Context:
I'm playing with a Jquery Mobile app and a Rails backend server. I create users from the app, through a POST Ajax call. The back end is, by all purposes for the mobile app, just an API.
I've been all evening reading about this CSRF token authenticity issue, and cannot find how to kill it. I'm on Rails 4 and Devise 3.1 (with token_authenticatable module)
This is the log on console when I try to save a user through the app
Started POST "/users.json" for IP at 2013-09-28 00:05:17 +0200
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"username"=>"seba", "email"=>"mail#gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}
Can't verify CSRF token authenticity
user:
(0.1ms) begin transaction
(0.1ms) rollback transaction
Completed 422 Unprocessable Entity in 9ms (Views: 0.3ms | ActiveRecord: 0.2ms)
I read on this site, that if I put the following line
skip_before_filter :verify_authenticity_token
in my custom Registration controller, the verification error would be gone. It does, but now there's a warning:
Started POST "/users.json" for IP at 2013-09-28 02:38:16 +0200
DEPRECATION WARNING: devise :token_authenticatable is deprecated. Please check Devise 3.1 release notes for more information on how to upgrade. (called from <class:User> at /home/seba/repos/elsapo/app/models/user.rb:4)
Processing by RegistrationsController#create as JSON
Parameters: {"user"=>{"username"=>"seba", "email"=>"mail#gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}}
user:
(0.1ms) begin transaction
(0.2ms) rollback transaction
Completed 422 Unprocessable Entity in 65ms (Views: 0.4ms | ActiveRecord: 1.5ms)
The line user: is the logger.debug, to see if I'm storing something.
In both cases, my app continues to show the same message after submitting the date: "email can't be blank" and then "password can't be blank"
Any pointers or suggestions? I anyone needs more information, I'll gladly deliver it.
Related
I am trying to open an FTP connection over SSL in my code. I'm able to connect and list a directory using FileZilla of WinSCP. But when listing the directory through .NET code using FtpWebClient, I get the error
(425) Can't open data connection
Since I'm able to connect using FileZilla from the same computer, I'm not sure how to go about troubleshooting this.
Here's my code
public void FtpStuff()
{
string url = "ftp://my.server.com";
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(url);
request.Credentials = new NetworkCredential("myname", "password");
request.EnableSsl = true;
request.Method = WebRequestMethods.Ftp.ListDirectory;
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
StreamReader streamReader = new StreamReader(response.GetResponseStream());
// This is the line that throws the exception
string line = streamReader.ReadLine();
}
I also tried FluentFTP. Here's my code for that. I get the exception
Unable to build data connection: Operation not permitted.
public void FtpStuff()
{
FtpClient client = new FtpClient();
client.Host = "my.server.com";
client.Credentials = new NetworkCredential("myname", "password");
client.EncryptionMode = FtpEncryptionMode.Explicit;
client.Connect();
// This line gives me an exception.
var files = client.GetListing();
}
Here is the logging information from FluentFTP. I changed the real user name and IP, but the rest of the data (including the port) is the real data. My FTP service provider specifies that I have to connect on port 21. The problem seems to happen towards the end after the EPSV command is issued and a connection on a new port is established.
# Connect()
The thread 0x5514 has exited with code 0 (0x0).
The thread 0xc80 has exited with code 0 (0x0).
The thread 0x89d4 has exited with code 0 (0x0).
Status: Connecting to 123.123.123.123:21
Response: 220 FTP Server Ready
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: FTPS Authentication Successful
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0.1339995.
Command: USER me#mysite.com
The thread 0x6ddc has exited with code 0 (0x0).
Response: 331 Password required for me#mysite.com
Status: Testing connectivity using Socket.Poll()...
Command: PASS ***
Response: 230-***************************************************************************
Response: NOTICE TO USERS
Response: This computer system is private property. It is for authorized use only.
Response: Users (authorized or unauthorized) have no explicit or implicit
Response: expectation of privacy.
Response:
Response: Any or all uses of this system and all files on this system may be
Response: intercepted, monitored, recorded, copied, audited and inspected by
Response: using this system, the user consents to such interception, monitoring,
Response: recording, copying, auditing, inspection, and disclosure at the
Response: discretion of such personnel or officials. Unauthorized or improper use
Response: of this system may result in civil and criminal penalties and
Response: administrative or disciplinary action, as appropriate. By continuing to
Response: use this system you indicate your awareness of and consent to these terms
Response: and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
Response: conditions stated in this warning.
Response: ****************************************************************************
Response: 230 User me#mysite.com logged in
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Command: FEAT
Response: 211-Features:
Response: AUTH TLS
Response: CCC
Response: CLNT
Response: EPRT
Response: EPSV
Response: HOST
Response: MDTM
Response: MFF modify;UNIX.group;UNIX.mode;
Response: MFMT
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.groupname*;UNIX.mode*;UNIX.owner*;UNIX.ownername*;
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: SSCN
Response: TVFS
Response: 211 End
Status: Text encoding: System.Text.ASCIIEncoding
Command: SYST
Response: 215 UNIX Type: L8
# GetListing(null, Auto)
# GetWorkingDirectory()
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
# OpenPassiveDataStream(AutoPassive, "MLSD /", 0)
Command: EPSV
Response: 229 Entering Extended Passive Mode (|||50304|)
Status: Connecting to 123.123.123.123:50304
Command: MLSD /
Response: 150 Opening BINARY mode data connection for MLSD
Status: FTPS Authentication Successful
Status: Time to activate encryption: 0h 0m 0s. Total Seconds: 0.1210002.
+---------------------------------------+
-----------------------------------------
Status: Disposing FtpSocketStream...
# CloseDataStream()
Response: 425 Unable to build data connection: Operation not permitted
Status: Disposing FtpSocketStream...
Exception thrown: 'FluentFTP.FtpCommandException' in FluentFTP.dll
Here are my FileZilla logs.
Status: Resolving address of mysite.com
Status: Connecting to 123.123.123.123:21...
Status: Connection established, waiting for welcome message...
Response: 220 FTP Server Ready
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Command: USER me#mysite.com
Response: 331 Password required for me#mysite.com
Command: PASS ************
Response: 230-***************************************************************************
Response: NOTICE TO USERS
Response: This computer system is private property. It is for authorized use only.
Response: Users (authorized or unauthorized) have no explicit or implicit
Response: expectation of privacy.
Response:
Response: Any or all uses of this system and all files on this system may be
Response: intercepted, monitored, recorded, copied, audited and inspected by
Response: using this system, the user consents to such interception, monitoring,
Response: recording, copying, auditing, inspection, and disclosure at the
Response: discretion of such personnel or officials. Unauthorized or improper use
Response: of this system may result in civil and criminal penalties and
Response: administrative or disciplinary action, as appropriate. By continuing to
Response: use this system you indicate your awareness of and consent to these terms
Response: and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
Response: conditions stated in this warning.
Response: ****************************************************************************
Response: 230 User me#mysite.com logged in
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH TLS
Response: CCC
Response: CLNT
Response: EPRT
Response: EPSV
Response: HOST
Response: MDTM
Response: MFF modify;UNIX.group;UNIX.mode;
Response: MFMT
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.groupname*;UNIX.mode*;UNIX.owner*;UNIX.ownername*;
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: SSCN
Response: TVFS
Response: 211 End
Status: Server does not support non-ASCII characters.
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (123,123,123,123,197,68).
Command: MLSD
Response: 150 Opening BINARY mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing of "/" successful
I can also connect using WinSCP. As suggested in comments, I did check if TLS/SSL session ID is reused when opening the data connection. It seems that it is.
227 Entering Passive Mode (???)
MLSD
Connecting to ??? ...
Connection pending
Data connection opened
Trying reuse main TLS session ID
Session ID reused
150 Opening data channel for directory listing of "/"
.NET framework does not support TLS/SSL session reuse. If your server requires it (what it looks it does and what is quite common nowadays and what is good thing for security), you cannot use FtpWebRequest nor FluentFTP. Both use the .NET implementation of TLS/SSL.
