Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Getting 403 errors and back to login page #1267

Open
thias opened this issue Oct 27, 2024 · 2 comments
Open

[Bug] Getting 403 errors and back to login page #1267

thias opened this issue Oct 27, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@thias
Copy link

thias commented Oct 27, 2024

RomM version
Version 3.5.1

Describe the bug
When successfully logging in, I see the full RomM web interface for a fraction of a second, before being redirected to the /login page again. In the logs, 403 errors can be seen for one or more entries.

To Reproduce
Steps to reproduce the behavior:

  1. Run RomM with Podman rootless on RHEL9 (podman 4.9.4) with the command below with an existing MariaDB server on the host OS.
  2. Access the http://127.0.0.1:8080/ URL
  3. Enter the new admin user details, go past the next info page, log in
  4. See the interface for a fraction of a second, then get back to the login page

Expected behavior
No 403 errors and be logged in.

Screenshots
N/A

Desktop

  • OS: RHEL9 x86_64
  • Browser: Firefox 131.0.3 & Chromium 130.0.6723.58

Smartphone
N/A

Additional context
Full Podman command line used:

podman run --name romm -e DB_HOST="10.0.2.2" -e DB_NAME="romm" -e DB_USER="romm" -e DB_PASSWD="romm" -e ROMM_AUTH_SECRET="8a628aa46ac6b51db12a3b8f5bd7b92e9bd32b544969908e659c0339b5571f0b" -e IGDB_CLIENT_ID="xxx" -e IGDB_CLIENT_SECRET="xxx" -e DISABLE_CSRF_PROTECTION=true -v /srv/vgames/romm_resources:/romm/resources:z -v /srv/vgames/romm_redis_data:/redis-data:z -v /srv/vgames/library:/romm/library:z -v /srv/vgames/assets:/romm/assets:z -v /srv/vgames/config:/romm/config:z --network slirp4netns:allow_host_loopback=true -p 8080:8080 docker.io/rommapp/romm:latest

After tracking this down, I have found a workaround, which is to lower the number of gunicorn workers from the default of 2 to only 1: GUNICORN_WORKERS=1

@thias thias added the bug Something isn't working label Oct 27, 2024
@adamantike
Copy link
Collaborator

Good catch! It seems the issue here is that you are providing a ROMM_AUTH_SECRET environment variable, instead of ROMM_AUTH_SECRET_KEY.

When RomM doesn't receive a ROMM_AUTH_SECRET_KEY value, it randomly generates an auth secret. There is a bug here, because when multiple Gunicorn workers are spawn, each of them will generate a different auth secret!

Let's keep the issue open even if changing the environment variable name fixes it for you, so we can fix the underlying randomness.

@thias
Copy link
Author

thias commented Oct 28, 2024

Thanks for seeing my obvious mistake! I can confirm that using the correct ROMM_AUTH_SECRET_KEY environment variable name fixes everything 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants