remark42: 403 error on /auth/email/login on site with dash in ID

Hi, I’ve set up remark42 on my Hugo blog without a subdomain, following the docs here. I currently have 3 forms of authentication (Anonymous, Google, and Github) that are working properly. However, email authentication is giving me a 403 Forbidden error on this URL:

https://blog.example.com/remark42/auth/email/login?site=this-site&address=example%40user.com&user=example

Screen Shot 2022-09-10 at 3 45 42 PM

Screen Shot 2022-09-10 at 4 25 30 PM

I CAN use email login if I go directly to

https://blog.example.com/remark42/web/iframe.html

I’d love to get email working in favor of anonymous login. Thanks for any assistance you may be able to provide.

Browsers tried with the same result:

macOS 12.5

Safari 15.6
Chrome 105.0.5195.102

Windows 10 Pro 21H2 (on a different network than the Mac)

Microsoft Edge 105.0.1343.33

Logs from remark42 docker:

(I think it may be only the last line that’s relevant here, but included the other lines that happened within the same minute that I clicked “Submit”)

2022/09/10 15:32:38.199 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler.func1.1} GET - /api/v1/config?site=this-site - blog.example.com - ae4a281c94f3 - 200 (528) - 118.915µs
2022/09/10 15:32:38.213 [DEBUG] {middleware/auth.go:75 middleware.(*Authenticator).auth.func1} auth failed, can't get token: token cookie was not presented: http: named cookie not present
2022/09/10 15:32:38.218 [DEBUG] {api/rest_public.go:74 api.(*public).findCommentsCtrl} get comments for {SiteID:this-site URL:https://blog.example.com/this_post/}, sort -active, format tree, since 0001-01-01 00:00:00 +0000 UTC

2022/09/10 15:32:38.218 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler.func1.1} GET - /api/v1/find?site=this-site&url=https://blog.example.com/this_post/&sort=-active&format=tree - blog.example.com - ae4a281c94f3 - 200 (1860) - 180.241µs
2022/09/10 15:32:47.754 [INFO]  {logger/logger.go:134 logger.(*Middleware).Handler.func1.1} GET - /auth/email/login?site=this-site&address=test@test.com&user=test - blog.example.com - ae4a281c94f3 - 403 (14) - 88.851µs

NGINX conf:

  location /remark42/ {
  rewrite /remark42/(.*) /$1 break;
  proxy_pass http://remark42:8080/; 
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  }

Docker compose:

services:
    remark42:
        image: umputun/remark42:latest
        container_name: "remark42"
        restart: always
        environment:
            - REMARK_URL=https://blog.example.com/remark42/
            - SECRET=xxxx
            - STORE_BOLT_PATH=/srv/var/db
            - BACKUP_PATH=/srv/var/backup
            - DEBUG=true
            - SITE=this-site
            - AUTH_ANON=true
            - ADMIN_SHARED_ID=github_xxxx
            - ADMIN_SHARED_EMAIL=myemail@domain.com
            - TIME_ZONE=America/New_York
            - AUTH_GOOGLE_CID=xxxx.apps.googleusercontent.com
            - AUTH_GOOGLE_CSEC=xxxx
            - AUTH_GITHUB_CID=xxxx
            - AUTH_GITHUB_CSEC=xxxx
            - SMTP_HOST=smtp.sendgrid.net
            - SMTP_PORT=465
            - SMTP_TLS=true
            - SMTP_USERNAME=apikey
            - SMTP_PASSWORD=xxxx
            - NOTIFY_EMAIL_FROM=myemail@domain.com    
            - NOTIFY_EMAIL_ADMIN=true
            - NOTIFY_TYPE=email
            - AUTH_EMAIL_FROM=myemail@domain.com
            - AUTH_EMAIL_ENABLE=true
            - AUTH_EMAIL_FROM=myemail@domain.com          
        volumes:
            - ./remark42/var:/srv/var

Frontend:

As generated by Hugo with theme Hugo-theme-stack

<div id="remark42"></div>
<script>
    var remark_config = {
        host: "https://blog.example.com/remark42",
        site_id: 'this-site',
        components: ['embed'],
        url: "https:\/\/blog.example.com\/this_post\/",
        max_shown_comments:  15 ,
        theme: document.documentElement.dataset.scheme,
        page_title: 'Test',
        locale: 'en',
        show_email_subscription:  true 
    };

    (function (c) {
        for (var i = 0; i < c.length; i++) {
            var d = document, s = d.createElement('script');
            s.src = remark_config.host + '/web/' + c[i] + '.js';
            s.defer = true;
            (d.head || d.body).appendChild(s);
        }
    })(remark_config.components || ['embed']);

    window.addEventListener('onColorSchemeChange', (e) => {
        window.REMARK42.changeTheme(e.detail);
    })
</script>

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 15

Commits related to this issue

allow dashes in site ID when validating email auth request As discovered in #1477, dashes are expected to work in the site ID and do work everywhere but in email auth. That change makes the behaviour... — committed to umputun/remark42 by paskal 2 years ago
allow dashes in site ID when validating email auth request As discovered in #1477, dashes are expected to work in the site ID and do work everywhere but in email auth. That change makes the behaviour... — committed to umputun/remark42 by paskal 2 years ago
allow dashes in site ID when validating email auth request As discovered in #1477, dashes are expected to work in the site ID and do work everywhere but in email auth. That change makes the behaviour... — committed to traleor/comments by paskal 2 years ago

Most upvoted comments

It’s not a problem to add a dot to the list of allowed symbols, and I’ll do it in master shortly.

paskal on Nov 3, 2022

Yes, seeing that now if I plug in a dash. I hadn’t grepped before though, but it looks like that message was added recently. My original log was from remark42:latest.

markmonroy on Sep 10, 2022