[Lava-users] lava-server login error

Zoran S zoran.stojsavljevic.de at gmail.com
Mon Aug 6 10:06:12 UTC 2018


Did you restart gunicorn?

sudo service lava-server-gunicorn restart

After restart try again!?

_______

Last resort: CSRF checks are implemented in this (?) code (from my
colleague, who also investigated this problem):

/srv/kernelci-frontend/app/dashboard/__init__.py

It is out of desperation... Sometimes desperation can do good things!? :-(

Zoran

On Mon, Aug 6, 2018 at 11:26 AM, ljh_dev <ljh_dev at 126.com> wrote:

> I had made this change in /etc/lava-server/settings.conf, but no changes
> in result.
>
>
>
>
>
>
> At 2018-08-06 16:40:00, "Zoran S" <zoran.stojsavljevic.de at gmail.com>
> wrote:
>
> Please, try this:
> CSRF protection
>
> In case of CSRF errors when logging in Lava, read this
> <https://staging.validation.linaro.org/static/docs/v2/installing_on_debian.html#django-localhost>
> .
>
> Set *CSRF_COOKIE_SECURE* and *SESSION_COOKIE_SECURE* to *false* in Lava
> server settings:
>
> sudo vi /etc/lava-server/settings.conf
>
> Restart Lava *gunicorn* server:
>
> sudo service lava-server-gunicorn restart
>
> _______
>
> Hope this helps!
>
> Zoran
>
> On Mon, Aug 6, 2018 at 7:55 AM, ljh_dev <ljh_dev at 126.com> wrote:
>
>> Added a little from previous email ,resend:
>> I might not say it clearly, let me repeat it again.
>> According to lava installation document ,I had installed lava-server to
>> debian 9.5.0.Creating super user operation is ok(by command: sudo
>> lava-server manage createsuperuser --username $USERNAME --email=$EMAIL, and
>> username and passwd are both simple )  .
>> Accessing main page is ok. When enter Sign in page,  input just
>> registered username and password to login then the firefox browser
>> displayed err page:
>> "
>> You are seeing this message because this site requires a CSRF cookie when
>> submitting forms. This cookie is required for security reasons, to ensure
>> that your browser is not being hijacked by third parties.
>> If you have configured your browser to disable cookies, please re-enable
>> them, at least for this site, or for 'same-origin' requests.
>> "
>> I had added following lines in etc/lava-server/settings.conf:
>> "CSRF_COOKIE_SECURE": false,
>> "SESSION_COOKIE_SECURE": false
>>
>> And reboot computer and login again, the err is still so. Trying
>> disable/enable cookies  is still so. At another computer I used chrome
>> browser remote access nava-server,it is still the same err.
>>
>> I just did some login experiments again,all error same as before.  I find
>> when intentional input  a err username that does not exist,it return same
>> error page(Is the new user not successfully established?).
>> I add a new user by using both methods and both return ok:
>> method 1.
>>     first:
>> sudo lava-server manage users add <username> --passwd <password>
>> then:
>> sudo lava-server manage authorize_superuser --username {username}
>> //the {username } is created by previous line command,command return for
>> example: User u1 granted superuser rights
>> method 2.
>>       sudo lava-server manage createsuperuser --username $USERNAME
>> --email=$EMAIL
>>
>>
>>
>> At 2018-08-06 13:40:01, "ljh_dev" <ljh_dev at 126.com> wrote:
>>
>> I might not say it clearly, let me repeat it again.
>> According to lava installation document ,I had installed lava-server to
>> debian 9.5.0.Creating super user operation is ok(by command: sudo
>> lava-server manage createsuperuser --username $USERNAME --email=$EMAIL, and
>> username and passwd are both simple )  .
>> Accessing main page is ok. When enter Sign in page,  input just
>> registered username and password to login then the firefox browser
>> displayed err page:
>> "
>> You are seeing this message because this site requires a CSRF cookie when
>> submitting forms. This cookie is required for security reasons, to ensure
>> that your browser is not being hijacked by third parties.
>> If you have configured your browser to disable cookies, please re-enable
>> them, at least for this site, or for 'same-origin' requests.
>> "
>> I had added following lines in etc/lava-server/settings.conf:
>> "CSRF_COOKIE_SECURE": false,
>> "SESSION_COOKIE_SECURE": false
>>
>> And reboot computer and login again, the err is still so. Trying
>> disable/enable cookies  is still so. At another computer I used chrome
>> browser remote access nava-server,it is still the same err.
>>
>> I just did some login experiments again,all error same as before.  I find
>> when intentional input  a err username that does not exist,it return same
>> error page(Is the new user not successfully established?).
>> I add a new user by using both methods and both return ok:
>> method1.
>>     first:
>> sudo lava-server manage users add <username> --passwd <password>
>> then:
>> sudo lava-server manage authorize_superuser --username {username} //the
>> {username } is created by previous line command,command return for example:
>> User u1 granted superuser rights
>>
>>
>>
>>
>>
>>
>>
>> 在 2018-08-03 17:16:43,"Neil Williams" <neil.williams at linaro.org> 写道:
>>
>> On Fri, 3 Aug 2018 at 10:11, ljh_dev <ljh_dev at 126.com> wrote:
>>
>>> Hi,
>>> According to lava installation document ,I had installed lava-server to
>>> debian 9.5.0.Creating super user operation is ok(sudo lava-server manage
>>> createsuperuser --username $USERNAME --email=$EMAIL)  . But when using
>>> firefox browser to login in by created name , response message:
>>>   --
>>>     SRF verification failed. Request aborted.
>>>
>>
>> This is covered in the documentation: https://validation.linaro.org/
>> static/docs/v2/installing_on_debian.html#using-localhost-or-
>> non-https-instance-url
>>
>> If you are setting up an instance to be used by others, you should set up
>> https:// support - if this is just localhost, you need to tell Django to
>> accept http usage.
>>
>>
>>
>>> You are seeing this message because this site requires a CSRF cookie
>>> when submitting forms. This cookie is required for security reasons, to
>>> ensure that your browser is not being hijacked by third parties.
>>> If you have configured your browser to disable cookies, please re-enable
>>> them, at least for this site, or for 'same-origin' requests.
>>>  --
>>> After configured browser to disable cookies,the response is still so.
>>>
>>> Jiang Lao
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Lava-users mailing list
>>> Lava-users at lists.linaro.org
>>> https://lists.linaro.org/mailman/listinfo/lava-users
>>>
>>
>>
>> --
>>
>> Neil Williams
>> =============
>> neil.williams at linaro.org
>> http://www.linux.codehelp.co.uk/
>>
>>
>>
>>
>>
>>
>>
>> 【网易自营|30天无忧退货】爱上书写:施华洛世奇制造商星空原色水晶笔,限时仅29元>>
>> <http://you.163.com/item/detail?id=1092001&from=web_gg_mail_jiaobiao_7>
>>
>>
>> _______________________________________________
>> Lava-users mailing list
>> Lava-users at lists.linaro.org
>> https://lists.linaro.org/mailman/listinfo/lava-users
>>
>>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linaro.org/pipermail/lava-users/attachments/20180806/7b36a519/attachment-0001.html>


More information about the Lava-users mailing list