e403129e30c1937135570d985bfe97d81579
* I getUnauthorized
curl examplecurl 'https://demo.remark42.com/api/v1/user?site=remark' -H 'Accept: application/json' -H 'X-XSRF-TOKEN: 70b0e403129e30c1937135570d985bfe97d81579' -H 'Content-Type: application/json' -H 'Cookie: JWT=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZW1hcmsiLCJleHAiOjE1NzI5ODAzMzYsImp0aSI6IjcwYjBlNDAzMTI5ZTMwYzE5MzcxMzU1NzBkOTg1YmZlOTdkODE1NzkiLCJpYXQiOjE1NzI5ODAwMzYsImlzcyI6InJlbWFyazQyIiwidXNlciI6eyJuYW1lIjoicmVlIiwiaWQiOiJhbm9ueW1vdXNfNGU0ZjFlOWQ5NmU4YTliYjA4YmNiMDc3MzZlNmU2ZDljMTZjOTJlZiIsInBpY3R1cmUiOiJodHRwOi8vMTI3LjAuMC4xOjgwODAvYXBpL3YxL2F2YXRhci83OGFkY2I0MjQ4MWRiYzdhNDZhN2YxOWRlY2Q5ZTAzMDQ5NGE1OGIxLmltYWdlIiwiYXR0cnMiOnsiYWRtaW4iOmZhbHNlLCJibG9ja2VkIjpmYWxzZX19fQ.OV-UeuqTAyghHp9J596T32ELtU1l4zRR_wKj20qMfIo; XSRF-TOKEN=70b0e403129e30c1937135570d985bfe97d81579'
oh, JWT here is wrong.
umputun
commented
4 years ago I guess this is a secret mismatch:
auth failed, can't get token: failed to get token: can't parse token: signature is invalid
Reeywhaar
commented
4 years ago oh, cookies from http://127.0.0.1:9000/auth/anonymous/login?... are not set because of strict attribute on them, it's ok.
triggered by https://github.com/umputun/remark/issues/385#issuecomment-549912484)
It looks like a regression due to this change. On remark42 side anonymous user gets "invalid site - site mismatch, not allowed to post to remark - 403 (4)"