Unable to authenticate you Please verify that your admin backend is correctly configured and running

Unfortunately now both projects are not working. One was working last night, but now getting the same error.

Rails 6.1.3
Rails 6.1.1 (was working last night)

Edit:

My mistake: The one that was working last night (Rails 6.1.1, no separate rack-cors gem) still works. It was an error on my end. The other one still doesn’t though.

Hello @muz, can you confirm that it is still a problem with the CORS? As you tried several things I prefer to be sure.

Can you share a screenshot of the request headers sent to the CORS request that fails?

forest_admin-2021-03-05 10-08-59

In the network tab, can you find the query that causes the issue and share with us as much details about the CORS request and the response?

We need the request and response headers, and the response body.

I had the same issue and found a way to make it work using the new CORS configuration mentioned in the Upgrade to v6 - Documentation

Basically, I added the snippet below in my application.rb :

null_regex = Regexp.new(/\Anull\z/)

    config.middleware.insert_before 0, Rack::Cors do
      allow do
        hostnames = [null_regex, 'localhost:4200', 'app.forestadmin.com', 'localhost:3001']
        hostnames += ENV['CORS_ORIGINS'].split(',') if ENV['CORS_ORIGINS']

        origins hostnames
        resource '*',
          headers: :any,
          methods: :any,
          expose: ['Content-Disposition'],
          credentials: true
      end
    end
General
	Request URL: http://localhost:3000/forest/authentication
	Referrer Policy: no-referrer-when-downgrade

Request Headers
	Provisional headers are shown
	Content-Type: application/json; charset=utf-8
	DNT: 1
	Referer: http://app.forestadmin.com/socktest/Development/Operations/data/ActiveStorage__Attachment/index
	User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53
	{renderingId: "84657"}
	renderingId: "84657"
General
	Request URL: http://localhost:3000/forest/authentication
	Request Method: OPTIONS
	Status Code: 404 Not Found
	Remote Address: [::1]:3000
	Referrer Policy: no-referrer-when-downgrade

Response Headers
	Content-Length: 33
	Content-Type: text/plain
	X-Cascade: pass
	Accept: */*
	Accept-Encoding: gzip, deflate, br
	Accept-Language: en-US,en;q=0.9
	Access-Control-Request-Headers: content-type
	Access-Control-Request-Method: POST
	Connection: keep-alive
	Host: localhost:3000
	Origin: http://app.forestadmin.com
	Referer: http://app.forestadmin.com/socktest/Development/Operations/data/ActiveStorage__Attachment/index
	Sec-Fetch-Dest: empty
	Sec-Fetch-Mode: cors
	Sec-Fetch-Site: cross-site
	User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53

########

View Source

Request URL: http://localhost:3000/forest/authentication
Referrer Policy: no-referrer-when-downgrade
Provisional headers are shown
Content-Type: application/json; charset=utf-8
DNT: 1
Referer: http://app.forestadmin.com/socktest/Development/Operations/data/ActiveStorage__Attachment/index
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53
{"renderingId":"84657"}

View Source

Request URL: http://localhost:3000/forest/authentication
Request Method: OPTIONS
Status Code: 404 Not Found
Remote Address: [::1]:3000
Referrer Policy: no-referrer-when-downgrade
HTTP/1.1 404 Not Found
Content-Type: text/plain
X-Cascade: pass
Content-Length: 33
OPTIONS /forest/authentication HTTP/1.1
Host: localhost:3000
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: http://app.forestadmin.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Sec-Fetch-Dest: empty
Referer: http://app.forestadmin.com/socktest/Development/Operations/data/ActiveStorage__Attachment/index
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Ok, so the problem is that the request OPTIONS http://localhost:3000/forest/authentication gets a 404 on your instance. So I guess there is a problem with your cors configuration.

This call should return a 204 with some specific headers to authorize the call to the route /forest/authentication.

Can you share with us the code that is supposed to handle the CORS on your instance?

OK, I will try.
Thanks for all your help so far, I really appreciate it!

This is in initializers/cors.rb

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*', headers: :any, methods: [:get, :post, :patch, :put]
  end
end

and this in config/application.rb, based on Forest Admin docs

# For Rails 5, use the class Rack::Cors. For Rails 4, you MUST use the string 'Rack::Cors'.
    config.middleware.insert_before 0, Rack::Cors do
      allow do
        origins 'app.forestadmin.com'
        resource '*', headers: :any, methods: :any,
        expose: ['Content-Disposition'],
        credentials: true
      end
    end

Not sure if this is relevant, but we use a subdirectory on our rails app: http://localhost:3000/portal/ The site is not accessible via http://localhost:3000. Wondering if that makes a difference, because in secrets.yml I have this:
forest_application_url: http://localhost:3000
I tried changing that to forest_application_url: http://localhost:3000/portal but it made no difference.

Sorry, I was unable to post for three hours (new user)

Hello,

Can you try to set explicit domain names as stated in the docs for the parameter origin? I’m not sure that wildcards are supported for this parameter.

I tried

null_regex = Regexp.new(/\Anull\z/)

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins [null_regex, 'app.forestadmin.com']
    resource '*',
              headers: :any,
              methods: :any,
              expose: ['Content-Disposition'],
              credentials: true
  end
end

AND

ForestLiana.application_url = ENV.fetch('SAYDUCK_API_URL')

It works now :slight_smile:

Ok, great, thanks for sharing it with us

Good morning,

I tried @sayduck-daniel approach but still no luck.

in config/application.rb

    null_regex = Regexp.new(/\Anull\z/)

    config.middleware.insert_before 0, Rack::Cors do
      allow do
        origins [null_regex, 'app.forestadmin.com']
        resource '*', headers: :any, methods: :any,
        expose: ['Content-Disposition'],
        credentials: true
      end
    end

but still getting CORS failures (CORS Failed, CORS Missing Allow Origin, NS_ERROR_DOM_BAD_URI)

I can provide network request and response headers and body if it helps.

Hello @muz,

Can you share the response to the request just above, OPTIONS https://[...]/callback[...]? The problem comes from the response of this request, that does not allow the browser to continue further with the real GET request.

By the way, as this query is actually the second one in the process, it seems that your CORS are correctly authorizing calls from the origin app.forestadmin.com, but not from the origin null.

During the authentication process, there are 2 queries:

  • GET /forest/authentication with the origin `app.forestadmin.com``
  • GET /forest/authentication/callback with the origin null (because it comes from a redirection).

As it seems that your authentication fails on the second call, it seems you have an issue with this specific value null.

Could you please copy the request & response headers from this OPTION request in order to validate this?

This one?

scheme
	http
host
	localhost:3000
filename
	/forest/authentication/callback
code
	Edy3xzgGGyv6QslLd3_kO0h5YKb1BXU4pmw8Aw7MWbl
state
	{"renderingId"=>84629}
Address
	127.0.0.1:3000
Status404
Not Found
VersionHTTP/1.1
Transferred89 B (0 B size)
Referrer Policyno-referrer-when-downgrade

	
Content-Length
	42
Content-Type
	text/plain
X-Cascade
	pass
	
Accept
	*/*
Accept-Encoding
	gzip, deflate
Accept-Language
	en-US,en;q=0.5
Access-Control-Request-Headers
	content-type
Access-Control-Request-Method
	GET
Connection
	keep-alive
DNT
	1
Host
	localhost:3000
Origin
	http://app.forestadmin.com
Referer
	http://app.forestadmin.com/[PROJECT_NAME]/Development/Operations/data/ActiveStorage__Attachment/index
Sec-GPC
	1
User-Agent
	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0

The application url in the forest initializer is what solved it for me. Hope it helps

Ok, after a screen sharing session, we found that:

  • The backend of your project needs to be called with a prefix in the url /portal/forest/
  • The authentication needs returns an invalid callback url /forest/authentication/callback instead of /portal/forest/authentication/callback

We could reproduce the issue on our side, and we’re investigating it.

Hello @muz,

We released forest-rails version 6.0.4 that should fix your issue with the application_url not correctly being applied to generate authentication urls.

Can you test to upgrade? You will need to define the variable forest_application_url=http://localhost:3000/portal and it should work.

2 Likes

Good morning @GuillaumeGautreau

It worked! I really can’t thank you enough, you guys are awesome!

@sayduck-daniel thanks for your help too.

2 Likes