Closed metronidazole closed 10 months ago
Caldav has been broken for four months for all users of fastmail after they added broken oauth support in TB 115.
Hmm, we had a support case complaining about Fastmail CalDAV. After some to-and-fro, he reporter wrote:
I started to write the email to support and decided to try deleting my the calendar and having it re-discover it for the account. Once I did that both BB & TB started prompting for and accepting the app-password correctly instead of trying to force a full account login for the calendar. So either deleting the calendar and re-adding it somehow resolves the problem, or perhaps Fastmail found a workaround on their end and did not log it to the ticket.
We encouraged the reporter to report his findings in the bug, and they left this comment: https://bugzilla.mozilla.org/show_bug.cgi?id=1843405#c11
Other than that, we have no special Calendar or CalDAV knowledge. The Fastmail developer would be the best person to talk to, we wrote to him and received no reply:
10th October 2023:
Hi Rob,
Greetings from the Betterbird project.
We were contacted by a BB user, CC'ed here, asking us whether he could sponsor fixing this bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1843405
You wrote in comment #9:
This requires a bunch of digging through and adding logging to code to understand how thunderbird is using oauth tokens in the calendar part of the code, and I just haven't had time for that recently. If there's someone at mozilla with experience with the calendar authentication code that could help with this, I'd love to work with them to track down what's happening here.
Well, we don't quite fit the requirement: a) we're not at Mozilla, b) no experience with calendar code. So we'd just like to see whether you see any way forward here given that the TB folks are in hibernating mode, at least, that's how it appears.
As for the logging code you mentioned: Anyone can add that as this code is purely JS:
Rename onmi.ja to omni.zip and extract the ZIP file. Then make changes to whichever file you like, adding console.log() or console.trace(). Then start TB with thunderbird -p -purgecaches
. You're logging will take effect immediately. Of course this also works on the current release version 115, so there is no need to have a development environment or build the application.
BTW, Calendar OAuth is here:
https://searchfox.org/comm-esr115/search?q=oauth2&path=&case=false®exp=false
Throwing in a bit of debug here
would likely (no promises made) go a far way to analysing the issue.
If you're interested, please get in touch with a plan to tackle this.
Kind regards, ...
Alternatively, can you just patch out lines 69-72 of OAuth2Providers.jsm?
That will stop it being recognised as an oauth compatible service.
It's broken anyway, so deleting it won't remove any functionality. If and when it's fixed upstream in a few years time, the patch can be removed.
Why would removing CardDAV change anything for CalDAV? I can only see this special Fastmaill CalDAV code: https://searchfox.org/comm-esr115/search?q=dav.fastmail.com&path=&case=false®exp=false https://searchfox.org/comm-esr115/rev/83cd9eed2db5685641fb978ac178ceaf9406be30/calendar/providers/caldav/modules/CalDavSession.jsm#377
As we wrote, one user reported that removing and re-adding the calendar fixed the problem for them. Is that not the case?
Why would removing CardDAV change anything for CalDAV? I can only see this special Fastmaill CalDAV code:
You're right, I misread that
As we wrote, one user reported that removing and re-adding the calendar fixed the problem for them. Is that not the case?
It didn't when I first encountered the bug a few months ago but it seems to now work. I had to use a different url though https://caldav.fastmail.com/
So, case really closed, right?
Can you please add an option that allows users to disable oauth support for caldav? Caldav has been broken for four months for all users of fastmail after they added broken oauth support in TB 115. There is no momentum in fixing this problem upstream.
Happy to donate some money if this can be implemented to workaround this showstopper.