Login User: CSRF token verification failed

Infos:

  • Used Zammad version: 5.1.x
  • Used Zammad installation type: (source???)
  • Operating system: Ubuntu Server 20.04 LTS
  • Browser + version: Chrome / Opera / Firefox. (newest version)

Expected behavior:

  • User can Login

Actual behavior:

  • User cant Login because of CSRF token error

Steps to reproduce the behavior:

  • Press Login

Hello,
im fairly new to linux and i´ve tryed to install zammad. I Know there are many Threads already with CSRF but most of them are docker or migration related.

i´ve installed a new server with ubuntu server 20.04 lts and used a Youtube Tutorial as help.
here are the steps i took to install it.


Install Zammad Helpdesk System on Ubuntu 20.04|18.04

2 CPU cores
4 GB of RAM (+4 GB if you want to run Elasticsearch on the same server)
For optimal performance up to 40 agents:

4 CPU cores
6 GB of RAM (+6 GB if you want to run Elasticsearch on the same server)

1: Update System
#apt update
#apt -y full-upgrade
#reboot

2: Install Package Dependencies
#apt install wget apt-transport-https gnupg2 libimlib2 libimlib2-dev
#apt install locales
#locale-gen en_US.UTF-8
#echo “LANG=en_US.UTF-8” | sudo tee /etc/default/locale

#sudo apt install mariadb-server
#service mysql start
#mysql_secure_installation

#nano /etc/mysql/mariadb.conf.d/50-server.cnf
######ADD THIS ######

character-set-server = utf8mb4
collation-server = utf8mb4_general_ci

#systemctl restart mariadb
#apt install apache2
#wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
#echo “deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main” | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
#apt update

3: Install Zammad on Ubuntu 20.04|18.04
#wget -qO- https://dl.packager.io/srv/zammad/zammad/key | sudo apt-key add -

FOR UBUNTU 20

#echo “deb https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 20.04 main” | sudo tee /etc/apt/sources.list.d/zammad.list

FOR UBUNTU 18

#echo “deb https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 main” | sudo tee /etc/apt/sources.list.d/zammad.list

#apt update
#apt install zammad
#/usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment

#systemctl enable elasticsearch
#systemctl start elasticsearch

#systemctl start zammad
#systemctl enable zammad

#zammad run rails r “Setting.set(‘es_url’, ‘http://localhost:9200’)”

#zammad run rake searchindex:rebuild

#a2dissite 000-default.conf

#/etc/apache2/sites-enabled/zammad.conf
####Insert # After this####
#RequestHeader unset X-Forwarded-User

#systemctl restart apache2

4: Access Zammad Web Interface
http://your_server_ip_or_hostname


Aftere i enabled LDAP and all the users are importet i´ve tryed to login with a user. now im getting the error CSRF token verification failed.
i cant even create a new customer. im getting the same error.

Can anyone help me with this issue? And remember im a linux noob :slight_smile:

Hello,

Can you show us the logs when you try to make a connection.
You can find the logs in the file /var/log/zammad/production.log

Hello. This is the End of the log

I, [2022-04-14T12:27:34.642740 #12851-4262640]  INFO -- : ended DataPrivacyTaskJob.perform_now took: 0.010173699 seconds.
I, [2022-04-14T12:27:37.958947 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:27:37.959545 #12851-182640]  INFO -- : ended Channel.fetch took: 0.006420181 seconds.
I, [2022-04-14T12:28:07.965283 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:28:07.966076 #12851-182640]  INFO -- : ended Channel.fetch took: 0.005064439 seconds.
I, [2022-04-14T12:28:37.975507 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:28:37.976188 #12851-182640]  INFO -- : ended Channel.fetch took: 0.008135362 seconds.
I, [2022-04-14T12:28:44.701732 #12851-7440]  INFO -- : Scheduler running...
I, [2022-04-14T12:28:44.705827 #12851-7440]  INFO -- : Running job thread for 'Process ticket escalations.' (Ticket.process_escalation) status is: sleep
I, [2022-04-14T12:28:44.714273 #12851-4262760]  INFO -- : execute Ticket.process_auto_unassign (try_count 0)...
I, [2022-04-14T12:28:44.716918 #12851-4262760]  INFO -- : ended Ticket.process_auto_unassign took: 0.009454901 seconds.
I, [2022-04-14T12:28:54.715188 #12851-7440]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2022-04-14T12:28:54.715352 #12851-7440]  INFO -- : Running job thread for 'Check 'Channel' streams.' (Channel.stream) status is: sleep
I, [2022-04-14T12:28:54.715427 #12851-7440]  INFO -- : Running job thread for 'Generate 'Session' data.' (Sessions.jobs) status is: sleep
I, [2022-04-14T12:28:54.715651 #12851-7440]  INFO -- : Running job thread for 'Execute planned jobs.' (Job.run) status is: sleep
I, [2022-04-14T12:29:07.983941 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:29:07.984691 #12851-182640]  INFO -- : ended Channel.fetch took: 0.006389054 seconds.
I, [2022-04-14T12:29:12.264525 #12828-180240]  INFO -- : Started GET "/api/v1/user_access_token?_=1649927843267" for 192.168.4.15 at 2022-04-14 12:29:12 +0000
I, [2022-04-14T12:29:12.271569 #12828-180240]  INFO -- : Processing by UserAccessTokenController#index as JSON
I, [2022-04-14T12:29:12.271626 #12828-180240]  INFO -- :   Parameters: {"_"=>"1649927843267"}
I, [2022-04-14T12:29:12.300352 #12828-180240]  INFO -- : Completed 200 OK in 29ms (Views: 3.0ms | ActiveRecord: 4.8ms | Allocations: 21593)
I, [2022-04-14T12:29:12.445732 #12851-180760]  INFO -- : 2022-04-14T12:29:12+0000: [Worker(host:ebg-zammad-01 pid:12851)] Job UserDeviceLogJob [cc9a1eaf-797b-4f7f-b4a2-2252eac9e982] from DelayedJob(default) with arguments: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100>
I, [2022-04-14T12:29:12.500502 #12851-180760]  INFO -- : 2022-04-14T12:29:12+0000: [Worker(host:ebg-zammad-01 pid:12851)] Job UserDeviceLogJob [cc9a1eaf-797b-4f7f-b4a2-2252eac9e982] from DelayedJob(default) with arguments: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100>
I, [2022-04-14T12:29:37.991132 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:29:37.991756 #12851-182640]  INFO -- : ended Channel.fetch took: 0.00535097 seconds.
I, [2022-04-14T12:29:40.983513 #12851-182260]  INFO -- : execute Ticket.process_escalation (try_count 0)...
I, [2022-04-14T12:29:40.985521 #12851-182260]  INFO -- : ended Ticket.process_escalation took: 0.020525021 seconds.
I, [2022-04-14T12:29:54.776830 #12851-7440]  INFO -- : Scheduler running...
I, [2022-04-14T12:29:54.779247 #12851-7440]  INFO -- : Running job thread for 'Process ticket escalations.' (Ticket.process_escalation) status is: sleep
I, [2022-04-14T12:29:54.779320 #12851-7440]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2022-04-14T12:29:54.779407 #12851-7440]  INFO -- : Running job thread for 'Check 'Channel' streams.' (Channel.stream) status is: sleep
I, [2022-04-14T12:29:54.779432 #12851-7440]  INFO -- : Running job thread for 'Generate 'Session' data.' (Sessions.jobs) status is: sleep
I, [2022-04-14T12:29:54.779479 #12851-7440]  INFO -- : Running job thread for 'Execute planned jobs.' (Job.run) status is: sleep
I, [2022-04-14T12:30:07.999695 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:30:08.000295 #12851-182640]  INFO -- : ended Channel.fetch took: 0.006934456 seconds.
I, [2022-04-14T12:30:12.261569 #12828-182700]  INFO -- : Started GET "/api/v1/user_access_token?_=1649927843268" for 192.168.4.15 at 2022-04-14 12:30:12 +0000
I, [2022-04-14T12:30:12.268046 #12828-182700]  INFO -- : Processing by UserAccessTokenController#index as JSON
I, [2022-04-14T12:30:12.268084 #12828-182700]  INFO -- :   Parameters: {"_"=>"1649927843268"}
I, [2022-04-14T12:30:12.298190 #12828-182700]  INFO -- : Completed 200 OK in 30ms (Views: 2.4ms | ActiveRecord: 11.3ms | Allocations: 21593)
I, [2022-04-14T12:30:12.541500 #12851-180760]  INFO -- : 2022-04-14T12:30:12+0000: [Worker(host:ebg-zammad-01 pid:12851)] Job UserDeviceLogJob [cc441a8d-4479-49c3-b595-a211fda56fa4] from DelayedJob(default) with arguments: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100>
I, [2022-04-14T12:30:12.581514 #12851-180760]  INFO -- : 2022-04-14T12:30:12+0000: [Worker(host:ebg-zammad-01 pid:12851)] Job UserDeviceLogJob [cc441a8d-4479-49c3-b595-a211fda56fa4] from DelayedJob(default) with arguments: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100>
I, [2022-04-14T12:30:15.611610 #12828-191100]  INFO -- : Started POST "/api/v1/signin" for 192.168.4.15 at 2022-04-14 12:30:15 +0000
I, [2022-04-14T12:30:15.614498 #12828-191100]  INFO -- : Processing by SessionsController#create as JSON
I, [2022-04-14T12:30:15.614566 #12828-191100]  INFO -- :   Parameters: {"username"=>"sbernd", "password"=>"[FILTERED]", "fingerprint"=>"-287218031"}
I, [2022-04-14T12:30:15.629890 #12828-191100]  INFO -- : CSRF token verification failed
I, [2022-04-14T12:30:15.630021 #12828-191100]  INFO -- : CSRF token verification failed! (Exceptions::NotAuthorized)
app/controllers/application_controller/prevents_csrf.rb:36:in `verify_csrf_token'
app/controllers/application_controller/has_download.rb:21:in `block (4 levels) in <module:HasDownload>'
app/controllers/application_controller/has_download.rb:20:in `block (3 levels) in <module:HasDownload>'
app/controllers/application_controller/has_download.rb:19:in `block (2 levels) in <module:HasDownload>'
app/controllers/application_controller/handles_transitions.rb:16:in `handle_transaction'
I, [2022-04-14T12:30:15.630898 #12828-191100]  INFO -- : Completed 401 Unauthorized in 16ms (Views: 0.1ms | ActiveRecord: 10.3ms | Allocations: 3394)
I, [2022-04-14T12:30:38.009068 #12851-182640]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-04-14T12:30:38.010111 #12851-182640]  INFO -- : ended Channel.fetch took: 0.008334358 seconds.
I, [2022-04-14T12:30:40.899104 #12851-183140]  INFO -- : execute Job.run (try_count 0)...
I, [2022-04-14T12:30:40.899814 #12851-183140]  INFO -- : ended Job.run took: 0.005437525 seconds.
I, [2022-04-14T12:30:54.830557 #12851-7440]  INFO -- : Scheduler running...
I, [2022-04-14T12:30:54.833055 #12851-7440]  INFO -- : Running job thread for 'Process ticket escalations.' (Ticket.process_escalation) status is: sleep
I, [2022-04-14T12:30:54.833129 #12851-7440]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2022-04-14T12:30:54.833154 #12851-7440]  INFO -- : Running job thread for 'Check 'Channel' streams.' (Channel.stream) status is: sleep
I, [2022-04-14T12:30:54.833176 #12851-7440]  INFO -- : Running job thread for 'Generate 'Session' data.' (Sessions.jobs) status is: sleep
I, [2022-04-14T12:30:54.833218 #12851-7440]  INFO -- : Running job thread for 'Execute planned jobs.' (Job.run) status is: sleep


I already had this token problem, but I don’t remember.
are you sure that your LDAP integration worked well? because when I do an ldap authentication, in my logs I get this :

Yes, because all users are beeing shown as users in zammad.

even creating a new user and trying to log in does not work.

so no onen has an idea? :-/

Maybe a stupid question, but as you’re switching users, do you do that in the same browser session?
Have you tried a different browser and/or a private browser window?

As an admin, does ‘view form user perspective’ (in settings → users management) work?

i´ve used 3 browsers to test.

and now i´ve got logged out and i cant log in with the administrator :frowning:
is there a way to reset this on the server or something?

Strange.

Anway, if you don’t need anything from your current installation, here’s how to reset Zammad:

systemctl stop zammad

zammad run rake db:drop
zammad run rake db:create

-> ONLY IF you get a permission denied:
su - postgres
psql -c "CREATE DATABASE zammad OWNER zammad;"
exit

zammad run rake db:migrate
zammad run rake db:seed

systemctl start zammad

Thanks. i have reset zammad and done it exactly the same and now LDAP works :slight_smile:

@TomGem I have edited your code block.
We’re not telling administrators entirely how to reset the instance intentionally.
This is to protect copy cats and people not understanding the risk of doing so.

Please always keep in mind that not everyone might have your technical level of understanding.