search

ONLYOFFICE / DocumentServer

ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
https://www.onlyoffice.com
GNU Affero General Public License v3.0
4.88k stars 1.09k forks source link

Upgrade > 5.6: Error: secretOrPrivateKey must have a value but there is one ... #938

Closed thommierother closed 4 years ago

thommierother commented 4 years ago

upgrade bug: after upgrade to 5.6 I get this exception in the out.log:

[2020-07-31T18:53:47.575] [ERROR] nodeJS - error receiving response: docId = undefined type = auth Error: secretOrPrivateKey must have a value at Object.module.exports [as sign] (/snapshot/server/build/server/DocService/node_modules/jsonwebtoken/sign.js:107:20) at fillJwtByConnection (/snapshot/server/build/server/DocService/sources/DocsCoServer.js:0:0) at sendAuthInfo (/snapshot/server/build/server/DocService/sources/DocsCoServer.js:0:0) at sendAuthInfo.next () at endAuth (/snapshot/server/build/server/DocService/sources/DocsCoServer.js:0:0) at endAuth.next () at auth (/snapshot/server/build/server/DocService/sources/DocsCoServer.js:0:0) at auth.next () at /snapshot/server/build/server/DocService/sources/DocsCoServer.js:0:0 at Generator.next () at onFulfilled (/snapshot/server/build/server/DocService/node_modules/co/index.js:65:19) at process._tickCallback (internal/process/next_tick.js:68:7)

local.json has:

    "inbox": {
      "header": "Authorization",
      "inBody": false
    },
    "outbox": {
      "header": "Authorization",
      "inBody": false
    }
  },
  "secret": {
    "inbox": {
      "string": "[--mysecret]"
    },
    "outbox": {
      "string": "[--mysecret]"
    },
    "session": {
      "string": ""
    }
  }

DocumentServer version: 5.6

ubuntu 18.x

I just dont understand the error msg because I have a secret here... I am using the old json file here, do we have new values here which need some defaults?

ShockwaveNN commented 4 years ago

Hi, seems this problem because your secret:session:string value is empty and we think this is not correct

Could you replace this key in local.json so default value is used?

thommierother commented 4 years ago

ok, now I have

      "secret": {
        "inbox": {
          "string": "[mysecret]"
        },
        "outbox": {
          "string": "[mysecret]"
        },
        "session": {
          "string": "secret"
        }
      }

The exception in the out.log is gone, but now I see "unknown error" in the UI (see screenshot) Screenshot_20200803_111152

Also owncloud.log has no errors.

Bye, Thommie

ShockwaveNN commented 4 years ago

Is there no other error in any DocumentServer logs? Try to set session secret same as your inbox-outbox secret

thommierother commented 4 years ago

Even with the same secret I get the "unknown error". Nothing interesting in the out.log, also not in the other log directories. Only thing I see are some warnings, but supervisorctl starts all services without errors:

[2020-08-03T06:25:03.616] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2020-08-03T08:12:26.353] [WARN] nodeJS - Express server starting...
[2020-08-03T08:12:26.356] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2020-08-03T08:12:26.523] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2020-08-03T08:15:17.555] [WARN] nodeJS - Express server starting...
[2020-08-03T08:15:17.557] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2020-08-03T08:15:17.689] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2020-08-03T09:36:32.705] [WARN] nodeJS - Express server starting...
[2020-08-03T09:36:32.708] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2020-08-03T09:36:32.849] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
ShockwaveNN commented 4 years ago

@thommierother Could you show your browser dev tools and js console? Seems there may some errors

thommierother commented 4 years ago

Firefox Web console shows nothing spectacular:

12:09:30.079 Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf inline blockiert ("script-src"). 2 content-script.js:40:65
12:09:30.853 JQMIGRATE: Migrate is installed, version 1.4.0 jquery-migrate.min.js:2:552
12:09:30.871 Layout-Darstellung wurde erzwungen, bevor die Seite vollständig geladen war. Falls Stylesheet noch nicht geladen sind, kann dies zu einem kurzzeitigen Darstellung des Inhalts ohne Formatierung führen. jquery.js:9000:14
12:09:31.295 window.controllers/Controllers sollte nicht mehr verwendet werden. Verwenden Sie es nicht für die Browser-Erkennung. ace.js:1362
12:09:32.882 Deprecation warning: tipsy is deprecated. Use tooltip instead. js.js:2311:10

Can we increase the logging of the connector app on the Owncloud side and on the documentserver somehow?

