search

uoregon-libraries / ripple

**NOTE**: Ripple is no longer maintained or supported by the University of Oregon Libraries.
Other
10 stars 9 forks source link

BadRequest: Truncated query parameters when clicking some menu links #1

Closed joeburleson closed 10 years ago

joeburleson commented 10 years ago

Environment: Centos 6.4 x86_64 - Minimal Server gcc 4.4.7 mongoDB 2.4.6 openSSL-devel is installed Node.js version 0.8.25 Ripple 1.0.6 MongoDB is setup to require Auth and the appropriate username and password have been placed in config.js.

Following advanced install instructions from Admin Guide. Everything install correctly. Reset admin account, start ripple, load it up in a web browser and everything looks good. Login as admin and as soon as I click on the following menu links: People, Permissions, Settings, or Profile a "BadRequest: Truncated query parameters" occurs.

Here is the log information for when I click on People:

BadRequest: Truncated query parameters. at exports.combine (/opt/ripple/node_modules/combohandler/lib/combohandler.js:65:29) at callbacks (/opt/ripple/node_modules/express/lib/router/index.js:161:37) at param (/opt/ripple/node_modules/express/lib/router/index.js:135:11) at pass (/opt/ripple/node_modules/express/lib/router/index.js:142:5) at Router._dispatch (/opt/ripple/node_modules/express/lib/router/index.js:170:5) at Object.router (/opt/ripple/node_modules/express/lib/router/index.js:33:10) at next (/opt/ripple/node_modules/express/node_modules/connect/lib/proto.js:199:15) at store.get.next (/opt/ripple/node_modules/express/node_modules/connect/lib/middleware/session.js:309:9) at /opt/ripple/node_modules/express/node_modules/connect/lib/middleware/session.js:333:9 at module.exports.MongoStore.get (/opt/ripple/nodemodules/connect-mongo/lib/connect-mongo.js:179:17) GET /static/js?jquery.form.js&form-validators/accountValidator.js&=1381511276344 500 7ms BadRequest: Truncated query parameters. at exports.combine (/opt/ripple/node_modules/combohandler/lib/combohandler.js:65:29) at callbacks (/opt/ripple/node_modules/express/lib/router/index.js:161:37) at param (/opt/ripple/node_modules/express/lib/router/index.js:135:11) at pass (/opt/ripple/node_modules/express/lib/router/index.js:142:5) at Router._dispatch (/opt/ripple/node_modules/express/lib/router/index.js:170:5) at Object.router (/opt/ripple/node_modules/express/lib/router/index.js:33:10) at next (/opt/ripple/node_modules/express/node_modules/connect/lib/proto.js:199:15) at store.get.next (/opt/ripple/node_modules/express/node_modules/connect/lib/middleware/session.js:309:9) at /opt/ripple/node_modules/express/node_modules/connect/lib/middleware/session.js:333:9 at module.exports.MongoStore.get (/opt/ripple/nodemodules/connect-mongo/lib/connect-mongo.js:179:17) GET /static/js?controllers/accessController.js&controllers/peopleController.js&controllers/notify.js&views/access.js&views/admin-people.js&jquery.jgrowl.min.js&jquery.dataTables.min.js&jquery.dataTables.bootstrap.js&=1381511276366 500 2ms

Thanks

black-fenix commented 10 years ago

Can you provide your non-confidential parts of your config.js file? The system is possibly acting like it is either missing the "permissions" mongo document or not port forwarding correctly. Also, does the rest of the system work correctly?

joeburleson commented 10 years ago

As far as I can tell the rest of the applications seems to be running correctly, but I have just begun my testing on it.

Here is my config file for ripple (comments and confidential information removed):

var path      = require("path")
,   basePath  = __dirname
var CONFIG = (function() {
  var server = {
      'WWW_PORT': 80
    , 'SECRET_KEY': '##################################'
    , 'DB_PORT':  27017
    , 'DB_HOST': 'localhost'
    , 'DB_NAME': 'ripple'
    , DB_AUTH_NAME: "ripple"
    , DB_AUTH_PASS: "##################"
    , 'LOG_LEVEL': 7
    , 'LOG_FILE': path.normalize(basePath + "/ripple.log")
    , "DEFAULT_ROOM_EXPIRATION_HOURS": 4
    , 'SSL_PORT': 443
    , 'SSL_SILENT_REDIRECT':true
    , "SSL_CERTS": {
      key: require("fs").readFileSync(path.normalize(basePath + "/custom/key.pem")),
      cert: require("fs").readFileSync(path.normalize(basePath + "/custom/cert.pem"))
    } 
  };
  var smtp = {
    // Require to send email
      'HOST': "smtp.gmail.com"
    , 'USER': "##############"
    , 'PASSWORD': "################"
    , 'SSL': true
    , 'SENDER': 'Ripple <#############>'
    , 'PORT': 465
  }
  return {
    SERVER: function(name) { return server[name]; },
    SMTP: function(name){ return smtp[name]; }
  };
})();

MongoDB is configured to require authentication as well.

black-fenix commented 10 years ago

The only thing that I can see from the config.js file is that you can comment out 'SSL_SILENT_REDIRECT' in your case with port 80 & 443. 'SSL_SILENT_REDIRECT' is for when you are redirecting the port in iptables however, I don't believe that will make any difference in your case.

I think that the issue may lie in your mongodb "permissions" collection ("table"). Can you query the table using mongodb command line with db.permissions.find({"adminLock":1}) and show me the results?

Another thing that you can try is running $ make db-migrate at the ripple root to confirm that the database was initialized correctly.

joeburleson commented 10 years ago

I did try running ripple with and without the SSL_SILENT_REDIRECT enabled. I also ran the app with and without SSL enabled. The results were still the same: BadRequest Truncated Query Parameters.

Here is the permissions collection:

> use ripple
switched to db ripple
> show collections
accounts
migrations
password_reset
permissions
question_types
responses
rooms
sessions
system.indexes
variables
web_sessions
> db.permissions.find({"adminLock":1})
{ "name" : "people", "roles" : [  "admin" ], "adminLock" : 1, "category" : "route", "menu" : "restricted", "_id" : ObjectId("525d626401303df907000005") }
{ "name" : "grant", "roles" : [  "admin" ], "adminLock" : 1, "category" : "route", "menu" : "restricted", "_id" : ObjectId("525d626401303df907000006") }
{ "name" : "settings", "roles" : [  "admin" ], "adminLock" : 1, "category" : "route", "menu" : "restricted", "_id" : ObjectId("525d626501303df907000009") }
>

And here is the results of 'make db-migrate':

[root@ripple ripple]# make db-migrate
debug: DB.init :: [object Object]
info: Connected to database :: ripple
debug: Found migration: autoExpireRooms
debug: Already run
debug: Found migration: addAudienceName
debug: Already run
debug: Found migration: addAuthStructure
debug: Already run
debug: Found migration: addAuthUIUpdates
debug: Already run
debug: Found migration: createQTypes
debug: Already run
debug: Found migration: autoExpireSessions
debug: Already run
debug: Found migration: sessionExpireIndex
debug: Already run
debug: Found migration: responseExpireIndex
debug: Already run
debug: Found migration: passResetExpireIndex
debug: Already run
debug: Found migration: systemAlertVariable
debug: Already run
black-fenix commented 10 years ago

That all looks correct. I may have to do my own install on CentOS and see if I can replicate the issue. In the mean while if you want to check out the functionality, you can download the VM @ https://sourceforge.net/projects/ripple-core-vm/.

joeburleson commented 10 years ago

I have already downloaded and installed the VM version. I originally setup ripple in an Ubuntu 12.04 LTS server but ran into the BadRequest problem so I downloaded the VM version and saw that it ran in Centos 6.3. I figured maybe it was a difference between Linux distributions so I built a new server using Centos 6.4. The VM version works great, but I just have not been able to get my own version up and running correctly.

Any help would be appreciated.

black-fenix commented 10 years ago

I just re-installed on one of our platforms and have figured out the error you are reference. It comes from pages that seem to be requesting the js scripts twice to Combohandler; once as is expect and another time with a cache-buster (example: &_=1381940443142). I haven't as yet figured out what is causing the second request with the cache-buster. A second set of eyes on this would be great.

The temporarily solution is to uncomment line #124 & #125 (https://github.com/uoregon-libraries/ripple/blob/v1.0.6/app.js#L124) which puts back in some extra error handling. It will still produce a warning but will not error out. I will probably implement this change in the next version.

I will continue to work on this but any help would be appreciated!

joeburleson commented 10 years ago

Sounds good. As soon as I finish setting up our Seafile server, I'll jump over and start examining the code. I do not know much about node.js applications so this will be a great opportunity to learn more about it. I have already pulled the code down to my local machine. I will post anything I find.

Thanks for your help. I really like this project.

black-fenix commented 10 years ago

v1.0.8 has a fix at 5dde8b3856e2845fb2910169c209d5b6ac674a1d for this issue.