Comments (13)
@servomac - this has already been mentioned (and fixed) by Roger in this thread I think: #123 #56
from mitro.
Yep - You need the patch offered by @teh ( WeAreWizards/passopolis-extensions@b0fcf31 ) for the lru_cache bug. I found the same bug and fixed it independently of @teh but his patch was more elegant so I've not uploaded mine.
The basic problem is that the Web Extension is trying to generate a key and store it in the browser cache. Once it has the key, it can connect to the Mitro server. Unfortunately, without the lru_cache patch, the Web Extension cannot store the key in the cache and the code fails. This results in the sign up never completing and you just get the activity spinner icon forever.
If you are running just the mitro server without any other web system in front of it, be aware that the some processes will appear to fail because once the appropriate mitro-api action completes, the response from the mitro server is a redirect to a static web page. Unfortunately, these are not provided by the mitro server in its current state and you get a 404 web error. This makes you think that the action has failed but in fact it has worked.
One simple fix is to patch the Main.java thread to add a resource handler for static files then put suitable default files in the appropriate folder.
My code for this was:
diff --git a/mitro-core/java/server/src/co/mitro/core/server/Main.java b/mitro-core/java/server/src/co/mitro/core/server/Main.java
index 7ff7b94..2abd624 100644
--- a/mitro-core/java/server/src/co/mitro/core/server/Main.java
+++ b/mitro-core/java/server/src/co/mitro/core/server/Main.java
@@ -50,6 +50,7 @@ import org.eclipse.jetty.server.Slf4jRequestLog;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.server.handler.RequestLogHandler;
+import org.eclipse.jetty.server.handler.ResourceHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.component.LifeCycle;
@@ -394,9 +395,15 @@ public class Main {
requestLog.setLogTimeZone("UTC");
requestLogHandler.setRequestLog(requestLog);
- // Install both the servlet handler and the logging handler
+ // Handle static file requests
+ ResourceHandler staticFiles = new ResourceHandler();
+ staticFiles.setDirectoriesListed(true);
+ staticFiles.setWelcomeFiles(new String[]{"index.html"});
+ staticFiles.setResourceBase("html");
+
+ // Install the servlet handler, logging handler and static file support
HandlerCollection handlers = new HandlerCollection();
- handlers.setHandlers(new Handler[]{context, requestLogHandler});
+ handlers.setHandlers(new Handler[]{context, requestLogHandler, staticFiles});
OldJsonData ojd = OldJsonData.createFromStream(
Main.class.getResourceAsStream("service_list.json"));
You then just need simple static pages in mitro-core/html
for the following files:
index.html
verified-device.html
verified.html
e.g. verified.html
<HTML>
<HEAD>
<TITLE>Password verified</TITLE>
</HEAD>
<BODY BGCOLOR="FFFFFF">
<HR>
<P><CENTER>Thank you, your password has been verified.</CENTER>
<HR>
</BODY>
</HTML>
You may well find that additional files are required for some actions... but I've not done those actions yet so haven't discovered that the files are missing 😃 .
I've also used the mitro-core/html
folder so store my built extension files for Firefox and a ZIP'd archive of the extension files for Chrome. I've modified the index.html
file with links to these so that users can be pointed at the mitro server, download the appropriate files directly from there and install them in their browser. That makes the process much easier for them.
from mitro.
Thanks a lot for your responses!
I have been able to avoid the infinite spinning on the loader after applying @teh patch, but now I have another problem; after filling the signup form an error missage appears sentencing "Sorry, an error has occurred. Already have an account?"
Obviously the database is still empty.
from mitro.
@servomac Did you add the mitro database before starting the mitro server?
psql -c 'create database mitro;' postgres
If you followed the install flow I detailed in #56, it should "just work"...
from mitro.
Yes, of course I have created the database (and the ant server created the respective tables). I will repeat the process for Nth time with your references from #56.. thanks a lot!
from mitro.
@servomac If it is any consolation, it took me a lot of attempts to get it working too. If I've missed a step from my notes in #56 then I apologise in advance... but I think they are complete...
from mitro.
