401 invalid token / handler.xsrf_token 与 cookie 不匹配
401 invalid token / handler.xsrf_token does not match with the cookie
我们卡在了 dbauth 模块中:
症状:
注册时,创建了用户但是:
- 服务器不发送邮件
- 收到的响应是
401 Invalid Token
诊断步骤:
- 从零开始
- 从头开始创建一个新的 Gramex 项目
- 填充了模板
register.html
<form method="POST" action="" autocomplete="on" class="regForm">
<div class="form-content">
<div class="">
<div class="col-md-12">
<input type="hidden" name="_xsrf" value="{{ handler.xsrf_token }}">
<div class="form-group">
<input type="text" name="fname" id="fname" class="form-control" size="100" placeholder="Your First Name *" value="" />
</div>
<div class="form-group">
<input type="text" name="lname" id="lname" class="form-control" size="100" placeholder="Your Last Name *" value="" />
</div>
<div class="form-group">
<input type="email" name="user" class="form-control" id="email" placeholder="Your Email ID *" value="" required />
</div>
<div class="form-row">
<div class="form-group col-md-12">
<select class="form-control" name="industry" id="industry">
<option selected>Retail</option>
<option>Energy and Resources</option>
<option>Financial Services</option>
<option>Transportation</option>
<option>Others</option>
</select>
</div> <!-- form-group end.// -->
</div>
</div>
</div>
<div class="col-md-12">
<button type="submit" class="btnSubmit">Submit</button>
</div>
</div>
</form>
- 做了一个只有一个端点的最小配置:
gramex.yaml
url:
dbauthtest-login:
pattern: /$YAMLURL/login/
handler: DBAuth
kwargs:
template: $YAMLPATH/login.html
url: $YAMLPATH/auth.csv
# url: sqlite:///$YAMLPATH/auth.db
user:
column: user
arg: user
password:
column: password
arg: password
# function: passlib.hash.sha256_crypt.encrypt(content, salt="wqertyuio")
redirect:
query: next
url: /$YAMLURL/
headers: &HEADERS
X-Content-Type-Options: no sniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
forgot:
arg: email
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Dell MIP Password Reset
email_text: "
Hi {name},\n
\n
You recently requested to reset your password for DELL MIP application.\
Click on the link below to reset your password.
\n
Link: {reset_url}\n
\n
If you did not request a password change, please ignore the mail or reply back to the \
same mail.\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy@gramener.com\n
-veera.balakrishnan@dell.com\n
\n
\n
Thank You\n
Team Dell MIP\n
"
template: $YAMLPATH/forgotpassword.html
signup:
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry
# password: password
# validate: galaxy.validate(args)
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Galaxy Sign Up successful
email_text: "
Hi {name},\n
\n
Welcome to the Galaxy online portal! Below are your login credentials.
\n
Application Url: https://dellmi-uat.gramener.com
\n
Login ID: {user}
\n
Please set the password with this link: {reset_url}\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy@gramener.com\n
-veera.balakrishnan@dell.com\n
Thank You\n
Team Dell MIP
"
pool_pre_ping: True
pool_recycle: 60
auth.csv 长得像
fname,lname,user,industry,password
- 已测试
调查结果:
- xsrf 令牌(从 handler.xsrf_token 获取并存储在隐藏字段中的表单中)与 cookie 中的 xsrf 令牌不匹配
问题:
- 有没有更简单的方法?
- 即使我们 运行 从文档中复制代码,也会出现此问题,所以我的猜测是,这与 xsrf 的生成有关,或者可能是会话创建。不确定,感谢任何意见。
- 我们是否还有另一个 运行ning 项目可供参考?
- 你有直接的解决方案吗?
