search

felixrupp / user_cas

This app provides CAS authentication support for ownCloud and Nextcloud, using the phpCAS library of jasig/apereo.
Other
21 stars 24 forks source link

onlyoffice can not open file after enable user_cas! #30

Closed shenhf closed 5 years ago

shenhf commented 6 years ago

Describe the bug After user_cas is enabled, onlyoffice not able to open file, it popup an alert box.

To Reproduce Steps to reproduce the behavior:

  1. disable user_cas
  2. Click on a docx file, file opened normally.
  3. enable user_cas
  4. Click on a docx file, alert box was displayed.

Screenshots

[2018-09-01 10:45:36.277] [ERROR] nodeJS - postData error: docId = 265_1535781105;url = https://cloud.sxvtc.com/apps/onlyoffice/track?doc=MXJLVldqVXNWZ1ptaldxekJsMFQwRWxhTEQvWWtKUVhnelhZNzNtT2RLcz0/eyJmaWxlSWQiOjI2NSwib3duZXJJZCI6IjAwMjAwMiIsInRva2VuIjpudWxsLCJhY3Rpb24iOiJ0cmFjayJ9;data = {"key":"265_1535781105","status":1,"users":["002002"],"actions":[{"type":1,"userid":"002002"}]}
Error: Error response: statusCode:302 ;body:

    at Request._callback (/var/www/onlyoffice/documentserver/server/Common/sources/utils.js:283:18)
    at Request.self.callback (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:185:22)
    at emitTwo (events.js:106:13)
    at Request.emit (events.js:191:7)
    at Request.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1157:10)
    at emitOne (events.js:96:13)
    at Request.emit (events.js:188:7)
    at IncomingMessage.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1079:12)
    at IncomingMessage.g (events.js:292:16)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)

Software (please complete the following information):

shenhf commented 6 years ago

Just uncheck "Force user login using CAS?"

image

select CAS Login in login page, file can be opened by onlyoffice normally.

felixrupp commented 6 years ago

Hi @shenhf

the enforce authentication feature is quite invasive. If you have specific applications which are having incompatibilities with that feature, just report back and I can try to find a way to blacklist the specific requests from getting enforced authentication through user_cas.

As for your example, I need the specific URL that is triggering the enforce authentication process. Please have a look in your browsers developer console and send a copy/screenshot of the failing call. Only then I can blacklist them.

Thanks for your feedback and regards, Felix

shenhf commented 6 years ago

Hi, @felixrupp Sorry to reply so late to you. The url is:

<a class="button" href="/apps/user_cas/login">CAS Login</a>
reswild commented 5 years ago

Here is a patch I made in order to get onlyoffice working again on my site: https://github.com/reswild/user_cas/commit/d263c75996adba94bbf3678e761869bf55d2ee07

I don't think this is the best way of doing it though - instead of adding exceptions for this or that app, we ought to set up the redirect to only be active on the login page. (I'm assuming the reason onlyoffice stopped working is that calls from onlyoffice to Nextcloud got redirected to my CAS login site.)

felixrupp commented 5 years ago

@shenhf

In the current 1.6.0 release (https://github.com/felixrupp/user_cas/releases/tag/1.6.0) the activation of the app is completely rewritten and will hopefully not break other apps anymore.

Please test that and report back if you still have issues!