You will have to use FTP library that uses own TLS/SSL implementation.
You can use my WinSCP .NET assembly. Though contrary to FluentFTP, it's not a native .NET library, it has dependencies on an external binary. But that's what makes it working.
Some references:
https://github.com/robinrodricks/FluentFTP/issues/347
https://github.com/dotnet/runtime/issues/27916
"Authentication failed because the remote party has closed the transport stream" when transferring to/from FTP server over TLS/SSL using FluentFTP
Upload file to implicit FTPS server in C# with TLS session reuse
Suddenly getting "150 Opening Data channel for file download from server" after the FTP downloads was working for years – According to this post and other references elsewhere, the TLS/SSL session reuse was supported earlier with .NET Framework, but some update broke it. In .NET Core it was never working (see also the dotnet GitHub link above).
I'm using Jodd version 3.7 and I would like to read an outlook account (outlook.it).
Outlook SMTP is :
server: smtp-mail.outlook.com
port: 587 with TLS
and IMAP is :
server: imap-mail.outlook.com
port: 993 with SSL
Sending email is fine, but when I try to receive email with IMAP with method receiveAndDelete I get the following error:
jodd.mail.MailException: Message parsing failed; <--- javax.mail.MessageRemovedException
the email message is really deleted, but I dont want to get that exception.
How can i avoid this?
It's a bug! Let me explain: Jodd copies data from received message to its own structure, however, this is done after the deletion flag is set. Therefore, mail library detects it is a deleted message and throws an exception.
Fixed here, by parsing the message before setting the flags.
Workaround: don't use receiveAndDelete - instead receive and then delete later.
I'm trying to set up methods to handle callbacks from Coinbase for my app. When I send test callbacks via a POST, my "Server responded with: 422 Unprocessable Entity".
The callback/POST is just sending a simple JSON and expecting a status 200 back. I've tried to make things uber simple first just for testing. This is what I have in my controller:
def callbacks
render json: {status: "OK"}
end
But even with that, I'm getting this in my server console logs:
2014-10-10T16:31:30.318374+00:00 app[web.1]: Started POST "/contribute/callbacks for 173.245.56.73 at 2014-10-10 09:31:30 -0700
2014-10-10T16:31:30.323217+00:00 app[web.1]: Parameters: {"order"=>{"id"=>nil, "created_at"=>nil, "status"=>"completed", "event"=>nil, "total_btc"=>{"cents"=>100000000, "currency_iso"=>"BTC"}, "total_native"=>{"cents"=>35925, "currency_iso"=>"USD"}, "total_payout"=>{"cents"=>35925, "currency_iso"=>"USD"}, "custom"=>"123456789", "id"=>nil}, "transaction"=>{"id"=>"54380", "hash"=>"4a5e1b", "confirmations"=>0}}}}
2014-10-10T16:31:30.324629+00:00 app[web.1]: Completed 422 Unprocessable Entity in 1ms
2014-10-10T16:31:30.323041+00:00 app[web.1]: Processing by PaymentsController#callbacks as JSON
2014-10-10T16:31:30.324325+00:00 app[web.1]: Can't verify CSRF token authenticity
I would really appreciate any help. I have also tried variations of render. Dont know what to do next to troubleshoot.
I have placed an after_commit callback in the RequestToken model that outputs "Committed Request Token xx". You can see in the log I included below, that the token record is committed and the next request the lookup on the object says it cannot be found. The issue occurs intermittently and if I refresh the page the record is found and the request goes through.
Environment
AWS EC2 + RDS, Ubuntu 10.04, Rails 3.2.8, MySQL2 0.3.11 gem, apache2 2.2.14, phusion passenger 3.0.11
Has anyone seen this before? Any suggestions?
