Author Topic: Roundcube 1.4 "Invalid request - No data was saved"  (Read 5169 times)

Offline wclarke

  • Newbie
  • *
  • Posts: 1
Roundcube 1.4 "Invalid request - No data was saved"
« on: January 22, 2015, 02:50:36 PM »
All,

I just upgraded roundcube 0.9.3 to the newest release 1.4 mainly due to the recent security vunerability CVE-2014-9587. Currently running on CentOS 6.4 and PostgreSQL 8.4.13. I used the installto.sh script and it went smoothly however I'm seeing an error "invalid request - no data was saved" when user's try to connect via single sign-on from our CampusEAI portal. If you enter in your password again it lets you right in so I assume the newer version is possibly expecting a slightly different request. Nothing changed on the portal side as this was working on 0.9.3 right up until I updated roundcube. When viewing the source of the login page I see a hidden "_token" field and suspect that may be something new but your input would be very helpful. If you could perhaps let me know what else I need to submit via SSO that would also be helpful. I know the SSO module "External Authenticator" that we're using will allow several senerios which we're using senerio 1:

Senario 1 Application require form fields only (e.g. username and password)
Senario 2 Application require form fields (e.g. username and password) and some pre-login cookie(s)
Senario 3 Application require form fields (e.g. username and password) and some dynamic hidden form fields
Senario 3 Application require form fields (e.g. username and password) and some dynamic hidden form fields as well as pre-login cooke(s)
Senario 4 Application require form fields (e.g. username and password) and some dynamic hidden form fields as well as pre-login cooke(s) in different domain


Here is what we submit via the SSO portal:

Login URL: https://warlock.simons-rock.edu/roundcubemail/index.php
Logout URL: https://warlock.simons-rock.edu/roundcubemail/?_task=logout&_action=
User Name/ID Field Name:_user
Password Field Name:_pass
Type of Authentication Used: POST
Field Name    Field Value
_autologin           1
_action      login
_task              login


----------
ERROR LOGS
----------

/usr/share/roundcubemail/logs/errors

[22-Jan-2015 13:02:23 -0500]: PHP Error: Error loading template for logout in /usr/share/roundcubemail/program/include/rcmail_output_html.php on line 496 (GET /roundcubemail/?_task=logout&_action=)

