[EP-tech] indexer and csrf problem

[drn at ecs.soton.ac.uk (Newman D.R.)]

Hi Werner,

Regarding the indexer issue, the most likely reason is there is an edit
lock on the EPrint record.  This will happen if someone is editing the
record.  This could just be someone loading the edit page and then
never hitting either the "Cancel" or "Save and Return".  If this is the
case the task in the indexer will have a status of "Waiting".  If it
has some other status then their may be another issue.  Usually I will
try setting the tasks status back to waiting (you need not change the
scheduled time for the task) and see if it succeeds next time it tries
to run.

Edit locks should only last a short-ish time and the indexer task will
usually get rescheduled for ten minutes later and run without issue if
no one has tried to start editing this record again.  You can go the
Actions tab of the EPrint record and click on a button to remove the
edit lock if it somehow gets stuck.

Regarding the CSRF issue, this is something that has only recently been
added.  It is intended to protect against Cross Site Request Forgery;
basically another site trying to submit some malicious request whilst
you are logged into EPrints.  It looks like in the case of the Storage
Manager this does not work as expected.  I.e. it thinks something
malicious is going on, when it is not.  I will take a look on my own
3.4.1 instance and get back to you.

Regards

David Newman



On Tue, 2019-06-11 at 15:23 +0200, Werner Hack via Eprints-tech wrote:
> Hi all,
>
> I am new to eprints. I recently installed eprints 3.4.1.
> But I encountered some issues while testing the software.
> I hope you can help me.
>
> o If I want to deposit an article and put the item into the live
> repository,
>    the indexer starts some jobs but they keep pending forever.
>    Restarting the indexer has no effect.
>    If I do a reindex with the epadmin command, everthing is ok and
> the pending
>    jobs are resolved. Any idea what happens here? What can I do?
>
> o If I enter the "Storage Manager" as Admin in the Config Tools,
>    I get the following error message:
>
>    Cross-Site Request Forgery (CSRF) was detected whilst processing
>    your last request and therefore its action was not authorised.
>
>    Have I missed some configuration?
>    Any hints are appreciated
>
> Thanks in advance
> Werner
>
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-
> tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=01%7C01%7C%7C18818409265d468c6dc208d6ee729e60%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=n93U3IYYAHM3WFyLKksuJ%2F9PqRKRrbR7yRvvdY1Iuxo%3D&reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=01%7C01%7C%7C18818409265d468c6dc208d6ee729e60%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=WwbhXAX1OEZNsZ1uOUAFfTRTVMvlPdCRTX9%2By38Yeoc%3D&reserved=0
> *** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&data=01%7C01%7C%7C18818409265d468c6dc208d6ee729e60%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&sdata=O%2BPV%2FhJLfhXxxwiepXTAqXmRwe7dgD0E0cBFR%2FGVQA4%3D&reserved=0