search

SURFnet / rd-sram-integration

Research Drive / SURF Research Access Management Integration
2 stars 3 forks source link

incompatible with password policy app? #241

Open michielbdejong opened 1 year ago

michielbdejong commented 1 year ago

It seems that if the password policy app is enabled on the sending server, then the following error happens:

{"reqId":"ZO3ses-m8xYwThPZ6Z8CnQAAAA0","level":0,"time":"29\/Aug\/2023:15:02:50","remoteAddr":"127.0.0.1","user":"--","app":"OC\\Authentication\\Token\\DefaultTokenProvider::invalidateToken","method":"GET","url":"\/","message":"invalidating token 8ba0030806d5de754c46917fb2b5dd40e1d946cc8cc827aa1190b3f1750f6a8d17e0cd57774b7ad0620104930c5ff1abfae696ea2a269962b5aaf47a262c523f"}
{"reqId":"ZO3seSzI4_BYkPIw_YbTqwAAAAA","level":3,"time":"29\/Aug\/2023:15:02:51","remoteAddr":"10.234.2.172","user":"breek001@surf.nl","app":"no app in context","method":"POST","url":"\/index.php\/apps\/files_sharing\/api\/externalShares","message":"Exception: {\"Exception\":\"Sabre\\\\HTTP\\\\ClientHttpException\",\"Message\":\"Unauthorized\",\"Code\":401,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Client.php(229): Sabre\\\\HTTP\\\\Client->send()\\n#1 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/DAV.php(264): Sabre\\\\DAV\\\\Client->propFind()\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_sharing\\\/lib\\\/External\\\/Storage.php(378): OC\\\\Files\\\\Storage\\\\DAV->propfind()\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Common.php(637): OCA\\\\Files_Sharing\\\\External\\\\Storage->getPermissions()\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(586): OC\\\\Files\\\\Storage\\\\Common->getMetaData()\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Availability.php(459): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->getMetaData()\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Checksum.php(206): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Availability->getMetaData()\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(586): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Checksum->getMetaData()\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(586): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->getMetaData()\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Cache\\\/Scanner.php(115): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->getMetaData()\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Cache\\\/Scanner.php(150): OC\\\\Files\\\\Cache\\\\Scanner->getData()\\n#11 \\\/var\\\/www\\\/owncloud\\\/apps\\\/opencloudmesh\\\/lib\\\/Files_Sharing\\\/External\\\/AbstractManager.php(270): OC\\\\Files\\\\Cache\\\\Scanner->scanFile()\\n#12 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_sharing\\\/lib\\\/Controllers\\\/ExternalSharesController.php(113): OCA\\\\OpenCloudMesh\\\\Files_Sharing\\\\External\\\\AbstractManager->getShareFileId()\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(169): OCA\\\\Files_Sharing\\\\Controllers\\\\ExternalSharesController->create()\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(89): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController()\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(99): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch()\\n#16 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main()\\n#17 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(344): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke()\\n#18 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(916): OC\\\\Route\\\\Router->match()\\n#19 \\\/var\\\/www\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#20 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/lib\\\/composer\\\/sabre\\\/http\\\/lib\\\/Client.php\",\"Line\":163}"}
{"reqId":"ZO3seSzI4_BYkPIw_YbTqwAAAAA","level":3,"time":"29\/Aug\/2023:15:02:51","remoteAddr":"10.234.2.172","user":"breek001@surf.nl","app":"files_external","method":"POST","url":"\/index.php\/apps\/files_sharing\/api\/externalShares","message":"Unauthorized"}
{"reqId":"ZO3seSzI4_BYkPIw_YbTqwAAAAA","level":3,"time":"29\/Aug\/2023:15:02:51","remoteAddr":"10.234.2.172","user":"breek001@surf.nl","app":"index","method":"POST","url":"\/index.php\/apps\/files_sharing\/api\/externalShares","message":"Exception: {\"Exception\":\"OCP\\\\Files\\\\StorageInvalidException\",\"Message\":\"Sabre\\\\HTTP\\\\ClientHttpException: Unauthorized\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/DAV.php(860): OC\\\\Files\\\\Storage\\\\DAV->throwByStatusCode()\\n#1 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/DAV.php(279): OC\\\\Files\\\\Storage\\\\DAV->convertException()\\n#2 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_sharing\\\/lib\\\/External\\\/Storage.php(378): OC\\\\Files\\\\Storage\\\\DAV->propfind()\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Common.php(637): OCA\\\\Files_Sharing\\\\External\\\\Storage->getPermissions()\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(586): OC\\\\Files\\\\Storage\\\\Common->getMetaData()\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Availability.php(459): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->getMetaData()\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Checksum.php(206): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Availability->getMetaData()\\n#7 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(586): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Checksum->getMetaData()\\n#8 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/Wrapper\\\/Wrapper.php(586): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->getMetaData()\\n#9 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Cache\\\/Scanner.php(115): OC\\\\Files\\\\Storage\\\\Wrapper\\\\Wrapper->getMetaData()\\n#10 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Cache\\\/Scanner.php(150): OC\\\\Files\\\\Cache\\\\Scanner->getData()\\n#11 \\\/var\\\/www\\\/owncloud\\\/apps\\\/opencloudmesh\\\/lib\\\/Files_Sharing\\\/External\\\/AbstractManager.php(270): OC\\\\Files\\\\Cache\\\\Scanner->scanFile()\\n#12 \\\/var\\\/www\\\/owncloud\\\/apps\\\/files_sharing\\\/lib\\\/Controllers\\\/ExternalSharesController.php(113): OCA\\\\OpenCloudMesh\\\\Files_Sharing\\\\External\\\\AbstractManager->getShareFileId()\\n#13 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(169): OCA\\\\Files_Sharing\\\\Controllers\\\\ExternalSharesController->create()\\n#14 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(89): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController()\\n#15 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(99): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch()\\n#16 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main()\\n#17 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(344): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke()\\n#18 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(916): OC\\\\Route\\\\Router->match()\\n#19 \\\/var\\\/www\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#20 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Files\\\/Storage\\\/DAV.php\",\"Line\":896}"}

Reported by Tom, trying to reproduce it in my dev env.

michielbdejong commented 1 year ago

https://marketplace.owncloud.com/apps/password_policy

michielbdejong commented 1 year ago

Install password_policy on oc1.docker:

docker exec -it -u www-data --workdir /var/www/html/apps oc1.docker git clone  https://github.com/owncloud/password_policy
docker exec -it -u www-data --workdir /var/www/html/apps/password_policy oc1.docker composer install
docker exec -it -u www-data oc1.docker ./occ app:enable password_policy

Install password_policy on oc2.docker:

docker exec -it -u www-data --workdir /var/www/html/apps oc2.docker git clone  https://github.com/owncloud/password_policy
docker exec -it -u www-data --workdir /var/www/html/apps/password_policy oc2.docker composer install
docker exec -it -u www-data oc2.docker ./occ app:enable password_policy
michielbdejong commented 1 year ago

Hm, after installing the password policy app on both servers it still seems to work, I can't reproduce the problem. The 'storage invalid' exception seems to be thrown in the receiving server because the PROPFIND fails. I'll find the curl command that does this PROPFIND so we can debug it further.

michielbdejong commented 1 year ago

Tried again, cannot reproduce. I asked Tom for a zip of their /var/www/html/apps folder, maybe I can find something in there.