Django installation Forest Admin

Feature(s) impacted

Django Forest Admin first setup.

Observed behavior

After having followed the installation process of Forest Admin on Django (pip install, settings.py, urls.py, wsgi.py), I find myself with a successful authentication according to the firefox inspector but a failure directly after giving a 403 and thus blocks the continuation of the installation.

Expected behavior

Finish installing Forest Admin on Django and get no more browser errors.Finish installing Forest Admin on Django and get no more browser errors.

Failure Logs

Coté browser:


Coté Logs Django:

Context

  • Project name: Goodvest-CRM-Django
  • Team name: Goodvest Admin
  • Environment name: Django 3.2 + Python 3.8.10
  • Agent type & version: django-forestadmin==1.3.0

Hi @Antoine12,

I checked the data about your project, all seems good in our side.

Could you install the last version of the agent (1.3.1), and try again. There will be some additional content in the 403 response. Could you copy/past here ?

On an other side do you use some custom/external middleware that could intercept the request and return a 403 response?

Thanks

Hi Valentin and thank you for answering me.

I just upgraded to 1.3.1 and now it shows a 500 as follows:

With this error in my logs:

Also this error in python manage.py runserver cli:

InsecureRequestWarning: Unverified HTTPS request is being made to host 'api.forestadmin.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(

@Antoine12 perfect, I can investigate about the bug now.
The next answer should be the fix answer :wink:

@Antoine12
Could you show me the request headers?

Sure,


Thank you !

Hi @Antoine12,

So you don’t have an “Authorization” header in your requests ?
Can you say me if you have one cookie named forest_session_token ?

Thanks

I just hide it.
There is it. I also add a new response that I have and that could help.



Here is my cookie list:

I don’t see forest_session_token cookie inside

The cookie sent are not generated by our code.
Do you use a custom authentication middleware in your own code ?

Could you send me the authentication request and the authentication response body please ?



Hello @Antoine12,

The authentication normally goes in 3 steps:

  1. A first call to /forest/authentication on your agent
  2. Then a call to https://api.forestadmin.com/oidc/auth
  3. And finally a call to /forest/authentication/callback on your agent

Could you please paste the body of the response to the url /forest/authentication/callback?

It calls thay way:

  1. A first call to /forest/authentication on your agent
  2. Then a call to https://api.forestadmin.com/oidc/auth
  3. And finally a call to /forest/authentication/callback

But twice

Indeed. That is not normal. Can you also share the content of the first response to /forest/authentication/callback please?

Thanks for the answers. We did not experience this behavior in the past, so I suppose that it should be related to a specificity of your project.

We’ll try to reproduce on our end. On your side, do you think you could be able to create a project with an empty DB showing the same issue? Maybe if you could it would speed up a lot the reproduction and fix of this issue.

It is possible to send us private messages if you don’t want to share sensitive data in the forum.

Also, can you share with me in private message the content of the generated token and the time you got the response, please? I’d like to check its validity.

I finally found the solution.

I changed my settings time from Europe/Paris to UTC

Now it works perfectly.

Thanks

2 Likes

@Antoine12

Nice,
Is it your only change ?
I don’t reproduce the bug by using another timezone than UTC.

Hi @Antoine12,

I fix this issue. You can download the version 1.3.2 of the package if you need to use another timezone than UTC