iris-web icon indicating copy to clipboard operation
iris-web copied to clipboard
verified publisher icon dfir-iris

RuntimeError: A secret key is required to use CSRF

Open manosmustang opened this issue 7 months ago • 4 comments

Hello,

Can Anyone help to identify why I get this issue when I am trying to create the IRIS containers?

 docker logs -f iris_app_dev
Running iriswebapp ...
[2025-09-24 12:03:20 +0000] [7] [INFO] Starting gunicorn 20.1.0
[2025-09-24 12:03:20 +0000] [7] [INFO] Listening at: http://0.0.0.0:8000 (7)
[2025-09-24 12:03:20 +0000] [7] [INFO] Using worker: eventlet
[2025-09-24 12:03:20 +0000] [11] [INFO] Booting worker with pid: 11
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: IRIS Server v2.4.20
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Min. API version supported: 2.0.4
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Max. API version supported: 2.0.5
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Min. module interface version supported: 1.1
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Max. module interface version supported: 1.2.0
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Session lifetime: 1 day, 0:00:00
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Authentication mechanism configured: local
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Authentication local fallback enabled
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: MFA disabled
2025-09-24 12:03:22 :: INFO :: configuration :: Config :: Create user during authentication: disabled
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143169130> with db name user. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143169220> with db name tlp. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143169f70> with db name ioc_type. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143169a00> with db name alerts. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x7701431064f0> with db name client. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143106670> with db name user. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143106850> with db name owner. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143106a30> with db name classification. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143106c10> with db name reviewer. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143106df0> with db name severity. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x770143106fd0> with db name alerts. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x77014310a1f0> with db name tags. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x77014310a3d0> with db name state. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x77014310a5b0> with db name review_status. Skipping field.
  warnings.warn(
/opt/venv/lib/python3.9/site-packages/graphene_sqlalchemy/types.py:207: UserWarning: No compatible filters found for <graphene.types.dynamic.Dynamic object at 0x77014310a790> with db name note_directories. Skipping field.
  warnings.warn(
2025-09-24 12:03:26 :: INFO :: post_init :: run_post_init :: IRIS v2.4.20
2025-09-24 12:03:26 :: INFO :: post_init :: run_post_init :: Running post initiation steps
2025-09-24 12:03:50 :: ERROR :: app :: log_exception :: Exception on /login [GET]
Traceback (most recent call last):
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 2190, in wsgi_app
    response = self.full_dispatch_request()
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1486, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/iriswebapp/app/blueprints/login/login_routes.py", line 157, in login
    form = LoginForm(request.form)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 212, in __call__
    return type.__call__(cls, *args, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/form.py", line 73, in __init__
    super().__init__(formdata=formdata, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 278, in __init__
    self.process(formdata, obj, data=data, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 132, in process
    field.process(formdata)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/csrf/core.py", line 43, in process
    self.current_token = self.csrf_impl.generate_csrf_token(self)
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 147, in generate_csrf_token
    return generate_csrf(
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 36, in generate_csrf
    secret_key = _get_config(
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 136, in _get_config
    raise RuntimeError(message)
RuntimeError: A secret key is required to use CSRF.
2025-09-24 12:03:55 :: ERROR :: app :: log_exception :: Exception on /login [GET]
Traceback (most recent call last):
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 2190, in wsgi_app
    response = self.full_dispatch_request()
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1486, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/iriswebapp/app/blueprints/login/login_routes.py", line 157, in login
    form = LoginForm(request.form)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 212, in __call__
    return type.__call__(cls, *args, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/form.py", line 73, in __init__
    super().__init__(formdata=formdata, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 278, in __init__
    self.process(formdata, obj, data=data, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 132, in process
    field.process(formdata)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/csrf/core.py", line 43, in process
    self.current_token = self.csrf_impl.generate_csrf_token(self)
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 147, in generate_csrf_token
    return generate_csrf(
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 36, in generate_csrf
    secret_key = _get_config(
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 136, in _get_config
    raise RuntimeError(message)
RuntimeError: A secret key is required to use CSRF.
2025-09-24 12:04:00 :: ERROR :: app :: log_exception :: Exception on /login [GET]
Traceback (most recent call last):
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 2190, in wsgi_app
    response = self.full_dispatch_request()
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1486, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
  File "/opt/venv/lib/python3.9/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/iriswebapp/app/blueprints/login/login_routes.py", line 157, in login
    form = LoginForm(request.form)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 212, in __call__
    return type.__call__(cls, *args, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/form.py", line 73, in __init__
    super().__init__(formdata=formdata, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 278, in __init__
    self.process(formdata, obj, data=data, **kwargs)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/form.py", line 132, in process
    field.process(formdata)
  File "/opt/venv/lib/python3.9/site-packages/wtforms/csrf/core.py", line 43, in process
    self.current_token = self.csrf_impl.generate_csrf_token(self)
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 147, in generate_csrf_token
    return generate_csrf(
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 36, in generate_csrf
    secret_key = _get_config(
  File "/opt/venv/lib/python3.9/site-packages/flask_wtf/csrf.py", line 136, in _get_config
    raise RuntimeError(message)
RuntimeError: A secret key is required to use CSRF.

