Search code examples
gramex

401 invalid token / handler.xsrf_token does not match with the cookie

we are stuck in the dbauth module:

Symptoms: While signup, the user is created BUT:

  • The server does not send mail
  • Response received is 401 Invalid Token

Diagnosis Steps:

  • Started with scratch
  • Made a new Gramex project from scratch
  • Populated the template register.html

<form method="POST" action="" autocomplete="on" class="regForm">
  <div class="form-content">
    <div class="">
      <div class="col-md-12">
        <input type="hidden" name="_xsrf" value="{{ handler.xsrf_token }}">
        <div class="form-group">
          <input type="text" name="fname" id="fname" class="form-control" size="100" placeholder="Your First Name *" value="" />
        </div>
        <div class="form-group">
          <input type="text" name="lname" id="lname" class="form-control" size="100" placeholder="Your Last Name *" value="" />
        </div>
        <div class="form-group">
          <input type="email" name="user" class="form-control" id="email" placeholder="Your Email ID *" value="" required />
        </div>
        <div class="form-row">
          <div class="form-group col-md-12">
            <select class="form-control" name="industry" id="industry">
              <option selected>Retail</option>
              <option>Energy and Resources</option>
              <option>Financial Services</option>
              <option>Transportation</option>
              <option>Others</option>
            </select>
          </div> <!-- form-group end.// -->
        </div>
      </div>
    </div>
    <div class="col-md-12">
      <button type="submit" class="btnSubmit">Submit</button>
    </div>
  </div>
</form>

  • Made a minimal configuration with only one end point : gramex.yaml
url:
  dbauthtest-login:
    pattern: /$YAMLURL/login/
    handler: DBAuth
    kwargs:
      template: $YAMLPATH/login.html
      url: $YAMLPATH/auth.csv
      # url: sqlite:///$YAMLPATH/auth.db
      user:
        column: user
        arg: user
      password:
        column: password
        arg: password
        # function: passlib.hash.sha256_crypt.encrypt(content, salt="wqertyuio")
      redirect:
        query: next
        url: /$YAMLURL/
      headers: &HEADERS
        X-Content-Type-Options: no sniff
        X-Frame-Options: DENY
        X-XSS-Protection: 1; mode=block
        Cache-Control: no-cache, no-store
      forgot:
        arg: email
        minutes_to_expiry: 1440
        email_from: gramex-guide-gmail # Name of the email service to use for sending emails
        email_column: user
        email_subject: Dell MIP Password Reset
        email_text: "
          Hi {name},\n
          \n
          You recently requested to reset your password for DELL MIP application.\
          Click on the link below to reset your password.
          \n
          Link: {reset_url}\n
          \n
          If you did not request a password change, please ignore the mail or reply back to the \
          same mail.\n
          Note: This above link will work only once and will expire in a day.
          \n
          \n
          For any other issues contact\n
          [email protected]\n
          [email protected]\n
          \n
          \n
          Thank You\n
          Team Dell MIP\n
          "
        template: $YAMLPATH/forgotpassword.html
      signup:
        template: $YAMLPATH/register.html
        columns:
          user: user
          fname: fname
          lname: lname
          industry: industry
        #   password: password
        # validate: galaxy.validate(args)
        minutes_to_expiry: 1440
        email_from: gramex-guide-gmail # Name of the email service to use for sending emails
        email_column: user
        email_subject: Galaxy Sign Up successful
        email_text: "
          Hi {name},\n
          \n
          Welcome to the Galaxy online portal! Below are your login credentials.
          \n
          Application Url: https://dellmi-uat.gramener.com
          \n
          Login ID: {user}
          \n
          Please set the password with this link: {reset_url}\n
          Note: This above link will work only once and will expire in a day.
          \n
          \n
          For any other issues contact\n
          [email protected]\n
          [email protected]\n
          Thank You\n
          Team Dell MIP
          "
    pool_pre_ping: True
    pool_recycle: 60
  • auth.csv looks like
fname,lname,user,industry,password
  • Tested

Findings:

  • xsrf token (That is fetched from handler.xsrf_token and stored in the form in a hidden field) does not match the xsrf token in the cookie

Questions:

  • Is there a simpler way?
  • This issue is created even when we run the code copied from the documentation, So my guess is, this has something to do with generation of xsrf or may be session creation. Not sure, appreciate any inputs.
  • Do we have another project that is running and available to refer?
  • Do you have a direct solution to this?
Solution

  • Since user is created, there is no problem with xsrf token. Issue seems to be with sending mail. Make sure email service gramex-guide-email is defined.

    Invalid Token error occurs when AuthHandler cannot find signup key. In your gramex.yaml, update signup configuration to

    signup:
  key: signup
  template: $YAMLPATH/register.html
  columns:
    user: user
    fname: fname
    lname: lname
    industry: industry