Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18447

Invalid authentication information request warning when saving document delete options from Administration

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 12.9-rc-1
    • Fix Version/s: 13.2-rc-1, 12.10.6
    • Component/s: None
    • Labels:
    • Environment:
      Windows 10 Pro 64 bit, Firefox 86, using a local instance XWiki 12.10.5 on Oracle 19c, Tomcat 9.0.44 and Jetty 9.4.29
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Pull Request Status:
      Awaiting Committer feedback
    • Similar issues:

      Description

      STEPS TO REPRODUCE

      1. Login as Admin
      2. Go to Administer Wiki > Content > Delete
      3. Set 'CAN SKIP THE RECYCLE BIN' to 'Yes' and Save

      EXPECTED RESULTS

      A brief success message is displayed on the bottom of the page: 'Saved'.

      ACTUAL RESULTS

      An invalid authentication information request warning is displayed.

      On Jetty, if clicked 'Yes', the user is redirected to page

      http://localhost:8080/xwiki/bin/view/Refactoring/Code/http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences?editor=globaladmin&section=Delete

      If clicked 'No', the user is directed to the same page, which doesn't exist.

      In console, there is the following stacktrace: 

      2021-03-17 14:48:29,164 [qtp1422222071-147 - http://localhost:1310/xwiki/bin/save/Refactoring/Code/RefactoringConfiguration] WARN  o.h.e.j.s.SqlExceptionHelper   - SQL Warning Code: -1100, SQLState: 02000
      2021-03-17 14:48:29,164 [qtp1422222071-147 - http://localhost:1310/xwiki/bin/save/Refactoring/Code/RefactoringConfiguration] WARN  o.h.e.j.s.SqlExceptionHelper   - no data
      2021-03-17 14:48:29,190 [qtp1422222071-21 - http://localhost:1310/xwiki/bin/save/Refactoring/Code/http%3A%2F%2Flocalhost%3A1310%2Fxwiki%2Fbin%2Fadmin%2FXWiki%2FXWikiPreferences%3Feditor%3Dglobaladmin%26section%3DDelete] WARN  o.x.c.i.DefaultCSRFToken       - CSRFToken: Secret token verification failed, token: "null", stored token: "nYhhVtxulcVBawa7B0AWfw"

      On Tomcat on the other hand, the warning is not displayed at all, the user just lands on a 'HTTP Status 400 – Bad Request' page with no stacktrace in console.

      However, the recycle bin options are saved as set.

      The issue reproduces also on XWiki 13.1 and could not be reproduced on XWiki 12.8.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mleduc Manuel Leduc
              Reporter:
              iandriuta Ilie Andriuta
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: