Actually I did both
First of all I want to apologize, I was partly on a really thin icey road here.
10 days ago, just before we released 3.1, we adressed an CSRF-Issue that was blocking our release
If you still have issues, just to be sure, you can do the following things
ensure this is not a caching issue (by proxy, browser)
run /op/zammad/contrib/packager.io/postinstall.sh to ensure all migrations have run
Hopefully this will help you.
There’s a bug hitting the profile section (e.g. when you try to link any third party account (I totally ignored that in my pasts posts, sorry!)), that currently makes it impossible to link third party accounts:
opened 10:45AM - 18 Jul 19 UTC
closed 12:39PM - 29 Jul 19 UTC
bug
personal settings/menu
authentication
verified
prioritised by payment
<!--
Hi there - thanks for filing an issue. Please ensure the following things … before creating an issue - thank you! 🤓
Since november 15th we handle all requests, except real bugs, at our community board.
Full explanation: https://community.zammad.org/t/major-change-regarding-github-issues-community-board/21
Please post:
- Feature requests
- Development questions
- Technical questions
on the board -> https://community.zammad.org !
If you think you hit a bug, please continue:
- Search existing issues and the CHANGELOG.md for your issue - there might be a solution already
- Make sure to use the latest version of Zammad if possible
- Add the `log/production.log` file from your system. Attention: Make sure no confidential data is in it!
- Please write the issue in english
- Don't remove the template - otherwise we will close the issue without further comments
- Ask questions about Zammad configuration and usage at our mailinglist. See: https://zammad.org/participate
Note: We always do our best. Unfortunately, sometimes there are too many requests and we can't handle everything at once. If you want to prioritize/escalate your issue, you can do so by means of a support contract (see https://zammad.com/pricing#selfhosted).
* The upper textblock will be removed automatically when you submit your issue *
-->
### Infos:
* Used Zammad version: 3.1.x
* Installation method (source, package, ..): any
* Operating system: any
* Database + version: any
* Elasticsearch version: any
* Browser + version: any
* Ticket-ID: #1049778
### Expected behavior:
When trying to link a third party authentication like Google or Office365, you'll be redirected to the authentication site of the third party and then back to Zammad. Your accounts are now linked.
### Actual behavior:
When trying to link a third party authentication like Google or Office365, you can't be redirected because of error 404 for `/auth/authentication_provider`
### Reason:
The reason is this commit:
https://github.com/zammad/zammad/commit/9503ff20cefcfc39cb451562d7ec4fd440198564
We changed some security things for onniauth to protect Zammads users.
While we changed the behaviour (CSRF-Token in Header) for the login page, we forgot to fix this within the profile section as well.
### Steps to reproduce the behavior:
* try to link any third party account via profile to your Zammad-Account
Yes I'm sure this is a bug and no feature request or a general question.
We’re working on fixing this bug at the minute I’m writing.
