Upgrading to 6.0... CSRF token error. [solved]

kevin

@a_5mith
yep, while trying to install 6.0 it broke the whole website. lol. How do I downgrade?

julian

Depends how it broke. If you've upgraded the database, there is no going back unless you backed up your database before upgrading.

What errors do you see? Most likely a plugin you installed needs upgrading.

a_5mith

@kevin as Julian said (and me in my first post actually), you don't. That's why its considered unstable/development. Look through your logs, for where it failed and post here. It will say something like can not find x of undefined or something, then the line below will be the location, if the location is a plugin you've installed, run npm install plugin-name@latest

Do this for each error.

kevin

I cant log in, I just get "Failed login attempt, please try again. Forbidden"

24/11 21:47 [3644] - error: /login
 Error: invalid csrf token
at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
at /root/nodebb/node_modules/express/lib/router/index.js:235:24
at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
at /root/nodebb/node_modules/express/lib/router/index.js:229:12

and also can't register either.

24/11 22:39 [1094] - error: /register
Error: invalid csrf token
at module.exports (/root/nodebb/node_modules/csurf/node_modules/http-errors/index.js:32:16)
at verifytoken (/root/nodebb/node_modules/csurf/index.js:237:11)
at csrf (/root/nodebb/node_modules/csurf/index.js:100:7)
at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
at next (/root/nodebb/node_modules/express/lib/router/route.js:100:13)
at Route.dispatch (/root/nodebb/node_modules/express/lib/router/route.js:81:3)
at Layer.handle [as handle_request] (/root/nodebb/node_modules/express/lib/router/layer.js:82:5)
at /root/nodebb/node_modules/express/lib/router/index.js:235:24
at Function.proto.process_params (/root/nodebb/node_modules/express/lib/router/index.js:313:12)
at /root/nodebb/node_modules/express/lib/router/index.js:229:12

kevin

Fixed. Had to remove all the <input CSRF> references in login.tpl, register.tpl and the header.tpl.

julian

@kevin It sounds like your vanilla and lavender theme packages were not updated along with core.

Shard

Oho! That might be the issue with my plugin as Im running a sloppily forked theme.

Shard

Sadly, i don't seem to be able to verify this. But it was a good excuse to prune presently duplicate files from my theme.

It appears that something has broken my plugin as well as the imgur plugin I based it on.

I suspect this error is relevant

warn: [hotswap] Could not find router in stack with hotswapId auth

or this one:

warn: [hotswap] Could not find router in stack with hotswapId plugins

I'm still digging through the plugin changes.

Running HEAD as of about half an hour ago.

Shard

https://community.nodebb.org/topic/2750/new-relic-nodejs-agent-is-not-compatible-with-nodebb-forum/3

Doh.

Shard

And yes, cleaning out the stale, stray files from when I originally cloned off of vanilla fixed the csrf issues I was having.