ShockwaveNN commented 4 years ago

Could you attach screenshot of network tab of Debug Tool in Google Chrome Also could you send network logs from Chrome as HAR (Export HAR button on screenshot Screenshot_20200803_134937

thommierother commented 4 years ago

Screenshot_20200803_131034

Hm, that 403 is strange, I would expect to see this in the logs too ... I'm on Chromium, cant see the har export option here ...

ShockwaveNN commented 4 years ago

Could you expamnd console windows more? Also seems there should be some errors in nginx.log

thommierother commented 4 years ago

Screenshot_20200803_133119

I see nothing in

root@docs:/var/log/onlyoffice/documentserver# ls -la total 176 drwxr-xr-x 7 ds ds 4096 Aug 3 06:25 . drwxr-xr-x 4 root root 4096 Nov 3 2019 .. drwxr-xr-x 2 ds ds 4096 Aug 3 06:25 converter drwxr-xr-x 2 ds ds 4096 Aug 3 06:25 docservice drwxr-xr-x 2 ds ds 4096 Mär 18 06:25 gc drwxr-xr-x 2 ds ds 4096 Aug 3 06:25 metrics -rw-r--r-- 1 www-data ds 0 Aug 3 06:25 nginx.error.log

ShockwaveNN commented 4 years ago

Are files in /var/log/nginx/ also empty?

Could you provide full path to file with 403 error, I still cannot see on your screen, you should make view wider

thommierother commented 4 years ago

Screenshot_20200803_140309

Hm, just deleting the cache probably?

thommierother commented 4 years ago

root@docs:/var/log/nginx# tail access.log 165.22.43.233 - - [03/Aug/2020:07:14:18 +0000] "HEAD / HTTP/1.0" 301 0 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)" 49.89.247.10 - - [03/Aug/2020:07:55:28 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 212.8.50.121 - - [03/Aug/2020:08:47:53 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36" 91.234.62.26 - - [03/Aug/2020:08:48:49 +0000] "POST /HNAP1/ HTTP/1.0" 301 178 "-" "-" 68.50.143.81 - - [03/Aug/2020:09:29:54 +0000] "GET / HTTP/1.1" 301 178 "-" "-" 64.227.50.51 - - [03/Aug/2020:09:29:55 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 87.107.58.102 - - [03/Aug/2020:09:52:48 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" 176.126.175.10 - - [03/Aug/2020:10:01:00 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 zgrab/0.x" 167.114.227.94 - - [03/Aug/2020:11:32:51 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 166 "-" "-"

thommierother commented 4 years ago

Screenshot_20200803_140607

ShockwaveNN commented 4 years ago

This error with Editor.bin is the reason of error with opening file, this file is REQUIRED to correctly work of DocumentServer

You should dig in logs and find out why access to this file is forbidden

thommierother commented 4 years ago

ok. I dont remember any problems when updating the docserver repo, will look into the upgrade logs ...

ShockwaveNN commented 4 years ago

Also we have one idea

Seems this has something to do with that change https://github.com/ONLYOFFICE/server/commit/5fea8d9e7a7f9321c4a30c48d1f5405c98a6216c

Could you tak a look at your configs and see that secret_string is same for those files I checkd in default docker image

grep -rnw /etc/onlyoffice/ -e 'verysecretstring'
/etc/onlyoffice/documentserver/nginx/includes/ds-docservice.conf:43:  set $secret_string verysecretstring;
/etc/onlyoffice/documentserver/default.json:24:      "secretString": "verysecretstring"

If they are same - try to restart all services, including nginx

thommierother commented 4 years ago

ok, I will check and return info here

thommierother commented 4 years ago

A re-installation of the docserver package and re-installation of the old configs solved the problem. There was some error in the rpm installation process (post remove script)) and even a forced purge could not remove the package completely. Needed some manual hacks but now its ok. Next problem appears with the latest Owncloud 10.5, see next issue ...