Committed Request Token S8j311QckvEjnDftNW0e7FPHsavGWTelONcsE3X1
Rendered text template (0.0ms)
Completed 200 OK in 28ms (Views: 0.6ms | ActiveRecord: 21.8ms | Sphinx: 0.0ms)
Started GET "/oauth/authorize?oauth_token=S8j311QckvEjnDftNW0e7FPHsavGWTelONcsE3X1" for 96.236.148.63 at 2012-10-15 22:07:32 +0000
Processing by OauthController#authorize as HTML
Parameters: {"oauth_token"=>"S8j311QckvEjnDftNW0e7FPHsavGWTelONcsE3X1"}
Completed 500 Internal Server Error in 5ms
ActiveRecord::RecordNotFound (Couldn't find RequestToken with token = S8j311QckvEjnDftNW0e7FPHsavGWTelONcsE3X1):
200 Doesn't mean it saved. Probably failed a validation.
I am developing a simple iOS app, which uses a Rails app as a server backend. I'm using the Restkit framework for the management of the server networking / requests and on the iOS side all seems to be OK.
When I make a PUT request, I get a 200 response back, and the logs in XCode seem to suggest all is well. When I look at the logs for the Rails app, it also seems to suggest all is well, with the following output:
2011-12-19T18:15:17+00:00 app[web.1]: Started PUT "/lists/3/tasks/6" for 109.156.183.65 at 2011-12-19 18:15:17 +0000
2011-12-19T18:15:17+00:00 app[web.1]: Parameters: {"created_at"=>"2011-12-12 22:37:00 +0000", "id"=>"6", "updated_at"=>"2011-12-12 22:37:00 +0000", "description"=>"Create a home page", "list_id"=>"3", "completed"=>"1"}
2011-12-19T18:15:17+00:00 app[web.1]: Task Load (4.3ms) SELECT "tasks".* FROM "tasks" WHERE "tasks"."id" = $1 LIMIT 1 [["id", "6"]]
2011-12-19T18:15:17+00:00 app[web.1]: Processing by TasksController#update as JSON
2011-12-19T18:15:17+00:00 app[web.1]: (4.7ms) BEGIN
2011-12-19T18:15:17+00:00 app[web.1]: (1.5ms) COMMIT
2011-12-19T18:15:17+00:00 app[web.1]: Completed 200 OK in 48ms (Views: 1.1ms | ActiveRecord: 16.0ms)
2011-12-19T18:15:17+00:00 heroku[nginx]: 109.156.183.65 - - [19/Dec/2011:10:15:17 -0800] "PUT /lists/3/tasks/6 HTTP/1.1" 200 154 "-" "TaskM8/1.0 CFNetwork/485.13.9 Darwin/11.2.0" taskm8.com
2011-12-19T18:15:17+00:00 heroku[router]: PUT taskm8.com/lists/3/tasks/6 dyno=web.1 queue=0 wait=0ms service=114ms status=200 bytes=154
However, when I make another get request, or use the standard web views to look at the data, the change I was expecting from the PUT request (Completed = 1 - which is a BOOL field), no change has been made.
I can see from the rails log that my iOS app is passing the correct parameters, so it seems to be something on the rails side. I've been through the loop of overcoming the CSRF error message, so don't think it's that.
On a local version of the rails app, I've also run general logging against the MySql database to monitor the queries being run, trying to see if the PUT does anything at all, or anything which would fail... in the log, you don't see anything other than:
BEGIN
COMMIT
The same as the rails log.
So, does anyone have any idea about why the PUT is not making the changes to the data, or how I can debug the PUT further?
Apologies if this is a real simple question, I'm slowly getting back into development and am somewhat rusty!
Are you using any kind of automated tests? If not, start there.
Another way (though rubbish) would be to call your controller action from a webpage and see if it works.
You can also add logger.debug in your rails code to add traces.
If you have control over the MySQL server I would suggest that you enable the general log aka the query log, that way you can see what really happens.
SET GLOBAL general_log_file = '/tmp/query.log'
SET GLOBAL general_log = 'ON';