/usr/share/roundcubemail/logs/session

[22-Jan-2015 13:05:35 -0500]: Send new auth cookie for vrbkugp6u51d7i06phkecs0794: Sfafa1baacf3e57e303a2756507ed9f43ab95c163
[22-Jan-2015 13:05:35 -0500]: Session auth check failed for 6lgpfakit9eamld460pq1pdcr1; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:35 -0500]: Send new auth cookie for 6lgpfakit9eamld460pq1pdcr1: S9a85b8500fbbc9e91eb7029f7fdb08e463b6c67c
[22-Jan-2015 13:05:38 -0500]: Session auth check failed for j57hkvnqb5tb0p561hbg3k5el7; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:38 -0500]: Send new auth cookie for j57hkvnqb5tb0p561hbg3k5el7: S70cf510a863c526a4b52e91adcee3413f4eae605
[22-Jan-2015 13:05:40 -0500]: Session auth check failed for 47ukbetqat5k2cao0d5ulisqh0; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:40 -0500]: Send new auth cookie for 47ukbetqat5k2cao0d5ulisqh0: S90bee0b62d240c38a990db0a861e96b174acec73
[22-Jan-2015 13:05:44 -0500]: Session auth check failed for vbpaofk63opi65gripjaiu37q3; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:44 -0500]: Send new auth cookie for vbpaofk63opi65gripjaiu37q3: Saa007831ddc685382b9ff3ca7ea189f0f905d1af
[22-Jan-2015 13:05:45 -0500]: Session auth check failed for 04equ7qd7m3tsdt9959pvqef07; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:45 -0500]: Send new auth cookie for 04equ7qd7m3tsdt9959pvqef07: S9f965d6d8eff00f67c6fb7011450532b8a07853b
[22-Jan-2015 13:05:45 -0500]: Aborted session 49hs5rfm8mgvd12lp2i4s0cuv0; no valid session data found
[22-Jan-2015 13:05:52 -0500]: Session auth check failed for i4rdt9lgmml268olnvdoc6f520; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:52 -0500]: Send new auth cookie for i4rdt9lgmml268olnvdoc6f520: Sc9a5b6788096d35cd16305df7b5e1402575aa9d1
[22-Jan-2015 13:05:53 -0500]: Session auth check failed for 4i2jl22p6nivica7d0455lgga3; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:53 -0500]: Send new auth cookie for 4i2jl22p6nivica7d0455lgga3: S6e5a371c3d1e2c7dbe2590bcd6898beee096b43d
[22-Jan-2015 13:05:53 -0500]: Session auth check failed for 2abj58n112o5ulob4s9j6rnc66; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:53 -0500]: Send new auth cookie for 2abj58n112o5ulob4s9j6rnc66: Sca6fc7f8a20c010fdc4f8c9cbafdb40139d49f3c
[22-Jan-2015 13:05:57 -0500]: Session auth check failed for ckold4aj9f0c24lp2afav4lkl1; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:57 -0500]: Send new auth cookie for ckold4aj9f0c24lp2afav4lkl1: S19140ff95eca0e178f773d3e21c387564da1f584
[22-Jan-2015 13:05:59 -0500]: Session auth check failed for hvpa15s0t8nvtfrfh7er2pmmt2; timeslot = 2015-01-22 13:05:00
[22-Jan-2015 13:05:59 -0500]: Send new auth cookie for hvpa15s0t8nvtfrfh7er2pmmt2: Sba1a280aef4626b500aa4b1a66e918079b58dd91
[22-Jan-2015 13:06:01 -0500]: Aborted session 49hs5rfm8mgvd12lp2i4s0cuv0; no valid session data found
[22-Jan-2015 13:06:05 -0500]: Aborted session mt2d6dtavucibo33llop7tj1p4; no valid session data found
[22-Jan-2015 13:06:13 -0500]: Aborted session pd1j2ducj1h4ah96qf5aghl2q1; no valid session data found
[22-Jan-2015 13:07:05 -0500]: Aborted session mt2d6dtavucibo33llop7tj1p4; no valid session data found
[22-Jan-2015 13:07:13 -0500]: Aborted session pd1j2ducj1h4ah96qf5aghl2q1; no valid session data found
[22-Jan-2015 13:07:44 -0500]: Aborted session ppgk02pc5ai2cju1iq6komfs30; no valid session data found

/usr/share/roundcubemail/logs/userlogins
[22-Jan-2015 12:35:53 -0500]: FAILED login for knardin from 10.30.4.187
[22-Jan-2015 12:40:55 -0500]: FAILED login for sspitz12 from 173.46.101.113
[22-Jan-2015 12:42:00 -0500]: FAILED login for kgiles08 from 173.162.239.254
[22-Jan-2015 12:50:37 -0500]: FAILED login for knardin from 10.30.4.187
[22-Jan-2015 12:53:44 -0500]: FAILED login for wclarke from 10.30.2.210
[22-Jan-2015 12:54:23 -0500]: FAILED login for billm from 10.30.8.254
[22-Jan-2015 12:55:49 -0500]: FAILED login for mclarkconnors from 163.153.100.129
[22-Jan-2015 13:02:13 -0500]: FAILED login for wclarke from 10.30.2.210
[22-Jan-2015 13:05:31 -0500]: FAILED login for cmalefakis14 from 108.16.13.195
[22-Jan-2015 13:06:34 -0500]: FAILED login for wclarke from 10.30.2.210
« Last Edit: January 23, 2015, 10:05:27 AM by wclarke »

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Roundcube 1.4 "Invalid request - No data was saved"
« Reply #1 on: January 23, 2015, 02:12:47 AM »
Are you using a plugin to allow remote form logins?