After regular user logs out admin gets CSRF Error when logging inΒ #6186
Description
Solidus Version:
4.4
To Reproduce
Log-in / register a regular user, log-out and try to login in as an admin via backend.
The only way to login in without error now is either using the front-end or clean cache and cookies.
Current behavior
CSRF Error
Expected behavior
Flawless login
Screenshots
Desktop (please complete the following information):
- OS: MacOS latest
- Browser Chrome
- Version Version 133.0.6943.142 (Official Build) (arm64)
Smartphone (please complete the following information):
Untested
ActionController::InvalidAuthenticityToken in Spree::Admin::UserSessionsController#create
Can't verify CSRF token authenticity.
Extracted source (around line #312):
310
311
312
313
314
315
def handle_unverified_request
raise ActionController::InvalidAuthenticityToken, warning_message
end
end
end
Rails.root: /home/[removed]/[REMOVED]
Application Trace | Framework Trace | Full Trace
actionpack (7.2.2.1) lib/action_controller/metal/request_forgery_protection.rb:312:in `handle_unverified_request'
actionpack (7.2.2.1) lib/action_controller/metal/request_forgery_protection.rb:406:in `handle_unverified_request'
devise (4.9.4) lib/devise/controllers/helpers.rb:257:in `handle_unverified_request'
actionpack (7.2.2.1) lib/action_controller/metal/request_forgery_protection.rb:395:in `verify_authenticity_token'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:362:in `block in make_lambda'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:179:in `block in call'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:180:in `call'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:559:in `block in invoke_before'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:559:in `each'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:559:in `invoke_before'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:119:in `block in run_callbacks'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:141:in `run_callbacks'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:260:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rescue.rb:27:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:77:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:76:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
activerecord (7.2.2.1) lib/active_record/railties/controller_runtime.rb:39:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:163:in `process'
actionview (7.2.2.1) lib/action_view/rendering.rb:40:in `process'
actionpack (7.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (7.2.2.1) lib/action_controller/metal.rb:335:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:50:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/routing/mapper.rb:32:in `block in <class:Constraints>'
actionpack (7.2.2.1) lib/action_dispatch/routing/mapper.rb:62:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:896:in `call'
railties (7.2.2.1) lib/rails/engine.rb:535:in `call'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `public_send'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `method_missing'
actionpack (7.2.2.1) lib/action_dispatch/routing/mapper.rb:33:in `block in <class:Constraints>'
actionpack (7.2.2.1) lib/action_dispatch/routing/mapper.rb:62:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:896:in `call'
omniauth (2.1.2) lib/omniauth/strategy.rb:202:in `call!'
omniauth (2.1.2) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.1.2) lib/omniauth/strategy.rb:202:in `call!'
omniauth (2.1.2) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.1.2) lib/omniauth/strategy.rb:202:in `call!'
omniauth (2.1.2) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.1.2) lib/omniauth/strategy.rb:202:in `call!'
omniauth (2.1.2) lib/omniauth/strategy.rb:169:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/static.rb:27:in `call'
warden (1.2.9) lib/warden/manager.rb:36:in `block in call'
warden (1.2.9) lib/warden/manager.rb:34:in `catch'
warden (1.2.9) lib/warden/manager.rb:34:in `call'
rack (3.1.8) lib/rack/tempfile_reaper.rb:20:in `call'
rack (3.1.8) lib/rack/etag.rb:29:in `call'
rack (3.1.8) lib/rack/conditional_get.rb:43:in `call'
rack (3.1.8) lib/rack/head.rb:15:in `call'
actionpack (7.2.2.1) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
actionpack (7.2.2.1) lib/action_dispatch/http/content_security_policy.rb:38:in `call'
rack-session (2.1.0) lib/rack/session/abstract/id.rb:274:in `context'
rack-session (2.1.0) lib/rack/session/abstract/id.rb:268:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/cookies.rb:704:in `call'
activerecord (7.2.2.1) lib/active_record/migration.rb:674:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/executor.rb:16:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
web-console (4.2.1) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.2.1) lib/web_console/middleware.rb:19:in `block in call'
web-console (4.2.1) lib/web_console/middleware.rb:17:in `catch'
web-console (4.2.1) lib/web_console/middleware.rb:17:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
railties (7.2.2.1) lib/rails/rack/logger.rb:41:in `call_app'
railties (7.2.2.1) lib/rails/rack/logger.rb:29:in `call'
sprockets-rails (3.5.2) lib/sprockets/rails/quiet_assets.rb:17:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/request_id.rb:33:in `call'
rack (3.1.8) lib/rack/method_override.rb:28:in `call'
rack (3.1.8) lib/rack/runtime.rb:24:in `call'
activesupport (7.2.2.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/server_timing.rb:61:in `block in call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/server_timing.rb:26:in `collect_events'
actionpack (7.2.2.1) lib/action_dispatch/middleware/server_timing.rb:60:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/executor.rb:16:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/static.rb:27:in `call'
rack (3.1.8) lib/rack/sendfile.rb:114:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/host_authorization.rb:143:in `call'
railties (7.2.2.1) lib/rails/engine.rb:535:in `call'
puma (6.5.0) lib/puma/configuration.rb:279:in `call'
puma (6.5.0) lib/puma/request.rb:99:in `block in handle_request'
puma (6.5.0) lib/puma/thread_pool.rb:389:in `with_force_shutdown'
puma (6.5.0) lib/puma/request.rb:98:in `handle_request'
puma (6.5.0) lib/puma/server.rb:468:in `process_client'
puma (6.5.0) lib/puma/server.rb:249:in `block in run'
puma (6.5.0) lib/puma/thread_pool.rb:166:in `block in spawn_thread'
Request
Parameters:
{"authenticity_token"=>"[FILTERED]", "spree_user"=>{"email"=>"[FILTERED]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Login"}
Toggle session dump
_csrf_token: "E9954eSZlbMt15Nzyn4Hh8-8RR3nKC50VzZw6M4HOB4"
locale: "en"
session_id: "4af8a546a88ad73556c805d0f5158e48"
spree_user_return_to: "/admin/stores"
Toggle env dump
GATEWAY_INTERFACE: "CGI/1.2"
HTTP_ACCEPT: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
HTTP_ACCEPT_ENCODING: "gzip, deflate, br, zstd"
HTTP_ACCEPT_LANGUAGE: "en-US,en;q=0.9,de;q=0.8,it;q=0.7"
HTTP_CACHE_CONTROL: "max-age=0"
HTTP_CLIENT_IP: "10.0.0.101"
HTTP_ORIGIN: "[removed]"
HTTP_VERSION: "HTTP/1.0"
HTTP_X_FORWARDED_FOR: "10.0.0.101"
ORIGINAL_SCRIPT_NAME: ""
REMOTE_ADDR: "127.0.0.1"
SERVER_NAME: "[removed]"
SERVER_PROTOCOL: "HTTP/1.0"
Response
Headers:
None