Bug 1435758

Given the report and the change that fixed it it seems that 

1) there's some action that does not send the CSRF token

2) the server invalidates the session then it received the token

3) subsequent requests fail due to session being invalidated (not expired)


The patch above is a workable workaround.

diff application_controller.rb application_controller.rb.org 
+     protect_from_forgery :secret => SecureRandom.hex(64), :except => :csp_report, :with => :null_session
---
-     protect_from_forgery :secret => SecureRandom.hex(64), :except => :csp_report, :with => :exception

It does not disable the protection, it just raises an exception for (1) instead of invalidating the session so that (3) will pass.

If this fixes the customer's issue, it can be used. 

We should be able to recreate that in a lab environment and figure out why (1) does not sent the correct token.

Gellert, can you, please, try to recreate the issue with the data Saif provided?

We need to figure out what is the action that comes before the "Can't verify CSRF token authenticity" error.

Please, ping me if/when you have an aplliance with the problem recreated.

Anyway as I wrote the patch provided above is a valid workaround until we fix the problem.

Hey Saif, Josh asked me to set a needsinfo on you for this BZ to see if the memcache increase was able to provide any sort of relief on this issue?

https://github.com/ManageIQ/manageiq-ui-classic/pull/1042

New commit detected on ManageIQ/manageiq-ui-classic/master:
https://github.com/ManageIQ/manageiq-ui-classic/commit/8b63f22a6a7d83dfa9864d55cf8a787e87e86279

commit 8b63f22a6a7d83dfa9864d55cf8a787e87e86279
Author:     Erik Clarizio <eclarizio>
AuthorDate: Thu Apr 13 12:43:44 2017 -0700
Commit:     Erik Clarizio <eclarizio>
CommitDate: Thu Apr 13 12:43:44 2017 -0700

    Remove unnecessary logic already being handled by #values
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1435758

 app/views/miq_ae_customization/_dialog_sample.html.haml | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

*** Bug 1445009 has been marked as a duplicate of this bug. ***

I was able to import the dialog attached in 5.9.0.4.20171024163837_ef71ea6  but not able to edit it .

Production logs shows :
===========================
[----] I, [2017-10-31T15:41:39.421365 #13261:1ad9638]  INFO -- :   Parameters: {"id"=>"root_72-0_73-1_84-2"}
[----] W, [2017-10-31T15:41:39.427831 #13261:1ad9638]  WARN -- : Can't verify CSRF token authenticity.
[----] F, [2017-10-31T15:41:39.428676 #13261:1ad9638] FATAL -- : Error caught: [ActionController::InvalidAuthenticityToken] ActionController::InvalidAuthenticityToken
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/request_forgery_protection.rb:223:in `handle_unverified_request'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/request_forgery_protection.rb:218:in `verify_authenticity_token'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:382:in `block in make_lambda'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:150:in `block (2 levels) in halting_and_conditional'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/abstract_controller/callbacks.rb:12:in `block (2 levels) in <module:Callbacks>'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:151:in `block in halting_and_conditional'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:454:in `block in call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:454:in `each'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:454:in `call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:101:in `__run_callbacks__'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:750:in `_run_process_action_callbacks'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:90:in `run_callbacks'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/abstract_controller/callbacks.rb:19:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/rescue.rb:20:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/notifications.rb:164:in `block in instrument'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/notifications.rb:164:in `instrument'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal/params_wrapper.rb:248:in `process_action'
/opt/rh/cfme-gemset/gems/activerecord-5.0.6/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/abstract_controller/base.rb:126:in `process'
/opt/rh/cfme-gemset/gems/actionview-5.0.6/lib/action_view/rendering.rb:30:in `process'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal.rb:190:in `dispatch'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_controller/metal.rb:262:in `dispatch'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/routing/route_set.rb:32:in `serve'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/journey/router.rb:39:in `block in serve'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/journey/router.rb:26:in `each'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/journey/router.rb:26:in `serve'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/routing/route_set.rb:727:in `call'
/opt/rh/cfme-gemset/gems/secure_headers-3.0.3/lib/secure_headers/middleware.rb:10:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/etag.rb:25:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/conditional_get.rb:38:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/head.rb:12:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:232:in `context'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:226:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/cookies.rb:613:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:97:in `__run_callbacks__'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/callbacks.rb:90:in `run_callbacks'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/callbacks.rb:36:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
/opt/rh/cfme-gemset/gems/railties-5.0.6/lib/rails/rack/logger.rb:36:in `call_app'
/opt/rh/cfme-gemset/gems/railties-5.0.6/lib/rails/rack/logger.rb:26:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/request_id.rb:24:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/method_override.rb:22:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/runtime.rb:22:in `call'
/opt/rh/cfme-gemset/gems/activesupport-5.0.6/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
/opt/rh/cfme-gemset/gems/actionpack-5.0.6/lib/action_dispatch/middleware/executor.rb:12:in `call'
/opt/rh/cfme-gemset/gems/rack-2.0.3/lib/rack/sendfile.rb:111:in `call'
/opt/rh/cfme-gemset/gems/railties-5.0.6/lib/rails/engine.rb:522:in `call'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.7.1/lib/puma/configuration.rb:232:in `call'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.7.1/lib/puma/server.rb:578:in `handle_request'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.7.1/lib/puma/server.rb:415:in `process_client'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.7.1/lib/puma/server.rb:275:in `block in run'
/opt/rh/rh-ruby23/root/usr/share/gems/gems/puma-3.7.1/lib/puma/thread_pool.rb:120:in `block in spawn_thread'
[----] I, [2017-10-31T15:41:39.431954 #13261:1ad9638]  INFO -- :   Rendered /opt/rh/cfme-gemset/bundler/gems/manageiq-ui-classic-7ae468a4c694/app/views/layouts/_exception_contents.html.haml (0.6ms)

Shveta, is that with the memcache increase as well? Unfortunately, as stated in the above PR, you need to combine that fix with the memcache increase in order to edit this dialog. The new dialog editor will also handle this dialog, but the old one needs the memcache increase as well otherwise the session will be invalidated.

Verifying based on above comment .
Was able to Import the dialog.