EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #07884


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] indexer and csrf problem


Hi David,

the "Storage Manager" is now showing up with your quick fix.
Regarding the indexer, maybe there was an Edit Lock and I was too impatient :)
I see some messages about this issue in the indexer logfile.
Thanks for your support.

Regards
Werner


On 6/11/19 4:12 PM, Newman D.R. wrote:
Hi Werner,

Regarding the CSRF issue, you need to edit line 14 of:

EPRINTS_PATH/lib/static/javascript/screen_admin_storagemanager.js

and change it from:

method: "post",

to

method: "get",

I am not sure why this need to be a post rather than a get as it seems
to work fine as a get.

I will make sure that this patch is added to GitHub so that it becomes
part of the next EPrints 3.4 release.

Regards

David Newman




On Tue, 2019-06-11 at 14:42 +0100, David R Newman wrote:
Hi Werner,

Regarding the indexer issue, the most likely reason is there is an
edit
lock on the EPrint record.  This will happen if someone is editing
the
record.  This could just be someone loading the edit page and then
never hitting either the "Cancel" or "Save and Return".  If this is
the
case the task in the indexer will have a status of "Waiting".  If it
has some other status then their may be another issue.  Usually I
will
try setting the tasks status back to waiting (you need not change the
scheduled time for the task) and see if it succeeds next time it
tries
to run.

Edit locks should only last a short-ish time and the indexer task
will
usually get rescheduled for ten minutes later and run without issue
if
no one has tried to start editing this record again.  You can go the
Actions tab of the EPrint record and click on a button to remove the
edit lock if it somehow gets stuck.

Regarding the CSRF issue, this is something that has only recently
been
added.  It is intended to protect against Cross Site Request Forgery;
basically another site trying to submit some malicious request whilst
you are logged into EPrints.  It looks like in the case of the
Storage
Manager this does not work as expected.  I.e. it thinks something
malicious is going on, when it is not.  I will take a look on my own
3.4.1 instance and get back to you.

Regards

David Newman



On Tue, 2019-06-11 at 15:23 +0200, Werner Hack via Eprints-tech
wrote:
Hi all,

I am new to eprints. I recently installed eprints 3.4.1.
But I encountered some issues while testing the software.
I hope you can help me.

o If I want to deposit an article and put the item into the live
repository,
    the indexer starts some jobs but they keep pending forever.
    Restarting the indexer has no effect.
    If I do a reindex with the epadmin command, everthing is ok and
the pending
    jobs are resolved. Any idea what happens here? What can I do?

o If I enter the "Storage Manager" as Admin in the Config Tools,
    I get the following error message:

    Cross-Site Request Forgery (CSRF) was detected whilst processing
    your last request and therefore its action was not authorised.

    Have I missed some configuration?
    Any hints are appreciated

Thanks in advance
Werner

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprint
s-
tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature