Unable to login after upgrade to 1.15

Technical Support

Suggested Topics


  • 0 Votes
    9 Posts
    229 Views

    Thank you all for the responses. This is a wonderful community - Makes me feel much better exploring this new thing.

    Wishing you all the best!

  • 0 Votes
    1 Posts
    239 Views

    I am running a nodebb 1.15.0 system on Ubuntu 20 on nginx. It's a newer install and we've had an occasional issue on both registration and login where folks will get a message denying their login or registration.

    2020-11-12T06:11:19.312Z [4567/17870] - error: /register
    invalid csrf token

    or

    2020-11-12T06:11:13.910Z [4567/17870] - error: /login
    invalid csrf token

    Frequently a refresh on the browser will let a user login or sometimes just waiting a few minutes.

    Here's my config.json

    {
    "url": "https://opposite-lock.com",
    "secret": "secret",
    "database": "mongo",
    "port": "4567",
    "mongo": {
    "host": "127.0.0.1",
    "port": "27017",
    "username": "nodebb",
    "password": "secret",
    "database": "nodebb",
    "uri": ""
    }

    }

    Nginx config

    server {

    server_name opposite-lock.com; client_max_body_size 100M; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/opposite-lock.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/opposite-lock.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    }
    server {
    if ($host = opposite-lock.com) {
    return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80; server_name opposite-lock.com; return 404; # managed by Certbot

    }

    Any help would be very much appreciated!

  • Redirect after login?

    Technical Support
    10
    0 Votes
    10 Posts
    629 Views

    Here's what I ended up doing. Feels reeealy hacky.

    in footer.tpl

    window.addEventListener('DOMContentLoaded', function () { $(window).on('action:ajaxify.contentLoaded', function(data) { // attach to all login/reg buttons except for the login and register buttons on the login page. $("a[href$='/login'], a[href$='/register']").not('#login').not('#login__no-acct').each(function(i, el){ $(el).off('click').on('click', function(){ window.setCookie('login:referrer', window.location.href, 10); }); }); }); }); </script>

    in profile.tpl

    <script> var referrer = window.getCookie('login:referrer'); if (referrer && window.getCookie('login:shouldRedirect')) { window.setCookie('login:shouldRedirect', '', 0) window.setCookie('login:referrer', '', 0) window.location.href = referrer; } </script>

    in registerComplete.tpl

    <script> window.setCookie('login:shouldRedirect', 'true', 10); </script>

    ...and attaching setCookie/getCookie on window in header.

    Probably could do this all with client-side hooks now that I understand them though.

  • 0 Votes
    2 Posts
    298 Views

    Ah ha! figured it out. But I still think there is a NodeBB issue. a redirect should never do this.

    On my forum, i never set config.json to https. it was http://obelisk.daerma.com I changed it to https://obelisk.daerma.com and it works.
    7ba8f1d2-abae-4f4b-a4c3-74743a8f9884-image.png

    I doubt it is my Nginx proxy because that is about as basic as it gets.
    69e1a1d1-1b30-45b5-9291-b8c606459e9f-image.png

    Even if I am in a thread and then click login, it happens.
    1529633c-d1f7-492d-a310-ead58e5ee841-image.png

  • 0 Votes
    18 Posts
    5k Views

    @pitaj yes, I tried ./nodebb build several times, but I always used ./nodebb dev to start.

    I tried it once more as you said. ./nodebb start aborted with the message to run ./nodebb upgrade. After the upgrade and another ./nodebb start I can post and answer again! 😄

    I don't know why an how, but it works again. hopefully not only for a short time. 😉

    Thanks for you help!