Fix Flask Invalid CSRF token message on Wazo PBX login

Today I was trying to sign into an instance of Wazo that I am responsible for and login to the Wazo Admin UI was failing in Firefox. At the login splash screen, when I’d enter my credentials I got no warnings, no message that the credentials were incorrect — but the username and password blanks simply cleared, and the login page was again presented. I knew the credentials were correct., and verified that they were by viewing the appropriate records in SQL, like so:

root@pbx:~# su - postgres
postgres@pbx:~$ psql asterisk
asterisk=# select * from "user";

This shows you the usernames and passwords to the Wazo admin UI in plain text; and I was able to easily verify that I was using the correct credentials. (To exit the psql prompt, type \q and press Enter; then type exit to leave the postgres user account and go back to root.) I also discovered that I could log in just fine using Chrome.

Note that if you want to change the password, you can do so with an SQL command:

sudo -u postgres psql -c "update \"user\" set passwd = 'MyScaryPassword!' where login = 'root'" asterisk

Being a Firefox type of person I wasn’t satisfied to just use Chrome, and went digging for answers.

tail -f /var/log/wazo-admin-ui.log

Tailing the Wazo Admin UI log (command above) revealed this line when trying to log in to Wazo via Firefox:

(INFO) (flask_wtf.csrf): The CSRF tokens to not match.

That gave me a specific error message to go to DuckDuckGo with. Using the clue that this was a Flask error, and not a specific Wazo problem, I searched accordingly; and came across this helpful article.

In my /etc/hosts file there were these entries (our actual hostname replaced with example.com):

127.0.0.1       localhost
127.0.1.1       pbx.example.com        localhost.localdomain   pbx

Comments at the top of the file warned me not to edit this file by hand because the Wazo services will over-write manual changes. I decided to give it a go anyhow and see what would happen; and figure out how to change the Wazo settings that write this file later if need be. So I changed the second line’s IP address from 127.0.0.1 to the actual LAN IP address of the PBX and for lack of knowing what services may need to be restarted (wazo-service restart didn’t do it), simply rebooted the system.

And, voila! I logged in via Firefox successfully.

Funny thing is, I’ve checked /etc/hosts again and it’s back to what it had been earlier — my manual change has been over-written. But login still works. Why it does, or why it didn’t before then, I can’t say for sure. At least I have something to try if it breaks again.

You may also like...

Leave a Reply