OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
690 stars 95 forks source link

Outlook Addin Office.context.mailbox.makeEwsRequestAsync FindItems is broken and failing with 403 forbidden #4292

Open albaraks opened 8 months ago

albaraks commented 8 months ago

Provide required information needed to triage your issue

Our addin issues an EWS FindItems request using Office.context.mailbox.makeEwsRequestAsync and now it stopped working. It was working for the last few years and no new changes have been applied. The request works fine against on-premise exchange server but broken on O365 cloud endpoint. Here is the request and response

<?xml version="1.0" encoding="utf-8"?> </soap:Header> Default</t:BaseShape></t:AdditionalProperties></m:ItemShape></m:ParentFolderIds></t:Contains></t:Or></m:Restriction></m:FindItem> </soap:Body></soap:Envelope>

The server response is

{WasProxySuccessful: false, ErrorMessage: "The remote server returned an error: (403) Forbidden.",…} Body: null ErrorMessage: "The remote server returned an error: (403) Forbidden." StatusCode: 0 StatusDescription: null WasProxySuccessful: false

Your Environment

Expected behavior

A valid list of items that match the specified query

Current behavior

The request is failing with 403

Steps to reproduce

Issue an EWS request from Outlook Addin "FindItems" as shown above




Link to live example(s)




Provide additional details

We are testing this on a consumer account lockmagic@outlook.com. This was working for many years now and our customers have noticed it stopped working




Context

We are unable to search from our addin for mail items that match a specific user criteria

Useful logs

From the browser debuggers

Request: https://outlook.live.com/owa/0/service.svc?action=ExecuteEwsProxy&UA=0&app=Mail&n=1467 Payload: {"__type":"EwsProxyRequestParameters:#Exchange","Body":"<?xml version=\"1.0\" encoding=\"utf-8\"?> <soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" \t\t xmlns:m=\"http://schemas.microsoft.com/exchange/services/2006/messages\" xmlns:t=\"http://schemas.microsoft.com/exchange/services/2006/types\"> <t:RequestServerVersion Version=\"Exchange2013\"/> </soap:Header> <m:FindItem Traversal=\"Shallow\">Default</t:BaseShape><t:FieldURI FieldURI=\"item:Subject\" /><t:FieldURI FieldURI=\"item:DateTimeReceived\" /><t:FieldURI FieldURI=\"item:Size\" /><t:FieldURI FieldURI=\"item:Importance\" /><t:FieldURI FieldURI=\"message:IsRead\" /><t:FieldURI FieldURI=\"message:From\" /><t:FieldURI FieldURI=\"item:DisplayTo\" /></t:AdditionalProperties></m:ItemShape><t:DistinguishedFolderId Id=\"inbox\"/></m:ParentFolderIds><t:Contains ContainmentMode=\"Substring\" ContainmentComparison=\"IgnoreCase\"><t:FieldURI FieldURI=\"item:Body\" /><t:Constant Value=\" foo\" /></t:Contains></t:Or></m:Restriction></m:FindItem> </soap:Body></soap:Envelope>","Token":""

Thank you for taking the time to report an issue. Our triage team will respond to you in less than 72 hours. Normally, response time is <10 hours Monday through Friday. We do not triage on weekends.

albaraks commented 8 months ago

Any update?

exextoc commented 8 months ago

@albaraks, which client are you experiencing this issue in? Are you seeing this in the old classic Desktop Outlook client, the New Outlook client, the web client (OWA), Mac Outlook or the mobile client? Also, do you know whether other EWS operations work?

albaraks commented 8 months ago

Hi,

I'm using OWA. Yes, EWS GetItem also fails with the same error message.

Thanks

On Thu, Mar 28, 2024 at 7:45 PM Outlook Add-ins Team - MSFT < @.***> wrote:

@albaraks https://github.com/albaraks, which client are you experiencing this issue in? Are you seeing this in the old classic Desktop Outlook client, the New Outlook client, the web client (OWA), Mac Outlook or the mobile client? Also, do you know whether other EWS operations work?

— Reply to this email directly, view it on GitHub https://github.com/OfficeDev/office-js/issues/4292#issuecomment-2026515899, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFPXU4LZ2N3EDGYWEOVYOG3Y2TIVDAVCNFSM6AAAAABFGDLLK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRWGUYTKOBZHE . You are receiving this because you were mentioned.Message ID: @.***>

-- Best, Ahmed

Secure your emails and install Lockmagic browser extension https://chrome.google.com/webstore/detail/lockmagic-gmail-extension/gmginoamabjegaokkopplmenagbgdojn?hl=en-US to seamlessly send and open encrypted messages.

