The Token Authentication plugin is not working

[gregd]

Hi,

The GET method for https://<cacti>/graph_image.php?tokenauth_userid=<userid>&tokenauth_token=<token> returns an error: "FATAL: You must be logged in to access this area of Cacti".
What could be the reason for this error?

- Plugin: https://github.com/netniV/plugin_tokenauth
- Cacti version 1.2.22
- Plugin Token Authentication enabled
- Account enabled
- Auth token for account enabled
- The token is generated correctly (verification with a public key returns success)

[TheWitness]

You need a session cookie first. If you look at the tests/tools folder, you can find a check_all_pages.sh script to show you how to do it. You simply need to pass the session cookie in each GET or POST.

[gregd]

Unfortunately I still get the error: "FATAL: You must be logged in to access this area of Cacti".

$this->temp_cookie = '/tmp/cacti_cookie';
1. I use CURL for download "__csrf_magic"
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->temp_cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->temp_cookie);
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE);
2. I log in using POST data action=login&login_username=admin&login_password=${login_pw}&__csrf_magic=${magic}
curl_setopt($ch, CURLOPT_COOKIEJAR, $this->temp_cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->temp_cookie);
3. Logging in is correct because in the response I see "Logged in as admin"
4. Execution of the GET request with CURLOPT_COOKIEFILE to graph_image.php returns an error: "FATAL: You must be logged in to access this area of Cacti".
curl_setopt($ch, CURLOPT_COOKIEFILE, $this->temp_cookie);

[TheWitness]

You should do a tcpdump + wireshark to ensure things are being passed and authenticated correctly.

[jaredhared]

In case someone will face the same problem - it was resolved by enabling guest user in Cacti authentification settings.

[TheWitness]

Yea, Guest fixes a lot of problem, but netniV's plugin may make it into Cacti for other reasons in the next 6 months or so.