API authentication issue - get file list from another user

[gino909]

Hi I have a severe problem on seafile server professional version 6.1.1 I have an integration with Kolab communication suite which is using the seafile API to access the files. I use a multidomain setup and have 3 domains in my seafile installation.

domain1.com domain1.info domain2.org

All 3 domains points to the same seafile installation!

I have a user walter@domain1.com and a user walter@domain2.org

When I first login into Kolab webmail as walter@domain1.com I get my right folder list. Then I logout and relogin as walter@domain2.org. Now I get the same folderlist as before, from the user walter@domain1.com

Following my ccnet.conf configuration:

[General]
USER_NAME = Clouduser
ID = 123456789098765432123456789
NAME = myCloud
SERVICE_URL = https://cloud.domain2.org

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = *********
DB = ccnet-db
CONNECTION_CHARSET = utf8

[LDAP]
HOST = ldap://localhost
# Change the following to your primary domain base DN
BASE = ou=People,dc=domain1,dc=info;ou=People,dc=domain2,dc=org;ou=People,dc=domain1,dc=com
FILTER = &(objectclass=kolabinetorgperson)
# Put in the details of the Kolab service account
USER_DN = uid=kolab-service,ou=Special Users,dc=maindomain,dc=ch
PASSWORD = **************
LOGIN_ATTR = mail
#

# tail -f /var/log/chwala/console 
[26-Oct-2017 13:08:48,484412 +0200]: <tgoh27vp> SeaFile POST: https://cloud.domain2.org/api2/auth-token/, POST: {"username":"walter@domain1.com","password":"*"}
[26-Oct-2017 13:08:48,517802 +0200]: <tgoh27vp> SeaFile Response [200]: {"token":"c6d4fc8b5a46ce1819e7989f527c7e81ed127f9a"}
[26-Oct-2017 13:08:48,518150 +0200]: <tgoh27vp> SeaFile GET: https://cloud.domain2.org/api2/repos/
[26-Oct-2017 13:08:48,558176 +0200]: <tgoh27vp> SeaFile Response [200]: [{"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-10-23T07:55:25\" is=\"relative-time\" title=\"Mon, 23 Oct 2017 07:55:25 +0000\" >3 days ago</time>", "mtime": 1508745325, "owner": "walter@domain1.com", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "size_formatted": "11.9\u00a0MB"}, {"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-08-06T17:43:25\" is=\"relative-time\" title=\"Sun, 6 Aug 2017 17:43:25 +0000\" >2017-08-06</time>", "mtime": 1502041405, "owner": "walter@domain1.com", "root": "e635ab07c33d5a7aecd6e9dcd0b28b08cbf62ebf", "id": "98f96ef8-4c11-4b99-89ec-4e6215bf426a", "size": 300544, "name": "Meine Bibliothek", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "7085592293e55eccb898ce51798a89af1631ab32", "desc": "Meine Bibliothek", "size_formatted": "293.5\u00a0KB"}, {"owner_nickname": "klaus", "name": "_domain1", "share_type": "personal", "permission": "rw", "size_formatted": "825.7\u00a0MB", "mtime_relative": "<time datetime=\"2017-10-25T13:38:04\" is=\"relative-time\" title=\"Wed, 25 Oct 2017 13:38:04 +0000\" >23 hours ago</time>", "head_commit_id": "3dd77458ac4d2e940f2b19fb91dc12e2e93720ab", "encrypted": false, "version": 1, "mtime": 1508938684, "owner": "klaus@domain1.com", "root": "5282d82d7f9a28d9427ea23a7fd87aff4e6d3ce5", "size": 865763498, "type": "srepo", "id": "0e20cb95-f8ed-44f6-93df-2d8fc345aaa1", "desc": "_domain1"}, {"permission": "rw", "encrypted": false, "mtime": 1508745325, "owner": "domain1", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "type": "grepo", "groupid": 2}]

[26-Oct-2017 13:09:42,938390 +0200]: <5o5a26gd> SeaFile POST: https://cloud.domain2.org/api2/auth-token/, POST: {"username":"walter@domain2.org","password":"*"}
[26-Oct-2017 13:09:42,969211 +0200]: <5o5a26gd> SeaFile Response [200]: {"token":"ff888d14b56d53913f2bba519db22c07047e91c9"}
[26-Oct-2017 13:09:42,969674 +0200]: <5o5a26gd> SeaFile GET: https://cloud.domain2.org/api2/repos/
[26-Oct-2017 13:09:42,985913 +0200]: <5o5a26gd> SeaFile Response [200]: [{"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-10-23T07:55:25\" is=\"relative-time\" title=\"Mon, 23 Oct 2017 07:55:25 +0000\" >3 days ago</time>", "mtime": 1508745325, "owner": "walter@domain1.com", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "size_formatted": "11.9\u00a0MB"}, {"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-08-06T17:43:25\" is=\"relative-time\" title=\"Sun, 6 Aug 2017 17:43:25 +0000\" >2017-08-06</time>", "mtime": 1502041405, "owner": "walter@domain1.com", "root": "e635ab07c33d5a7aecd6e9dcd0b28b08cbf62ebf", "id": "98f96ef8-4c11-4b99-89ec-4e6215bf426a", "size": 300544, "name": "Meine Bibliothek", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "7085592293e55eccb898ce51798a89af1631ab32", "desc": "Meine Bibliothek", "size_formatted": "293.5\u00a0KB"}, {"owner_nickname": "klaus", "name": "_domain1", "share_type": "personal", "permission": "rw", "size_formatted": "825.7\u00a0MB", "mtime_relative": "<time datetime=\"2017-10-25T13:38:04\" is=\"relative-time\" title=\"Wed, 25 Oct 2017 13:38:04 +0000\" >23 hours ago</time>", "head_commit_id": "3dd77458ac4d2e940f2b19fb91dc12e2e93720ab", "encrypted": false, "version": 1, "mtime": 1508938684, "owner": "klaus@domain1.com", "root": "5282d82d7f9a28d9427ea23a7fd87aff4e6d3ce5", "size": 865763498, "type": "srepo", "id": "0e20cb95-f8ed-44f6-93df-2d8fc345aaa1", "desc": "_domain1"}, {"permission": "rw", "encrypted": false, "mtime": 1508745325, "owner": "domain1", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "type": "grepo", "groupid": 2}]

This behaviour is reproducible also with Seafile client... I create an account with walter@domain1.com and I get the folder list from this user. then I delete the account, create new account with user walter@domain2.org and get the same folder list as the user before...

Do I have a configuration issue or is this a general issue?

Please inform me asap, thank you

[killing]

I think this is a configuration issue. The client usually won't fetch another user's folder list. But I'm not sure how to solve your problem. Perhaps it's due to the fact that you have multiple domains on the same server?

[gino909]

Hi Thank you for your answer. Well, could be that is a configuration issue... but I do not see any error in our configuration, and yes, we use multidomain setup. For me this is a severe issues which I want to solve asap, because this could create massive problems for us and our customers! A would appreciate when you try to reproduce this error... if needed I can you give further inputs... Please let me know, thank you

[gino909]

Hello Can someone help me?? This must be a bug! The client is logs in with walter@domain1.com and shows the filelist from another user!! Need urgent help in this topic!!! We use professional version in productive environment! Please let me know asap! Thanks

[shoeper]

following the issue.

[gino909]

Any news? Could you reproduce the error?

[shoeper]

@killing

[freeplant]

We can't reproduce the problem.