[Lava-users] lava-server login error

Zoran S zoran.stojsavljevic.de at gmail.com
Mon Aug 6 11:03:59 UTC 2018


My colleague showed himself. Andrejs.

Last resort: CSRF checks are implemented in this (?) code (from Andrejs
cooking school):

/srv/kernelci-frontend/app/dashboard/__init__.py

Maybe worth experimenting.
Thank you for the advice, Andrejs.

Zoran
_______

On Mon, Aug 6, 2018 at 12:06 PM, Zoran S <zoran.stojsavljevic.de at gmail.com>
wrote:

> Did you restart gunicorn?
>
> sudo service lava-server-gunicorn restart
>
> After restart try again!?
>
> _______
>
> Last resort: CSRF checks are implemented in this (?) code (from my
> colleague, who also investigated this problem):
>
> /srv/kernelci-frontend/app/dashboard/__init__.py
>
> It is out of desperation... Sometimes desperation can do good things!? :-(
>
> Zoran
>
> On Mon, Aug 6, 2018 at 11:26 AM, ljh_dev <ljh_dev at 126.com> wrote:
>
>> I had made this change in /etc/lava-server/settings.conf, but no changes
>> in result.
>>
>>
>>
>>
>>
>>
>> At 2018-08-06 16:40:00, "Zoran S" <zoran.stojsavljevic.de at gmail.com>
>> wrote:
>>
>> Please, try this:
>> CSRF protection
>>
>> In case of CSRF errors when logging in Lava, read this
>> <https://staging.validation.linaro.org/static/docs/v2/installing_on_debian.html#django-localhost>
>> .
>>
>> Set *CSRF_COOKIE_SECURE* and *SESSION_COOKIE_SECURE* to *false* in Lava
>> server settings:
>>
>> sudo vi /etc/lava-server/settings.conf
>>
>> Restart Lava *gunicorn* server:
>>
>> sudo service lava-server-gunicorn restart
>>
>> _______
>>
>> Hope this helps!
>>
>> Zoran
>>
>> On Mon, Aug 6, 2018 at 7:55 AM, ljh_dev <ljh_dev at 126.com> wrote:
>>
>>> Added a little from previous email ,resend:
>>> I might not say it clearly, let me repeat it again.
>>> According to lava installation document ,I had installed lava-server to
>>> debian 9.5.0.Creating super user operation is ok(by command: sudo
>>> lava-server manage createsuperuser --username $USERNAME --email=$EMAIL, and
>>> username and passwd are both simple )  .
>>> Accessing main page is ok. When enter Sign in page,  input just
>>> registered username and password to login then the firefox browser
>>> displayed err page:
>>> "
>>> You are seeing this message because this site requires a CSRF cookie
>>> when submitting forms. This cookie is required for security reasons, to
>>> ensure that your browser is not being hijacked by third parties.
>>> If you have configured your browser to disable cookies, please re-enable
>>> them, at least for this site, or for 'same-origin' requests.
>>> "
>>> I had added following lines in etc/lava-server/settings.conf:
>>> "CSRF_COOKIE_SECURE": false,
>>> "SESSION_COOKIE_SECURE": false
>>>
>>> And reboot computer and login again, the err is still so. Trying
>>> disable/enable cookies  is still so. At another computer I used chrome
>>> browser remote access nava-server,it is still the same err.
>>>
>>> I just did some login experiments again,all error same as before.  I
>>> find when intentional input  a err username that does not exist,it return
>>> same error page(Is the new user not successfully established?).
>>> I add a new user by using both methods and both return ok:
>>> method 1.
>>>     first:
>>> sudo lava-server manage users add <username> --passwd <password>
>>> then:
>>> sudo lava-server manage authorize_superuser --username {username}
>>> //the {username } is created by previous line command,command return for
>>> example: User u1 granted superuser rights
>>> method 2.
>>>       sudo lava-server manage createsuperuser --username $USERNAME
>>> --email=$EMAIL
>>>
>>>
>>>
>>> At 2018-08-06 13:40:01, "ljh_dev" <ljh_dev at 126.com> wrote:
>>>
>>> I might not say it clearly, let me repeat it again.
>>> According to lava installation document ,I had installed lava-server to
>>> debian 9.5.0.Creating super user operation is ok(by command: sudo
>>> lava-server manage createsuperuser --username $USERNAME --email=$EMAIL, and
>>> username and passwd are both simple )  .
>>> Accessing main page is ok. When enter Sign in page,  input just
>>> registered username and password to login then the firefox browser
>>> displayed err page:
>>> "
>>> You are seeing this message because this site requires a CSRF cookie
>>> when submitting forms. This cookie is required for security reasons, to
>>> ensure that your browser is not being hijacked by third parties.
>>> If you have configured your browser to disable cookies, please re-enable
>>> them, at least for this site, or for 'same-origin' requests.
>>> "
>>> I had added following lines in etc/lava-server/settings.conf:
>>> "CSRF_COOKIE_SECURE": false,
>>> "SESSION_COOKIE_SECURE": false
>>>
>>> And reboot computer and login again, the err is still so. Trying
>>> disable/enable cookies  is still so. At another computer I used chrome
>>> browser remote access nava-server,it is still the same err.
>>>
>>> I just did some login experiments again,all error same as before.  I
>>> find when intentional input  a err username that does not exist,it return
>>> same error page(Is the new user not successfully established?).
>>> I add a new user by using both methods and both return ok:
>>> method1.
>>>     first:
>>> sudo lava-server manage users add <username> --passwd <password>
>>> then:
>>> sudo lava-server manage authorize_superuser --username {username} //the
>>> {username } is created by previous line command,command return for example:
>>> User u1 granted superuser rights
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 在 2018-08-03 17:16:43,"Neil Williams" <neil.williams at linaro.org> 写道:
>>>
>>> On Fri, 3 Aug 2018 at 10:11, ljh_dev <ljh_dev at 126.com> wrote:
>>>
>>>> Hi,
>>>> According to lava installation document ,I had installed lava-server to
>>>> debian 9.5.0.Creating super user operation is ok(sudo lava-server manage
>>>> createsuperuser --username $USERNAME --email=$EMAIL)  . But when using
>>>> firefox browser to login in by created name , response message:
>>>>   --
>>>>     SRF verification failed. Request aborted.
>>>>
>>>
>>> This is covered in the documentation: https://validation.linaro.org/
>>> static/docs/v2/installing_on_debian.html#using-localhost-or-
>>> non-https-instance-url
>>>
>>> If you are setting up an instance to be used by others, you should set
>>> up https:// support - if this is just localhost, you need to tell
>>> Django to accept http usage.
>>>
>>>
>>>
>>>> You are seeing this message because this site requires a CSRF cookie
>>>> when submitting forms. This cookie is required for security reasons, to
>>>> ensure that your browser is not being hijacked by third parties.
>>>> If you have configured your browser to disable cookies, please
>>>> re-enable them, at least for this site, or for 'same-origin' requests.
>>>>  --
>>>> After configured browser to disable cookies,the response is still so.
>>>>
>>>> Jiang Lao
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Lava-users mailing list
>>>> Lava-users at lists.linaro.org
>>>> https://lists.linaro.org/mailman/listinfo/lava-users
>>>>
>>>
>>>
>>> --
>>>
>>> Neil Williams
>>> =============
>>> neil.williams at linaro.org
>>> http://www.linux.codehelp.co.uk/
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> 【网易自营|30天无忧退货】爱上书写:施华洛世奇制造商星空原色水晶笔,限时仅29元>>
>>> <http://you.163.com/item/detail?id=1092001&from=web_gg_mail_jiaobiao_7>
>>>
>>>
>>> _______________________________________________
>>> Lava-users mailing list
>>> Lava-users at lists.linaro.org
>>> https://lists.linaro.org/mailman/listinfo/lava-users
>>>
>>>
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linaro.org/pipermail/lava-users/attachments/20180806/e01523f6/attachment-0001.html>


More information about the Lava-users mailing list