Ad Widget

**richlv** · 22-08-2014, 10:46

you are taking 44 characters, and "DczPoEpy0I/Aojo9AF7W0LnqW2yt1 pmVm2nbIzdnQc=" is 44 chars long.
what do you mean by "special characters" - can you post an exact example that fails ?

**arndtt** · 22-08-2014, 11:14

Thanks for your reply. The example I already posted is the one that is failing. Sorry for making that not clear enough.

If you take a look at "DczPoEpy0I/Aojo9AF7W0LnqW2yt1 pmVm2nbIzdnQc=" you can see that between "1" and the "p" is a whitespace. I believe this is the problem here. No whitespaces within an authenticity_token are allowed...

My guess what happens here is the Rails authenticity_token that is required is actually "DczPoEpy0I/Aojo9AF7W0LnqW2yt1%pmVm2nbIzdnQc=" but my automated Zabbix login posts "DczPoEpy0I/Aojo9AF7W0LnqW2yt1 pmVm2nbIzdnQc="

I don't know why Zabbix or my regex is doing this but a possible reason could be Zabbix doesn't allow storing URL encoded strings in a variable if I interpret https://www.zabbix.com/documentation...web_monitoring in the right way. And as you know the "%" is a central charactar in the area of URL-encoding.

**richlv** · 22-08-2014, 12:55

no, i meant the input case that results in the failure - are you sure it's "DczPoEpy0I/Aojo9AF7W0LnqW2yt1%pmVm2nbIzdnQc=" or is that just a guess ?
can you trace a failing case and see what exactly is contained in the page that makes it all fail ?

**arndtt** · 22-08-2014, 15:51

Right now I'm only guessing. Give me some time if I'm able to debug this...

**richlv** · 22-08-2014, 16:01

ok, let's see the input that results in this - until then it's unclear what the problem might be

**arndtt** · 25-08-2014, 11:48

O.k. I'v edited the relevant ruby function according to this post:

http://stackoverflow.com/questions/1...ifferent-times

This results in the following log files (2 authentication attempts are shown):

Code:

Processing by AccountController#login as */*
Parameters: {"utf8"=>"✓", "back_url"=>"https://bla.bla.bla/", "authenticity_token"=>"fSdoIF/Aj380peiu1RL2H QfESk/8/55Jnaf3OxL0sA=", "username"=>"zabbix", "password"=>"[FILTERED]", "login"=>"Anmelden »"}
printing info from `verified_request?` ...
request_forgery_protection_token = authenticity_token
form_authenticity_token = fSdoIF/Aj380peiu1RL2H+QfESk/8/55Jnaf3OxL0sA=
params[request_forgery_protection_token] = fSdoIF/Aj380peiu1RL2H QfESk/8/55Jnaf3OxL0sA=
request.headers['X-CSRF-Token'] = 
WARNING: Can't verify CSRF token authenticity


Processing by AccountController#login as */*
Parameters: {"utf8"=>"✓", "back_url"=>"https://bla.bla.bla/", "authenticity_token"=>"jgExECYdNvfS0N8c jnaxAfTW7kS83JlmZapnwseexw=", "username"=>"zabbix", "password"=>"[FILTERED]", "login"=>"Anmelden »"}
printing info from `verified_request?` ...
	request_forgery_protection_token = authenticity_token
	form_authenticity_token = jgExECYdNvfS0N8c+jnaxAfTW7kS83JlmZapnwseexw=
	params[request_forgery_protection_token] = jgExECYdNvfS0N8c jnaxAfTW7kS83JlmZapnwseexw=
	request.headers['X-CSRF-Token'] = 
WARNING: Can't verify CSRF token authenticity

=> The '+' character is filtered out by my regex definition...

**richlv** · 25-08-2014, 12:20

according to wiper, this is likely to be caused by server not url-encoding sent data - which would be https://support.zabbix.com/browse/ZBXNEXT-2074

**fserve** · 14-01-2015, 05:46

i have a similar problem, but when i tried what you did, i got another problem.
i just can't use any kind of regex in my zabbix.

the variables
{username}=admin
{password}=pass
{token}=regex:input name="authenticity_token" type="hidden" value="(.{44})"
{utf8}=✓
{login}=Sign in »

give to me:
Error: error in scenario variables "{username}=admin {password}=pass {token}=regex:input name="authenticity_token" type="hidden" value="(.{44})" {utf8}=✓ {login}=Sign in»": cannot extract the value of "{token}" from response

Ad Widget

Rails web monitoring and authenticity_token

Rails web monitoring and authenticity_token

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment