search

etesync / etesync-dav

This is a CalDAV and CardDAV adapter for EteSync
https://www.etesync.com
GNU General Public License v3.0
295 stars 50 forks source link

HMAC misatch on MacOS #77

Closed zakkak closed 5 years ago

zakkak commented 5 years ago

Running etesync-dav -D (on mac) gives me the following error when adding CalDav account.

This is a fresh install. I added the new user from the webUI (localhost:37359). When I try to add the CalDav account from "Preferences -> Internet Accounts" I get the following in the terminal (on the Preferences dialog I get "Unable to verify account or password")

$ ./etesync-dav -D
 * Serving Flask app "etesync_dav.webui" (lazy loading)
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: off
[10c5565c0] INFO: Starting Radicale
[10c5565c0] INFO: Authentication type is 'htpasswd'
[10c5565c0] INFO: Storage type is 'etesync_dav.radicale.storage'
[10c5565c0] INFO: Rights type is 'etesync_dav.radicale.rights'
[10c5565c0] INFO: Web type is 'etesync_dav.radicale.web'
 * Running on http://127.0.0.1:37359/ (Press CTRL+C to quit)
[10c5565c0] INFO: Listening to '1.0.0.127.in-addr.arpa' on port 37358 using SSL
[10c5565c0] INFO: Radicale server ready
127.0.0.1 - - [28/Jul/2019 00:52:03] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [28/Jul/2019 00:52:03] "GET /login/ HTTP/1.1" 200 -
127.0.0.1 - - [28/Jul/2019 00:52:08] "POST /login/ HTTP/1.1" 302 -
127.0.0.1 - - [28/Jul/2019 00:52:08] "GET / HTTP/1.1" 200 -
[7000027f6000] INFO: PROPFIND request for '/' with depth '0' received from 127.0.0.1 using 'Mac+OS+X/10.14.5 (18F203) CalendarAgent/416.5.1'
[7000027f6000] DEBUG: Request headers:
{'CONTENT_LENGTH': '127',
 'CONTENT_TYPE': 'text/xml',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'br, gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-ie',
 'HTTP_BRIEF': 't',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_DEPTH': '0',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_PREFER': 'return=minimal',
 'HTTP_USER_AGENT': 'Mac+OS+X/10.14.5 (18F203) CalendarAgent/416.5.1',
 'PATH_INFO': '/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_CERTIFICATE': None,
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'PROPFIND',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10d1bcf78>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=9>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000027f6000] DEBUG: Sanitized script name: ''
[7000027f6000] DEBUG: Sanitized path: '/'
[7000027f6000] INFO: Access to '/' denied for anonymous user
[7000027f6000] DEBUG: Asking client for authentication
[7000027f6000] DEBUG: Response content:
Access to the requested resource forbidden.
[7000027f6000] INFO: PROPFIND response status for '/' with depth '0' in 0.001 seconds: 401 Unauthorized
[7000027f6000] INFO: PROPFIND request for '/' with depth '0' received from 127.0.0.1 using 'Mac+OS+X/10.14.5 (18F203) CalendarAgent/416.5.1'
[7000027f6000] DEBUG: Request headers:
{'CONTENT_LENGTH': '127',
 'CONTENT_TYPE': 'text/xml',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': '*/*',
 'HTTP_ACCEPT_ENCODING': 'br, gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-ie',
 'HTTP_AUTHORIZATION': 'Basic **masked**',
 'HTTP_BRIEF': 't',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_DEPTH': '0',
 'HTTP_HOST': 'localhost:37358',
 'HTTP_PREFER': 'return=minimal',
 'HTTP_USER_AGENT': 'Mac+OS+X/10.14.5 (18F203) CalendarAgent/416.5.1',
 'PATH_INFO': '/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_CERTIFICATE': None,
 'REMOTE_HOST': '',
 'REQUEST_METHOD': 'PROPFIND',
 'SCRIPT_NAME': '',
 'SERVER_NAME': '1.0.0.127.in-addr.arpa',
 'SERVER_PORT': '37358',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'WSGIServer/0.2',
 'wsgi.errors': <_io.StringIO object at 0x10d1bcf78>,
 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>,
 'wsgi.input': <_io.BufferedReader name=9>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': True,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}
[7000027f6000] DEBUG: Sanitized script name: ''
[7000027f6000] DEBUG: Sanitized path: '/'
[7000027f6000] INFO: Successful login: 'my@mail.com'
[7000027f6000] ERROR: An exception occurred during PROPFIND request on '/': HMAC misatch: <hash> != <hash2>
Traceback (most recent call last):
  File "site-packages/radicale/__init__.py", line 332, in __call__
  File "site-packages/radicale/__init__.py", line 477, in _handle_request
  File "contextlib.py", line 112, in __enter__
  File "site-packages/etesync_dav/radicale/storage.py", line 569, in acquire_lock
  File "site-packages/etesync/api.py", line 90, in get_or_create_user_info
  File "site-packages/etesync/service.py", line 115, in verify
  File "site-packages/etesync/service.py", line 58, in _verify_hmac
etesync.exceptions.IntegrityException: HMAC misatch: <hash> != <hash2>
$ ./etesync-dav --version
EteSync DAV version:  0.9.1
Radicale version:  2.1.11

Could it be I have leftovers from previous installation?

zakkak commented 5 years ago

Hmm this is probably me using the wrong decryption key.

zakkak commented 5 years ago

Yup, that was it. Maybe a different error message could be used here :)

tasn commented 5 years ago

Could you please open a ticket about improving the error message when putting in the wrong encryption password? This definitely needs fixing. :)