Visit Lockmagic.com https://Lockmagic.com/start.aspx for more information.

akagarwa-msft commented 8 months ago

Are you able to make the EWS calls directly without Add-ins? And do the calls succeed?

albaraks commented 8 months ago

I didn't try that. This addin was working for at least 3 years and suddenly stopped working. I reported previously about 2 weeks ago that getting a callback token was not working and was fixed. Now, EWSRequestAsync doesn't work with 403. I believe they are related to some changes in your system. I'm using my outlook.com and hotmail.com email addresses and consistently failing. If I try it on some other environment then the flow is not the same and doesn't help in narrowing down the issue in your end. Why can't you verify this in your end?

rajjha-msft commented 7 months ago

Hey @albaraks

This forum is limited to supporting office-js apis.

For effective guidance with respect to ews specific queries, please get help from the ews forum as mentioned in the EWS documentation https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/start-using-web-services-in-exchange https://social.technet.microsoft.com/Forums/en-US/home?forum=exchangesvrdevelopment

albaraks commented 7 months ago

Hi Rajesh,

The issue is specific to office-js APIS. As I mentioned in the original description the regression is in Office.context.mailbox.makeEwsRequestAsync api.

I don't understand why you want us to report it as an EWS issue when this api call was working for the past 3 years and now doesn't work. Nothing changed in our Addin.

Also, we would appreciate a more prompt response when our customer experience is currently broken.

Thanks for your help and support

On Wed, Apr 3, 2024 at 10:35 PM Rajesh Kr @.***> wrote:

Hey @albaraks https://github.com/albaraks

This forum is limited to supporting office-js apis.

For effective guidance with respect to ews specific queries, please get help from the ews forum as mentioned in the EWS documentation https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/start-using-web-services-in-exchange

https://social.technet.microsoft.com/Forums/en-US/home?forum=exchangesvrdevelopment

— Reply to this email directly, view it on GitHub https://github.com/OfficeDev/office-js/issues/4292#issuecomment-2036226084, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFPXU4ICUEBQXMHQKOCTX7LY3TRDPAVCNFSM6AAAAABFGDLLK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZWGIZDMMBYGQ . You are receiving this because you were mentioned.Message ID: @.***>

-- Best, Ahmed

Secure your emails and install Lockmagic browser extension https://chrome.google.com/webstore/detail/lockmagic-gmail-extension/gmginoamabjegaokkopplmenagbgdojn?hl=en-US to seamlessly send and open encrypted messages.

Visit Lockmagic.com https://Lockmagic.com/start.aspx for more information.

rajjha-msft commented 7 months ago

Hey @albaraks, can you check once if you're to make the EWS calls directly without Add-ins?

albaraks commented 7 months ago

HI Rajesh,

We don't know how to do that. We are primarily javascript developers. If you send us a program to run against our consumer account we can try it out. Or, best if you can simply repro the issue in your end. I'm sure you have a test suite that can execute the same flow as our addin.

Thanks for your support

On Thu, Apr 4, 2024 at 5:04 AM Rajesh Kr @.***> wrote:

Hey @albaraks https://github.com/albaraks, can you check once if you're to make the EWS calls directly without Add-ins?

— Reply to this email directly, view it on GitHub https://github.com/OfficeDev/office-js/issues/4292#issuecomment-2036996539, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFPXU4OBBASX74VHFUSJZDTY3U6VJAVCNFSM6AAAAABFGDLLK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZWHE4TMNJTHE . You are receiving this because you were mentioned.Message ID: @.***>

-- Best, Ahmed

Secure your emails and install Lockmagic browser extension https://chrome.google.com/webstore/detail/lockmagic-gmail-extension/gmginoamabjegaokkopplmenagbgdojn?hl=en-US to seamlessly send and open encrypted messages.

Visit Lockmagic.com https://Lockmagic.com/start.aspx for more information.

albaraks commented 7 months ago

Ping, any update on how to resolve this issue?

rkpathak commented 7 months ago

@albaraks There are some errors in the EWS body that you have shared above. I made some changes in the body and ran, its running fine. Can you try the updated EWS query body given below:

var request = '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema\" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" \t\t xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"> '+ ' <soap:Header> <t:RequestServerVersion Version="Exchange2013"/> </soap:Header> <soap:Body><m:FindItem Traversal="Shallow"><m:ItemShape><t:BaseShape>Default</t:BaseShape><t:AdditionalProperties><t:FieldURI FieldURI="item:Subject" /><t:FieldURI FieldURI="item:DateTimeReceived" /><t:FieldURI FieldURI="item:Size" /><t:FieldURI FieldURI="item:Importance" /><t:FieldURI FieldURI="message:IsRead" /><t:FieldURI FieldURI="message:From" /><t:FieldURI FieldURI="item:DisplayTo" /></t:AdditionalProperties></m:ItemShape><m:ParentFolderIds><t:DistinguishedFolderId Id="inbox"/></m:ParentFolderIds><m:Restriction><t:Or><t:Contains ContainmentMode="Substring" ContainmentComparison="IgnoreCase"><t:FieldURI FieldURI="item:Body" /><t:Constant Value=" foo" /></t:Contains></t:Or></m:Restriction></m:FindItem> </soap:Body></soap:Envelope>' Office.context.mailbox.makeEwsRequestAsync(request, function (asyncResult) { if (asyncResult.status == "failed") { console.log("Action failed with error: " + asyncResult.error.message); } else { console.log(asyncResult.value); } }); See if this resolves your issue.

albaraks commented 7 months ago

Hi Rajesh,

Still same error 403.

WasProxySuccessful: false, ErrorMessage: "The remote server returned an error: (403) Forbidden.",…}

I don't think it has anything to do with the format of the query, as I mentioned this was working for at least 3 years. Recently there was a change in callback token and I reported it a few weeks ago. It was fixed. I think this is related to the token not having the right access given it's a 403 - permission error.

On Mon, Apr 8, 2024 at 9:43 AM rkpathak @.***> wrote:

@albaraks https://github.com/albaraks There are some errors in the EWS body that you have shared above. I made some changes in the body and ran, its running fine. Can you try the updated EWS query body given below:

'<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema\" xmlns:soap=" http://schemas.xmlsoap.org/soap/envelope/" \t\t xmlns:m=" http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t=" http://schemas.microsoft.com/exchange/services/2006/types"> '+ '

Default ' See if this resolves your issue. — Reply to this email directly, view it on GitHub , or unsubscribe . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- Best, Ahmed

Secure your emails and install Lockmagic browser extension https://chrome.google.com/webstore/detail/lockmagic-gmail-extension/gmginoamabjegaokkopplmenagbgdojn?hl=en-US to seamlessly send and open encrypted messages.

Visit Lockmagic.com https://Lockmagic.com/start.aspx for more information.

JulienSchneider commented 7 months ago

I have a very similar issue: https://github.com/OfficeDev/office-js/issues/4353

rkpathak commented 7 months ago

Thanks for reporting this issue. It has been put on our backlog. We unfortunately have no timelines to share at this point.

Internal tracking id: Office: [269409]

albaraks commented 7 months ago

Hello there,

Thank you for acknowledging the EWS access issue affecting consumer accounts. While I understand the need for prioritization, I believe this issue warrants a P0 classification due to its impact on our customers.

We've been receiving weekly complaints from paying O365 and product subscribers who are experiencing a broken experience due to this regression. As you know, EWS is critical for the functionality of many Outlook add-ins, and its failure disrupts data access for our users. Can we have this addressed with urgency?

On Sat, Apr 13, 2024 at 12:26 AM rkpathak @.***> wrote:

Thanks for reporting this issue. It has been put on our backlog. We unfortunately have no timelines to share at this point.

Internal tracking id: Office: [269409]

— Reply to this email directly, view it on GitHub https://github.com/OfficeDev/office-js/issues/4292#issuecomment-2053556136, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFPXU4KBZARP7LYH6XR3YSDY5DMYRAVCNFSM6AAAAABFGDLLK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJTGU2TMMJTGY . You are receiving this because you were mentioned.Message ID: @.***>

-- Best, Ahmed

Secure your emails and install Lockmagic browser extension https://chrome.google.com/webstore/detail/lockmagic-gmail-extension/gmginoamabjegaokkopplmenagbgdojn?hl=en-US to seamlessly send and open encrypted messages.

Visit Lockmagic.com https://Lockmagic.com/start.aspx for more information.

ja-donald commented 3 months ago

Hello there, I'm also facing the issue. I wonder if there is any work-around solution or it got fixed yet?

alexbrown2602 commented 1 week ago

Hello there, I'm also facing the issue. any solution?