search

getodk / briefcase

ODK Briefcase is a Java application for fetching and pushing forms and their contents. It helps make billions of data points from ODK portable. Contribute and make the world a better place! ✨💼✨
https://docs.getodk.org/briefcase-intro
Other
60 stars 156 forks source link

Fails to pull encrypted attachment, says "FORBIDDEN" #859

Closed Freeedim closed 3 years ago

Freeedim commented 4 years ago

Software versions

Briefcase v1.16.3 and v1.17.3 at least. Java 8 SE. Windows 10 1909

Problem description

When pulling instances of an encrypted form with versions 1.17.3 or 1.16.3 (and maybe others), the .xml files are successfully pulled but the .xml.enc attachments are not. The details window shows an error message for each instance: "FORBIDDEN", although the user is the owner and has all the permissions.

This later prevents to export the instances even though the appropriate private key file is provided.

v1.14.0 and v1.15.0 (and probably others) does not have this problem.

Cheers

Steps to reproduce the problem

Upload an XLS form with a public_key and a submission URL of the form https://kc.humanitarianresponse.info/my_almighty_user/submission

Fill and submit some instances

Use ODK Briefcase (aforementioned versions) to pull the submissions of that form with the URL: https://kc.humanitarianresponse.info/my_almighty_user and the user my_almighty_user.

The result is "success with errors", the errors being the "attachment" of each instance being labeled "FORBIDDEN" and therefore not downloaded.

Expected behavior

It pulls 2 files per instance: one .xml and one attached .xml.enc

Other information

lognaturel commented 4 years ago

@Freeedim thanks for your troubleshooting efforts so far. Kobo is not part of the ODK project. Have you tried to reproduce with either Aggregate or Central? Looking at differences between those interactions might give a useful hint. You could also ask other Kobo users if they experience the same issue.

Freeedim commented 4 years ago

Hi,

Thanks for your answer.

Actually I am not familiar with ODK and don't know where I could try an Aggregate or Central infrastructure. KoBo's encrypted workflows rely 100% on ODK Briefcase but indeed, I don't know on which server they rely.

I think I have never heard of other KoBo users using the encryption feature.

lognaturel commented 4 years ago

If you're interested in following up on this, you could use the Central sandbox server. Read https://docs.getodk.org/central-install/#using-the-sandbox to learn more and you can send me your email address at ln@nafundi.com to get added!

Freeedim commented 4 years ago

That would be great, indeed. I think I can manage to use some time for that, this week. I'm sending you my email address right away.

Freeedim commented 4 years ago

Everything works fine with ODK Briefcase 1.17.3 when using an ODK Central server. So I guess the problem lies with https://kobo.humanitarianresponse.info

lognaturel commented 4 years ago

It seems Kobo makes some kind of assumption that Briefcase was accidentally meeting previously but stopped meeting after v1.15.0. Two possible next steps for someone who needs this fixed would be to contact Kobo support and have them look at compatibility with more recent Briefcase versions and/or do a git bisect on Briefcase to track down which commit introduced the change that caused an incompatibility with Kobo.

aharfoot commented 3 years ago

For information, I had raised this issue on the KoboToolbox forums in February. I'll post a link to this issue (I agree that it is not an issue with Briefcase) to that thread.

lognaturel commented 3 years ago

Thanks for circling back, @aharfoot! I’ll close for now since there’s no clear action to take on the Briefcase side.