Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

csrf queue new build error #24

Open
MeGaPk opened this issue May 10, 2020 · 3 comments
Open

csrf queue new build error #24

MeGaPk opened this issue May 10, 2020 · 3 comments
Assignees
Labels
bug Something isn't working

Comments

@MeGaPk
Copy link

MeGaPk commented May 10, 2020

When I tried to use this code:

       body = Build(
            build_type_id=self._tc_build_configuration_id,
            branch_name=branch_name,
        )
        print(self._tc.build_queues.queue_new_build(body=body, move_to_top=True))
    

I got error:

   File "C:\Users\megap\PycharmProjects\Jira2TeamCity\venv\lib\site-packages\dohq_teamcity\api_client.py", line 373, in request
    body=body)
  File "C:\Users\megap\PycharmProjects\Jira2TeamCity\venv\lib\site-packages\dohq_teamcity\rest.py", line 281, in POST
    body=body)
  File "C:\Users\megap\PycharmProjects\Jira2TeamCity\venv\lib\site-packages\dohq_teamcity\rest.py", line 232, in request
    raise ApiException(http_resp=r)
dohq_teamcity.rest.ApiException: (403)
Reason: 
HTTP response headers: HTTPHeaderDict({'TeamCity-Node-Id': 'MAIN_SERVER', 'Content-Type': 'text/plain;charset=UTF-8', 'Content-Length': '358', 'Date': 'Sun, 10 May 2020 15:07:48 GMT'})
HTTP response body: 403 Forbidden: Responding with 403 status code due to failed CSRF check: authenticated POST request is made, but neither tc-csrf-token parameter nor X-TC-CSRF-Token header are provided.. For a temporary workaround, you can set internal property teamcity.csrf.paranoid=false  and provide valid Origin=http://asdasdasd header with your request

@xSageDan
Copy link

Same issue here.
Tried to solve this by updating init of TeamCity object to get the X-TC-CSRF-Token via https://xxxxx/authenticationTest.html?csrf and then passing it as a header({'X-TC-CSRF-Token' : 'xxxxx'}, but for some reason it says the token I got is different from the session token. Any suggestions on how to continue from here?

@allburov allburov added the bug Something isn't working label Mar 1, 2021
@YuryPichuzhkin
Copy link

Same issue here.
Tried to solve this by updating init of TeamCity object to get the X-TC-CSRF-Token via https://xxxxx/authenticationTest.html?csrf and then passing it as a header({'X-TC-CSRF-Token' : 'xxxxx'}, but for some reason it says the token I got is different from the session token. Any suggestions on how to continue from here?

Hi!

Try it:

tc = dohq_teamcity.TeamCity(TC_URL, auth=(options.tc_login, options.tc_password))
tc.call_api(resource_path="/httpAuth/app/rest/server", method="GET")
csrfToken = tc.request("GET", url=TC_URL + "/authenticationTest.html?csrf").data
tc.set_default_header(header_name='X-TC-CSRF-Token', header_value=csrfToken)

@istvans
Copy link

istvans commented Jan 19, 2024

Same issue here.
Tried to solve this by updating init of TeamCity object to get the X-TC-CSRF-Token via https://xxxxx/authenticationTest.html?csrf and then passing it as a header({'X-TC-CSRF-Token' : 'xxxxx'}, but for some reason it says the token I got is different from the session token. Any suggestions on how to continue from here?

Hi!

Try it:

tc = dohq_teamcity.TeamCity(TC_URL, auth=(options.tc_login, options.tc_password))
tc.call_api(resource_path="/httpAuth/app/rest/server", method="GET")
csrfToken = tc.request("GET", url=TC_URL + "/authenticationTest.html?csrf").data
tc.set_default_header(header_name='X-TC-CSRF-Token', header_value=csrfToken)

I had the same 403 status code with TC 2022.04 when I was just trying to set a parameter on a project. Read-only operations worked fine, but I ran into this problem every time I tried to change something in the configuration.
This is inline with the TeamCity documentation:

1. If an HTTP request is a non-modifying one (such as GET), it is considered safe.
2. If an HTTP request has a secure CSRF token either in the parameter or in the HTTP header and this token matches the one stored in user session, it is considered safe.

This suggestion worked fine, but (probably obviously) only when I was logged in with my password and not with an access token.

As suggested in #37 (which seems to be a duplicate of this issue) I think the library should handle this with some options at least.

The official TeamCity documentation suggests token based authentication for non-browser HTTP clients:
https://www.jetbrains.com/help/teamcity/csrf-protection.html#Implications+for+non-browser+HTTP+clients

I have the same problem even if I authenticate using a token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Development

No branches or pull requests

7 participants