topazoo / flongo-stack Goto Github PK
View Code? Open in Web Editor NEWFlongo Client + Flongo Framework | iOS/macOS/Web Frontend + Flask/MongoDB Backend
License: BSD 3-Clause "New" or "Revised" License
flongo-stack's People
Contributors
Watchers
flongo-stack's Issues
Invalid CSRF on De-Authentication
When CSRF validation is enabled on the server side, there is an issue logging users out from the client (Chrome at least) using the navbar. When a request is submitted the following error is displayed:
[2024-01-07 23:09:14]:INFO:routing:[/authenticate]:[DELETE]:* Recieved HTTP DELETE request *
[2024-01-07 23:09:14]:ERROR:routing:[/authenticate]:[DELETE]:* Error: CSRF double submit tokens do not match
[2024-01-07 23:09:14]:DEBUG:routing:[/authenticate]:[DELETE]:Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/flongo_framework/api/routing/handlers/route_handler.py", line 98, in handler
wrapped_request.set_identity(Authentication_Util.validate_identity_cookie_role(required_roles))
File "/usr/local/lib/python3.10/site-packages/flongo_framework/api/routing/utils/authentication_util.py", line 25, in validate_identity_cookie_role
if not (current_identity:=cls.get_current_identity()):
File "/usr/local/lib/python3.10/site-packages/flongo_framework/api/routing/utils/authentication_util.py", line 62, in get_current_identity
verify_jwt_in_request(optional=True)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 94, in verify_jwt_in_request
jwt_data, jwt_header, jwt_location = _decode_jwt_from_request(
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/view_decorators.py", line 340, in _decode_jwt_from_request
decoded_token = decode_token(encoded_token, csrf_token)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/utils.py", line 128, in decode_token
return jwt_manager._decode_jwt_from_config(encoded_token, csrf_value, allow_expired)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/jwt_manager.py", line 556, in _decode_jwt_from_config
return _decode_jwt(**kwargs, allow_expired=allow_expired)
File "/usr/local/lib/python3.10/site-packages/flask_jwt_extended/tokens.py", line 122, in _decode_jwt
raise CSRFError("CSRF double submit tokens do not match")
flask_jwt_extended.exceptions.CSRFError: CSRF double submit tokens do not match
A followup logout request via the navbar seems to fire just fine so it is unclear exactly what is being submitted on the client side to warrant this. But with some tracing it should be possible to determine what if any CSRF token is being sent and why it doesn't line up
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.