search

PhilippC / keepass2android

Password manager app for Android
https://play.google.com/store/apps/details?id=keepass2android.keepass2android
GNU General Public License v3.0
4.78k stars 386 forks source link

WebDav, https, upload error, Received unexpected response: Response{protocol=http/1.1, code=403 #1764

Open JTVanselow opened 3 years ago

JTVanselow commented 3 years ago

Received unexpected response: Response{protocol=http/1.1, code=403 (or 500 or... different error codes depended on when I try this)

I use a Synology Diskstation with WebDav, and https standard port 5006 to store and access the kdbx file. I can access, open and save the database from Windows, with keepass2android the database opens, but I cannot save new entries or synchronize.

Android device is a Google Pixel 5 with Android 11, keepass2android is 1.09a-r3

This issue persists since about beginning of July, but not exactly sure. I have been using this setup for more than one year after I moved from Dropbox to WebDav.

abraunisch commented 3 years ago

i have the same probleme here with an Huawei P30 Pro (Android 10), Keepass2Android 1.09a-r3

extract of the protocol from Keepass2Android (i replace my URL by xxx.de) 21.08.2021 19:53:34:585 -- Received unexpected response: Response{protocol=http/1.1, code=403, message=Forbidden, url=https://xxx.de:5006/home/Drive/andreas.kdbx}

nanuit commented 3 years ago

I have the same problem with synology Webdav Server

It looks like Synolo0gy changed the behaviour of the server. The reason why there is a 403 on synchronize is, that the webdav server does not allow upload anymore if the file already exists.

The problem would be solved when keepass2android is using the same procedure as Keepass: upload the database as .tmp then delete the original kdbx and move the .tmp to .kdbx. That works fine.

I am looking into changing the behaviour of the synology webdav server but my suggested procedure would help also for other webdav server with the same restriction (1 & 1 Servers do it also) and it would conform with Keepass.

nanuit commented 3 years ago

I managed to solve the problem with synology WEBDAV Server. You have to activate the Windows ACL for the folder you are using with Webdav and set the correct permissins.

But that is only a solution for synology, so please change the behaviour in the app or let us choose which method we will use

v3DJG6GL commented 3 years ago

I'm facing the same issue since I've updated my Synology NAS to DSM7. However, since my KeePass database is stored at my /home folder, I am not able to activate Windows ACL. The specific settings are located here: "Control Panel" --> "Shared Folder" --> "Edit" (select the shared folder you want to Activate Windows ACL) --> "Permissions" --> "Custom"

However, those settings are not changeable for /homes directories where my KeePass database is located. So for now, I only can view and not edit my KeePass database with KeePass2Android.

PhilippC commented 3 years ago

@nanuit unless you changed the behavior in the app's settings, that's what Keepass does as well (except that the .tmp file has an additional random string in the filename to avoid potential collisions if two instances upload data at the same time). You can find this in app settings under "File handling"

v3DJG6GL commented 3 years ago

@PhilippC you are talking about KeePass2Android, right? I have tried mulitple settings under "File handling" but always with the same result while synchronizing: Received unexpected response: Response{protocol=http/1.1, code=403 [...] Which exact setting dou you mean?

chriscamicas commented 3 years ago

@PhilippC I have the exact same issue. I uninstalled my keepass2android app on my phone to be sure the settings were set to their default values (every checkbox is checked in the File Handling page) Unfortunately it does not work. On the WebDav server side, I can see in the logs that the client app (Keepass2android) is trying to upload directly the file instead of a tmp file. I have an upload event in the webdav server, and the file is mydb.kdbx

To be sure, I checked with another Keepass client (KeeWeb), and the behavior is different, and similar to what you mentionned upload some_temp_name.kdbx.some_random_number move some_temp_name.kdbx.some_random_number > mydb.kdbx

my guess is there is an issue in the app, since it does not work as you mentionned (and as expected) Let me know if you need more info or help

nanuit commented 3 years ago

@nanuit unless you changed the behavior in the app's settings, that's what Keepass does as well (except that the .tmp file has an additional random string in the filename to avoid potential collisions if two instances upload data at the same time). You can find this in app settings under "File handling"

Do you mean the setting "File transactions" I have this activated and still there is only one upload command sent to Webdav no tmp file. Is there another setting to influence this?

nanuit commented 3 years ago

I'm facing the same issue since I've updated my Synology NAS to DSM7. However, since my KeePass database is stored at my /home folder, I am not able to activate Windows ACL. The specific settings are located here: "Control Panel" --> "Shared Folder" --> "Edit" (select the shared folder you want to Activate Windows ACL) --> "Permissions" --> "Custom"

However, those settings are not changeable for /homes directories where my KeePass database is located. So for now, I only can view and not edit my KeePass database with KeePass2Android.

I also have my keepass database in my home directory and was able to convert it to Windows ACL. I have activated it not vioa the "edit" menu but with the "Actions" -> "Convert to Windows ACL" You have to be aware about the different behaviour of permission with Windows ACL. So you have to check the PErmission espacially in the homes dierectory for every user. Synology does, as always, the things a little bit different then expected

PhilippC commented 3 years ago

Sorry, I just realized that the current WebDav implementation does not respect the File transaction flag. Will add this to my todo list.

v3DJG6GL commented 3 years ago

You have to be aware about the different behaviour of permission with Windows ACL. So you have to check the PErmission espacially in the homes dierectory for every user. Synology does, as always, the things a little bit different then expected

Thanks, now I found those specific settings.

Although I prefer to wait for @PhilippC new implementation of WebDav. Thanks for all your work!

E-J-D commented 2 years ago

Reverse Proxy additional info. My setup is similar. WebDAV on Synolgy DSM 6.x and WebDAV error as mentioned above. I use the WebDAV behind a NGINX reverse proxy and found out that it stopped working when I upgraded from CLI NGINX on debian 10 to NGINX on OPNSENSE. Seems to me that some very fine configuration details are responsible for the missbehaviour.

matt-aubert commented 2 years ago

@PhilippC : thank you for you work

Same behavior here, any forecast due date for this release ?

matt-aubert commented 2 years ago

I managed to solve the problem with synology WEBDAV Server. You have to activate the Windows ACL for the folder you are using with Webdav and set the correct permissins.

But that is only a solution for synology, so please change the behaviour in the app or let us choose which method we will use

Thanks a lot, it works properly and makes my life easier (again) !