I have been working on a docker image solution (containing both postgres and the ant server inside the same container; not exactly following the docker guidelines but it's a first iteration) following your documentation and extending from centos (i'm a "debian flavoured" guy, so maybe I made some distribution-specific mistake :P). I share it, but its obviously still a work in progress. The Dockerfile explains the procedure followed:
https://github.com/servomac/mitro/tree/master/centos
You can build it (docker build -t mitro .) and run the container (docker run --name mitro -d mitro) and copy to your machine from the inside the release dir (i.e. docker exec -it mitro scp -r /srv/mitro/browser-ext/login/build/chrome/release [email protected]:), and you should load the chrome extension. After pointing preferences.html to the docker container ip (docker inspect -f '{{ .NetworkSettings.IPAddress }}' mitro) at port 8443, I try to sign up with the same error: "Sorry, an error has occurred. Already have an account?"
I'm clearly missing something...
from mitro.
Did you comment out the line <sysproperty key="generateSecretsForTest" value="true"/>
in mitro-core/build.xml
?
For testing, ant generates random secrets each time the server starts. You don't want this on a real system as you want its secrets to be persistent across restarts. Comment out (or delete) the line in the XML (don't try to set it to false
as the server doesn't like that) then reset your database and try to sign up again with the client.
What I suspect is happening is that you've restarted the server and the client is confused because the server keys have changed but the user account is still there.
from mitro.
Thanks a lot again, you are right! I have deleted the refered line of code setting generateSecretsForTest as true, but now I'm unable to generate correctly the keys :P
On /srv/mitro/mitro-core I do:
[root@e9e8969a84d2 mitro-core]# export CLASSPATH="java/server/lib/keyczar-0.71f-040513.jar:java/server/lib/gson-2.2.4.jar:java/server/lib/log4j-1.2.17.jar"
[root@e9e8969a84d2 mitro-core]# export KEYS_PATH="mitrocore_secrets/sign_keyczar"
[root@e9e8969a84d2 mitro-core]# mkdir -p $KEYS_PATH
[root@e9e8969a84d2 mitro-core]# java -cp $CLASSPATH org.keyczar.KeyczarTool create --location=$KEYS_PATH --purpose=sign
[root@e9e8969a84d2 mitro-core]# java -cp $CLASSPATH org.keyczar.KeyczarTool addkey --location=$KEYS_PATH --status=primary
log4j:WARN No appenders could be found for logger (org.keyczar.GenericKeyczar).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
I think that the log warning it's not a problem, just a warning message to explain that the app cannot log it's steps, but i'm not sure. This generates the following dir structure and files (with a correct content, the file 1 contains the hmacKeyString -i.e. {"hmacKeyString":"8wblahblah3SWqH-LXkmW1uwLJKVi-MOI_MoA6L92Xy_TRVw","size":256}-, and meta contains the metainfo; i.e {"name":"","purpose":"SIGN_AND_VERIFY","type":"HMAC_SHA1","versions":[{"exportable":false,"status":"PRIMARY","versionNumber":1}],"encrypted":false}):
[root@e9e8969a84d2 mitro-core]# pwd
/srv/mitro/mitro-core
[root@e9e8969a84d2 mitro-core]# tree mitrocore_secrets/
mitrocore_secrets/
└── sign_keyczar
├── 1
└── meta
But unfortunately seems that the ant server is not able to read the generated keys.
[root@e9e8969a84d2 mitro-core]# ant server Buildfile: build.xml compile: jar: [delete] Deleting: /srv/mitro/mitro-core/build/mitrocore.jar [exec] Result: 128 [propertyfile] Updating property file: /srv/mitro/mitro-core/build/java/src/build.properties [echo] Built build/mitrocore.jar server: [java] INFO [2015-08-12 07:39:36,669Z] co.mitro.core.server.SecretsBundle: loading signing key from mitrocore_secrets/sign_keyczar [java] Exception in thread "main" java.lang.RuntimeException: Unable to load signing key [java] at co.mitro.core.server.SecretsBundle.(SecretsBundle.java:54) [java] at co.mitro.core.server.Main.main(Main.java:302) [java] Caused by: org.keyczar.exceptions.KeyczarException: Error reading file: mitrocore_secrets/sign_keyczar/meta [java] at org.keyczar.KeyczarFileReader.readFile(KeyczarFileReader.java:69) [java] at org.keyczar.KeyczarFileReader.getMetadata(KeyczarFileReader.java:58) [java] at org.keyczar.Keyczar.(Keyczar.java:81) [java] at org.keyczar.Verifier.(Verifier.java:62) [java] at org.keyczar.Signer.(Signer.java:58) [java] at co.mitro.core.server.SecretsBundle.(SecretsBundle.java:52) [java] ... 1 more [java] Caused by: java.io.FileNotFoundException: mitrocore_secrets/sign_keyczar/meta (No such file or directory) [java] at java.io.RandomAccessFile.open(Native Method) [java] at java.io.RandomAccessFile.(RandomAccessFile.java:241) [java] at java.io.RandomAccessFile.(RandomAccessFile.java:122) [java] at org.keyczar.KeyczarFileReader.readFile(KeyczarFileReader.java:63) [java] ... 6 more [java] Java Result: 1 BUILD SUCCESSFUL Total time: 3 seconds
Any idea in which step I'm being wrong? Do you generate the same kind of key files?
