Unable to authenticate you - 500 or 400 error

Expected behavior

Able to open forest in production.

Actual behavior

1st ERROR (without client id)

2nd error (with client id)

What is the current behavior?
Hello everyone!

I am using Rails 5.1, ruby 2.7.4 .

  • I tried restarting server.
  • Cleared cache.
  • udpated CORS cofigs in application.rb , no it looks like this:
 config.load_defaults 5.1

    null_regex = Regexp.new(/\Anull\z/)
    config.middleware.insert_before 0, Rack::Cors do
      allow do
        hostnames = [null_regex, 'localhost:3000', 'app.forestadmin.com', 'localhost:3001']
        hostnames += ENV['CORS_ORIGINS'].split(',') if ENV['CORS_ORIGINS']
        origins hostnames
        resource '*',
          headers: :any,
          methods: :any,
          expose: ['Content-Disposition'],
          credentials: true
      end
    end```

* Added forest URL to secrets.yml and initializer
forest_liana.rb: 

ForestLiana.env_secret = Rails.application.secrets.forest_env_secret
ForestLiana.auth_secret = Rails.application.secrets.forest_auth_secret
ForestLiana.application_url = Rails.application.secrets.forest_application_url

in secrets.yml

forest_application_url: <%= ENV[“APPLICATION_URL”] %>


* Added Http initializer

require ‘httpclient’

class HTTPClient
alias original_initialize initialize

def initialize(*args, &block)
original_initialize(*args, &block)
# Force use of the default system CA certs (instead of the 6 year old bundled ones)
@session_manager&.ssl_config&.set_default_paths
end
end


Until now I had 500 error when inspecting the code.

* So i decided to add client_id . I added it to secters.yml and to forest_liana.rb .

ForestLiana.env_secret = Rails.application.secrets.forest_env_secret
ForestLiana.auth_secret = Rails.application.secrets.forest_auth_secret
ForestLiana.application_url = Rails.application.secrets.forest_application_url
ForestLiana.forest_client_id = Rails.application.secrets.forest_client_id

So now I have GET https://www.gravatar.com/avatar/e30ed105537f357ef10afcf0cab74e78?s=80&d=404 404

&&

chunk.7.3063f605868b6fe645c9.js:353 GET https://api.forestadmin.com/oidc/auth?client_id=eyJra****** 400 (Bad Request)


Please let me know what else can be done?

Please include any relevant log snippets, if necessary.

## Context

Please provide any relevant information about your setup.
Rails 5.1 , ruby 2.7.4
* Package Version: gem is updated to 7.2.2 
* Express Version:
* Sequelize Version:
* Database Dialect: postgres
* Database Version: 
* Project Name: Spare Leash

Hello @kittinson,

I have few question in order to help you:

  • Did your production environment worked before?
  • When this error first came?
  • Did do you do something that could broke your production environment?
  • Can you share the response error you got in your /forest/authentication call

If you were not using a clientId before then you do not need to use it.

Also maybe you could share the logs you get on your server side, it would help to debug you

Kind regards,
Louis

Hello @lclisson !

  • Did your production environment worked before?

Yes, we have been happily using Forest for past 3 years.

  • When this error first came?

Sept 30th

  • Did do you do something that could broke your production environment?

no updates were made these days, the day problem happened. Oct 2nd we updated ruby from 2.5.1 to 2.7.4 and letsencrypt gem, as we were also using it and some of dependencies stopped working.

and another 404

If you were not using a clientId before then you do not need to use it.

Thank you , then I will delete it.

I would really appreciate help! Let me know if need any more info from my end.

Thank you!

@kittinson

Could you eventually try to do a curl https://api.forestadmin.com from your OS (or docker container if you are using one)?
If you are experiencing the SSL issue, you could either

  • try to upgrade your docker base image to a newer one, or
  • try to manually invalidate and update the certificate causing the issue via
rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
update-ca-certificates

If the curl command works as expected, (404 on https://api.forestadmin.com ), then the issue might come from the code. You could try to monkey-patch directly on your end, just in case you are still impacted by the HTTPClient issue declared here .

Let me know if that helps :pray:

Hello @lclisson !

Thank you for quick response!

I tried curl and got this response:

  • try to upgrade your docker base image to a newer one, or

Docker image was updated already.

  • try to manually invalidate and update the certificate causing the issue via

Certificated also were updated. Right now our website works fine with https on production. Please let
me know if I understood you wrong.

  • monkey-patch directly on your end

Monkey-patch is already in production, also did not help. The code is above in the original request. I added inititalizer http_client.rb

I attached the code above of all the changes I have done, but still cannot manage to solve the problem.

@kittinson

Ok thanks for the update, can you share me the logs from your server side on the /authentication call that is returning a 500 status code error?

Here it is @lclisson :

Thanks, it seems similar to previous authentication issue we add so I’m pretty sure we will manage to get your setup working again.

Can you confirm that you previously run curl https://api.forestadmin.com inside your docker container if your using one and not only the OS that run docker?

Thanks,

yes, that’s right! I just checked again and got the same response:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

Can you try to run and tell me what it the response of it? :slight_smile:

rails console

clt = HTTPClient.new
clt.get('https://api.forestadmin.com')

Ok you are not using our monkey patch but yours and it seems that there is an override. From what I can see your monkey patch is named http_client and our is httpClient. Can you try to rollback to version 7.2.1 and keep your monkey patch?

Let me know if it helps :slight_smile:

1 Like

oh do you mean I gave a wrong name to file?

I simply create file in initializers folder http_client.rb , should it be named httpClient.rb ?

I deleted the patch and it worked!!! My production env in forest is back! Thank you @lclisson for your help ! Really appreciate it!

2 Likes

As a result, I deleted monkey patch and it worked. So all the rest I did was right!

  • restarted server
  • updated to forest_liana 7.2.2
  • deployed app again
  • cleared cache
  • update CORS configs
  • added Forest_url
  • added client _id

Perfect, so glad to hear that your environment is back and work again !! Thanks for the help provided and your patience !

1 Like