Thank you

manosmustang avatar Sep 24 '25 12:09 manosmustang

Strange. In particular, I don't understand why your container's name is iris_app_dev. Shouldn't it rather be iriswebapp_app? Could you start from scratch and walk through all the commands to get to this state. On my side, if I do this sequence of commands, I am not able to replicate your problem:

git clone [email protected]:dfir-iris/iris-web.git
cd iris-web
git checkout v2.4.20
cp .env.model .env
docker compose up

c8y3 avatar Sep 26 '25 08:09 c8y3

Why? Because I have already a folder iris-web which is the production. I wanted to create another one for DEV.

manosmustang avatar Sep 26 '25 09:09 manosmustang

OK. Could you give me the exact sequence of commands you did so that I try to replicate your problem? I think I may have replicated the problem. What is the content of your .env file? Maybe the value for IRIS_SECRET_KEY is empty (or you don't even have the variable)?

c8y3 avatar Sep 26 '25 12:09 c8y3

I have removed everything and starting over

But .env was this

-----------------------------

Database

-----------------------------

POSTGRES_USER=iris POSTGRES_PASSWORD=iris POSTGRES_ADMIN_USER=iris_admin POSTGRES_ADMIN_PASSWORD=iris_admin_pw POSTGRES_DB=iris_dev POSTGRES_SERVER=db-dev POSTGRES_PORT=5432

-----------------------------

IRIS Secrets

-----------------------------

SECRET_KEY=9fad704fdcd1e299c8bb130963b145379c36fc41c7f82b69dd6c8263b77edd78

IRIS specific secret

IRIS_SECRET_KEY=9fad704fdcd1e299c8bb130963b145379c36fc41c7f82b69dd6c8263b77edd78

Salt for password hashing

IRIS_SECURITY_PASSWORD_SALT=4d631e45e803d8ffb8f12b30511a6595ddf0feb7f875068bd720c7613b57c623

-----------------------------

Logging

-----------------------------

LOG_LEVEL=INFO

-----------------------------

Worker

-----------------------------

IRIS_WORKER=true

-----------------------------

Web / Nginx (Dev mode only, HTTP only)

-----------------------------

IRIS_UPSTREAM_SERVER=app-dev IRIS_UPSTREAM_PORT=8000 IRIS_FRONTEND_SERVER=nginx-dev IRIS_FRONTEND_PORT=8081 INTERFACE_HTTPS_PORT=8081

manosmustang avatar Sep 26 '25 13:09 manosmustang

Your .env file looks very different from the default .env.model. Is your production DFIR-IRIS v2.0.0 or above? The .env files are not compatible, from my understanding. This setting does not exist in newer versions and causes issues if set:

IRIS_WORKER=true

I've also seen another issue (https://github.com/dfir-iris/iris-web/issues/984) today that pretty much boils down to same thing: outdated/invalid .env file.

When you said you removed everything and started over you probably copied the .env file of your existing installation rather than creating a new one from the template .env.model.

Try to create a new setup with the commands @c8y3 suggested:

git clone [email protected]:dfir-iris/iris-web.git
cd iris-web
git checkout v2.4.20
cp .env.model .env
docker compose up

I3urny avatar Dec 18 '25 14:12 I3urny