from mitro.
You have to manually generate the keys for the server. This is described in section 5 of mitro-core/production/ansible/README.md
. Basically, just do:
cd ~/mitro/mitro-core
mkdir -p mitrocore_secrets/sign_keyczar
java -cp build/mitrocore.jar org.keyczar.KeyczarTool create --location=mitrocore_secrets/sign_keyczar --purpose=sign
java -cp build/mitrocore.jar org.keyczar.KeyczarTool addkey --location=mitrocore_secrets/sign_keyczar --status=primary
That will give you a persistent set of keys. If you lose the keys then you will confuse the clients because the server identity has changed. I don't know any way to recover from that situation so I've made sure my keys are well backed up! 😄
from mitro.
My problem was the path! My build.xml specified that the directory of the server was root (/), so I needed that mitrocore_secrets directory to be on root. Now i'm gonna try the client browser extension :-) Thanks a lot!
from mitro.
I'm finally able to use the chrome extension!! But actually I'm unable to add to chrome the certificated using during the self-signing process as a trusted certificate authority.. I will keep looking this, because to use it I need to add a security exception, and this is not exactly my idea of "security" :P
Thanks a lot for your feedback. I will work a little on the dockerized solution, with an external postgres container and another one for the emailer. I will share it with the community, because it seems that there is not an easy deployment strategy for the project.
from mitro.
If you are prepared to pay... then you can send the CSR that you generated with the openssl req ...
command to the 3rd party authority (e.g. Verisign, Thawte, GoDaddy) and they will sign it for you. Your browser will then accept it without complaint.
Alternatively, for Chrome, follow the instructions below to add the Mitro server certificate to your Chrome instance as a trusted certificate:
- Click on the padlock icon in the URL bar with a red "X"
- Click on the "Certificate Information"
- Click on the "Details" tab
- Click "Copy to file"
- Save the file to your desktop
- Now go to the Chrome menu (the three bars on the right hand side of the menu)
- Select "Settings"
- Click "Show advanced settings..." at the bottom
- Click the "Manage certificates..." button
- Click the "Import..." button
- Click "Next >"
- Select the file that you saved to your desktop
- Click "Next >"
- Click "Browse" and select "Trusted Root Certificate Authorities" then click "OK"
- Click "Next >"
- Click "OK"
- Restart Chrome
You will have to add the server certificate as a trusted authority or Chrome will not allow the Mitro extension to automatically connect to the Mitro server when you restart Chrome. Instead, the Mitro extension will not be able to connect until you explicitly connect to your Mitro server and accept the security exception.
from mitro.
Related Issues (20)
- Running Mitro on CentOS 6 HOT 1
- sendmail.send_message_via_ses doesn't exist HOT 1
- add netcat openbsd to dependencies HOT 1
- Android app not logging into Mitro account HOT 2
- Change password reminder
- Export secrets not working in firefox HOT 4
- Trying to login using Firefox after signing up in Chrome forces perpetual display of "Email Activation Link" error message HOT 3
- Have an option to disable the animation everywhere in mitro
- keyboard shortcut to open up the Mitro chrome extension
- [Feature Request] Support for generic form filling HOT 1
- Not working with circle.com (Angular.js application) HOT 1
- mitro's project status? HOT 32
- [browser-ext/chrome] Uncaught TypeError: Cannot read property '2' of null
- constant 100% cpu usage in Firefox HOT 1
- FR: Allow usage of wildcards in domain field.
- Audit log not working
- browser-ext/login make error HOT 1
- Import Secrets from public Mitro into local Mitro
- Potential for Mitro Revival HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mitro.