创建用户后,xsrf token没有问题。问题似乎与发送邮件有关。确保已定义电子邮件服务 gramex-guide-email。
Invalid Token 当 AuthHandler 找不到注册密钥时发生错误。
在您的 gramex.yaml 中,将注册配置更新为
signup:
key: signup
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry
我们卡在了 dbauth 模块中:
症状: 注册时,创建了用户但是:
- 服务器不发送邮件
- 收到的响应是
401 Invalid Token
诊断步骤:
- 从零开始
- 从头开始创建一个新的 Gramex 项目
- 填充了模板
register.html
<form method="POST" action="" autocomplete="on" class="regForm">
<div class="form-content">
<div class="">
<div class="col-md-12">
<input type="hidden" name="_xsrf" value="{{ handler.xsrf_token }}">
<div class="form-group">
<input type="text" name="fname" id="fname" class="form-control" size="100" placeholder="Your First Name *" value="" />
</div>
<div class="form-group">
<input type="text" name="lname" id="lname" class="form-control" size="100" placeholder="Your Last Name *" value="" />
</div>
<div class="form-group">
<input type="email" name="user" class="form-control" id="email" placeholder="Your Email ID *" value="" required />
</div>
<div class="form-row">
<div class="form-group col-md-12">
<select class="form-control" name="industry" id="industry">
<option selected>Retail</option>
<option>Energy and Resources</option>
<option>Financial Services</option>
<option>Transportation</option>
<option>Others</option>
</select>
</div> <!-- form-group end.// -->
</div>
</div>
</div>
<div class="col-md-12">
<button type="submit" class="btnSubmit">Submit</button>
</div>
</div>
</form>
- 做了一个只有一个端点的最小配置:
gramex.yaml
url:
dbauthtest-login:
pattern: /$YAMLURL/login/
handler: DBAuth
kwargs:
template: $YAMLPATH/login.html
url: $YAMLPATH/auth.csv
# url: sqlite:///$YAMLPATH/auth.db
user:
column: user
arg: user
password:
column: password
arg: password
# function: passlib.hash.sha256_crypt.encrypt(content, salt="wqertyuio")
redirect:
query: next
url: /$YAMLURL/
headers: &HEADERS
X-Content-Type-Options: no sniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
forgot:
arg: email
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Dell MIP Password Reset
email_text: "
Hi {name},\n
\n
You recently requested to reset your password for DELL MIP application.\
Click on the link below to reset your password.
\n
Link: {reset_url}\n
\n
If you did not request a password change, please ignore the mail or reply back to the \
same mail.\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy@gramener.com\n
-veera.balakrishnan@dell.com\n
\n
\n
Thank You\n
Team Dell MIP\n
"
template: $YAMLPATH/forgotpassword.html
signup:
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry
# password: password
# validate: galaxy.validate(args)
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Galaxy Sign Up successful
email_text: "
Hi {name},\n
\n
Welcome to the Galaxy online portal! Below are your login credentials.
\n
Application Url: https://dellmi-uat.gramener.com
\n
Login ID: {user}
\n
Please set the password with this link: {reset_url}\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy@gramener.com\n
-veera.balakrishnan@dell.com\n
Thank You\n
Team Dell MIP
"
pool_pre_ping: True
pool_recycle: 60
auth.csv长得像
fname,lname,user,industry,password
- 已测试
调查结果:
- xsrf 令牌(从 handler.xsrf_token 获取并存储在隐藏字段中的表单中)与 cookie 中的 xsrf 令牌不匹配
问题:
- 有没有更简单的方法?
- 即使我们 运行 从文档中复制代码,也会出现此问题,所以我的猜测是,这与 xsrf 的生成有关,或者可能是会话创建。不确定,感谢任何意见。
- 我们是否还有另一个 运行ning 项目可供参考?
- 你有直接的解决方案吗?
创建用户后,xsrf token没有问题。问题似乎与发送邮件有关。确保已定义电子邮件服务 gramex-guide-email。
Invalid Token 当 AuthHandler 找不到注册密钥时发生错误。
在您的 gramex.yaml 中,将注册配置更新为
signup:
key: signup
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry