search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
208 stars 42 forks source link

[BUG]: Document cannot be saved, please check your permissions. #671

Open BennoHouse opened 6 days ago

BennoHouse commented 6 days ago

⚠️ This issue respects the following points: ⚠️

Server Information

Version
Server Version: 29.0.7.1
App: 2024.9.20
LSR: False
PHP: 8.2.23
CronPHP: 8.2.23

Environment
OS: Linux
Architecture: x86_64
Database: PostgreSQL
Cron: System Cron
Proxy: False
SSLProxy: True
Subdirectory: False

Services
Images: imagick
Favicons: DDG
Previews: Default
Security: BigDB+Hibp
Words: Random
PreviewAPI: False
FaviconAPI: False

Status
AutoBackupRestored: False

Settings
Channel: Stable
Nightlies: False
Handbook: False
Performance: 5

Encryption: SSE
SSEv1r1: False
SSEv1r2: Ture
SSEv2r1: False
SSEv3r1: False
None: False
Default: SSEv1r2

CSE
CSEv1r1: False
None: Ture
Default: None

Client Information

Browser and Version: Firefox 115.11.0esr (64-bit) Client OS and Version: Debian 12

Bug description

After upgrading our Nextcloud instance to major version 29 and switching from Onlyoffice to Nextcloud Office (Collabora) with the Built-in CODE server, repeated "Document cannot be saved, please check your permissions." errors are displayed when saving shared documents. The documents are actually saved, but the error messages prevent further user interaction and reappear after a few seconds when closed, requiring quitting and reopening of the document.

The error disappears when the Passwords app is disabled in the administrative app settings.

Every time the error message is shown to a user, the following log entry appears:

Exception OCA\Passwords\Services\EnvironmentService::loadUserFromBearerAuth(): Argument #1 ($userId) must be of type string, null given, called in /var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php on line 383 in file '/var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php' line 433 Uncaught error: OCA\Passwords\Services\EnvironmentService::loadUserFromBearerAuth(): Argument #1 ($userId) must be of type string, null given, called in /var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php on line 383 in file '/var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php' line 433

Apparently, the function in question is the following: 

    protected function loadUserInformation(?string $userId, IRequest $request): bool {
        $authHeader   = $request->getHeader('Authorization');
        $userIdString = $userId ? :'invalid user id';
        if($this->session->exists('login_credentials')) {
            if($this->loadUserFromSession($userId, $request)) return true;
            $this->logger->warning('Login attempt with invalid session for '.$userIdString);
        } else if($authHeader !== '') {
            [$type, $value] = explode(' ', $authHeader, 2);

                if($type === 'Basic' && $this->loadUserFromBasicAuth($userId, $request)) return true;

            if($type === 'Bearer' && $this->loadUserFromBearerAuth($userId, $value)) return true;
            $this->logger->warning('Login attempt with invalid authorization header for '.$userIdString);
        } else if(isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['PHP_AUTH_PW'])) {
            if($this->loadUserFromBasicAuth($userId, $request)) return true;
            $this->logger->warning('Login attempt with invalid basic auth for '.$userIdString);
        } else if($userId !== null) {
            if($this->loadUserFromSessionToken($userId)) return true;
            $this->logger->warning('Login attempt with invalid session token for '.$userIdString);
        } else {
            $this->client = self::CLIENT_PUBLIC;

            return false;
        }

        $this->client = self::CLIENT_PUBLIC;
        if($userId !== null) throw new Exception('Unable to verify user '.$userIdString);

        return false;
    }

There appears to be some incompatibility between Passwords and the Nextcloud Office / Built-in Collabora CODE apps.

Steps to reproduce

  1. Install Nextcloud via docker-compose according to this example
  2. Install Nextcloud Office, Collabora Online - Built-in CODE Server and Passwords
  3. Share an office document with another user
  4. Save the document as the shared user

Expected behavior

Documents should save without error

Nextcloud Logs

Exception OCA\Passwords\Services\EnvironmentService::loadUserFromBearerAuth(): Argument #1 ($userId) must be of type string, null given, called in /var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php on line 383 in file '/var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php' line 433
Uncaught error: OCA\Passwords\Services\EnvironmentService::loadUserFromBearerAuth(): Argument #1 ($userId) must be of type string, null given, called in /var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php on line 383 in file '/var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php' line 433

Browser Logs

No response

0-wHiTeHand-0 commented 2 days ago

Yes, same here.

0-wHiTeHand-0 commented 2 days ago

@BennoHouse I've found a fix that seems to work. Just add an "?" in /var/www/html/custom_apps/passwords/lib/Services/EnvironmentService.php:433

protected function loadUserFromBearerAuth(?string $userId, string $value): bool {
BennoHouse commented 1 day ago

That's great, thanks @0-wHiTeHand-0

I don't know enough about PHP to understand the consequences of that change. I only find something about ? being used as a if-condition, so is it just a missed operator or is there more to it? The other functions seem to be written that way.

I might also have copied the wrong section of code in the excerpt.

0-wHiTeHand-0 commented 22 hours ago

Yes, I think it was just a missed operator. Now I have new errors ("InvalidTokenException Token does not exist: token does not exist"), but at least Collabora and Passwords are both working apparently well.