Message CSRF Timeout occurred due to inactivity, page refres

Addons for Cacti and discussion about those addons

Moderators: Developers, Moderators

Post Reply
nello12
Posts: 9
Joined: Thu Apr 04, 2019 9:40 am

Message CSRF Timeout occurred due to inactivity, page refres

Post by nello12 »

Hi again,
I have a php 7 page that points to my cacti page and insert username and password automatically

$this->arr_graph_detail = array(
'graph_url'=>'https://mycacti/'.$this->SW_folder.'/' . $this->graphs_type . '/',
'graph_user'=>'user', // Username di accesso
'graph_pass'=>'password' // Password di accesso
);

When I execute this php the automatic logon fails with this message.

It worked fine with older versions
Any idea?
Thnks
Attachments
Schermata 2019-04-05 alle 09.32.14.png
Schermata 2019-04-05 alle 09.32.14.png (85.13 KiB) Viewed 13459 times
nello12
Posts: 9
Joined: Thu Apr 04, 2019 9:40 am

Re: Message CSRF Timeout occurred due to inactivity, page re

Post by nello12 »

not solved...
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Message CSRF Timeout occurred due to inactivity, page re

Post by netniV »

All incoming POST requests are checked to make sure that there is a CSRF value for the login, which you don't/won't have when your submitting. However, as your code below isn't complete, I can't be sure what you are doing or which page you are doing it against to be sure.

If you want a method of being able to automatically login to Cacti securely, check out my tokenauth plugin (https://github.com/netniv/plugin_tokenauth/) which I wrote as an example of how to do this kind of thing.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
nello12
Posts: 9
Joined: Thu Apr 04, 2019 9:40 am

Re: Message CSRF Timeout occurred due to inactivity, page re

Post by nello12 »

I explain me better with an example.

A customer would like to have all the monitoring services together in a single php page.

With the plugin graphs export I can store the png graphs files into one path and after that I can show
this main graphs in this page.

Example:
Customer PizzaMandolino'=>array(
'nomerouter'=>array(
array(
'graph_title'=>'PizzaMandolino - Gbit 0/0/1 - Link COLT 1Gbit',
'image_url'=>'graph_1315_45.png'
),

Then I add a button "Graphs details" that open cacti with the account of the customer
entering user and password automatically as if the customer had to make the logon manually


$this->arr_graph_detail = array(
'graph_url'=>'https://newcacti/'.$this->SW_folder.'/' . $this->graphs_type . '/',
'graph_user'=>'PizzaMandolino',
'graph_pass'=>'Mustache' // Password

With the old cacti version this was possible.

Is there a way to disable CSRF check in the logon process?

Thank you very much
Attachments
Schermata 2019-04-06 alle 16.50.44.png
Schermata 2019-04-06 alle 16.50.44.png (162.87 KiB) Viewed 13445 times
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Message CSRF Timeout occurred due to inactivity, page re

Post by netniV »

As I said, if you use the token_auth plugin I wrote, you can pass a token that is randomly generated and valid for a short period of time. That then allows the user in automatically from your other system via a GET request. There is no way to post directly without CSRF checks being in-place.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
nello12
Posts: 9
Joined: Thu Apr 04, 2019 9:40 am

Re: Message CSRF Timeout occurred due to inactivity, page re

Post by nello12 »

SOLVED
seems that the problem was solved setting to true the following variable:


#$GLOBALS['csrf']['defer'] = false;
$GLOBALS['csrf']['defer'] = true;

in the file .../include/vendor/csrf/csrf-magic.php


Now I can pass user and password in POST mode and log in automatically.


Thank you
Regards
majed17
Cacti User
Posts: 60
Joined: Thu Jul 17, 2014 10:24 pm

Re: Message CSRF Timeout occurred due to inactivity, page refres

Post by majed17 »

had this problem on 1.2.13
solved by clearing cache in Firefox
knock and it shall be opened, ask and you shall receive, believe in order for it to happen, cry and you shall be comforted!
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests