we are stuck in the dbauth module:
Symptoms: While signup, the user is created BUT:
- The server does not send mail
- Response received is
401 Invalid Token
Diagnosis Steps:
- Started with scratch
- Made a new Gramex project from scratch
- Populated the template
register.html
<form method="POST" action="" autocomplete="on" class="regForm">
<div class="form-content">
<div class="">
<div class="col-md-12">
<input type="hidden" name="_xsrf" value="{{ handler.xsrf_token }}">
<div class="form-group">
<input type="text" name="fname" id="fname" class="form-control" size="100" placeholder="Your First Name *" value="" />
</div>
<div class="form-group">
<input type="text" name="lname" id="lname" class="form-control" size="100" placeholder="Your Last Name *" value="" />
</div>
<div class="form-group">
<input type="email" name="user" class="form-control" id="email" placeholder="Your Email ID *" value="" required />
</div>
<div class="form-row">
<div class="form-group col-md-12">
<select class="form-control" name="industry" id="industry">
<option selected>Retail</option>
<option>Energy and Resources</option>
<option>Financial Services</option>
<option>Transportation</option>
<option>Others</option>
</select>
</div> <!-- form-group end.// -->
</div>
</div>
</div>
<div class="col-md-12">
<button type="submit" class="btnSubmit">Submit</button>
</div>
</div>
</form>- Made a minimal configuration with only one end point :
gramex.yaml
url:
dbauthtest-login:
pattern: /$YAMLURL/login/
handler: DBAuth
kwargs:
template: $YAMLPATH/login.html
url: $YAMLPATH/auth.csv
# url: sqlite:///$YAMLPATH/auth.db
user:
column: user
arg: user
password:
column: password
arg: password
# function: passlib.hash.sha256_crypt.encrypt(content, salt="wqertyuio")
redirect:
query: next
url: /$YAMLURL/
headers: &HEADERS
X-Content-Type-Options: no sniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store
forgot:
arg: email
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Dell MIP Password Reset
email_text: "
Hi {name},\n
\n
You recently requested to reset your password for DELL MIP application.\
Click on the link below to reset your password.
\n
Link: {reset_url}\n
\n
If you did not request a password change, please ignore the mail or reply back to the \
same mail.\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy@gramener.com\n
-veera.balakrishnan@dell.com\n
\n
\n
Thank You\n
Team Dell MIP\n
"
template: $YAMLPATH/forgotpassword.html
signup:
template: $YAMLPATH/register.html
columns:
user: user
fname: fname
lname: lname
industry: industry
# password: password
# validate: galaxy.validate(args)
minutes_to_expiry: 1440
email_from: gramex-guide-gmail # Name of the email service to use for sending emails
email_column: user
email_subject: Galaxy Sign Up successful
email_text: "
Hi {name},\n
\n
Welcome to the Galaxy online portal! Below are your login credentials.
\n
Application Url: https://dellmi-uat.gramener.com
\n
Login ID: {user}
\n
Please set the password with this link: {reset_url}\n
Note: This above link will work only once and will expire in a day.
\n
\n
For any other issues contact\n
-bhasker.reddy@gramener.com\n
-veera.balakrishnan@dell.com\n
Thank You\n
Team Dell MIP
"
pool_pre_ping: True
pool_recycle: 60
auth.csvlooks like
fname,lname,user,industry,password
- Tested
Findings:
- xsrf token (That is fetched from handler.xsrf_token and stored in the form in a hidden field) does not match the xsrf token in the cookie
Questions:
- Is there a simpler way?
- This issue is created even when we run the code copied from the documentation, So my guess is, this has something to do with generation of xsrf or may be session creation. Not sure, appreciate any inputs.
- Do we have another project that is running and available to refer?
- Do you have a direct solution to this?
