Open inthreedee opened 1 year ago
Even using the sharing link does not work for me. Due to this Collabora does not work at all. My installation of Nextcloud is rather ancient and has been upgraded ever since Owncloud 8. So maybe this has something to do with ancient ways of file encryption? Any idea on where to check something?
Operating system: Debian 11.5 Web server: Apache 2.4.54 Database: PostgreSQL 13.8 PHP version: 7.4.33 Nextcloud version: 25.0.1 Version of the richdocuments app: 7.0.1 Version of Collabora Online: Collabora Online - Built-in CODE Server 22.5.802
[richdocuments] Error: OCA\Encryption\Exceptions\PrivateKeyMissingException: Private Key missing for user: please try to log-out and log-in again at <<closure>>
0. /var/www/nextcloud/apps/encryption/lib/KeyManager.php line 475
OCA\Encryption\Session->getPrivateKey()
1. /var/www/nextcloud/apps/encryption/lib/Crypto/Encryption.php line 204
OCA\Encryption\KeyManager->getFileKey()
2. /var/www/nextcloud/lib/private/Files/Stream/Encryption.php line 285
OCA\Encryption\Crypto\Encryption->begin()
3. <<closure>>
OC\Files\Stream\Encryption->stream_open()
4. /var/www/nextcloud/lib/private/Files/Stream/Encryption.php line 213
fopen()
5. /var/www/nextcloud/lib/private/Files/Stream/Encryption.php line 188
OC\Files\Stream\Encryption::wrapSource()
6. /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Encryption.php line 470
OC\Files\Stream\Encryption::wrap()
7. /var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php line 301
OC\Files\Storage\Wrapper\Encryption->fopen()
8. /var/www/nextcloud/lib/private/Files/View.php line 1179
OC\Files\Storage\Wrapper\Wrapper->fopen()
9. /var/www/nextcloud/lib/private/Files/View.php line 1004
OC\Files\View->basicOperation()
10. /var/www/nextcloud/lib/private/Files/Node/File.php line 114
OC\Files\View->fopen()
11. /var/www/nextcloud/apps/richdocuments/lib/Controller/WopiController.php line 385
OC\Files\Node\File->fopen()
12. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 225
OCA\Richdocuments\Controller\WopiController->getFile()
13. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 133
OC\AppFramework\Http\Dispatcher->executeController()
14. /var/www/nextcloud/lib/private/AppFramework/App.php line 172
OC\AppFramework\Http\Dispatcher->dispatch()
15. /var/www/nextcloud/lib/private/Route/Router.php line 298
OC\AppFramework\App::main()
16. /var/www/nextcloud/lib/base.php line 1047
OC\Route\Router->match()
17. /var/www/nextcloud/index.php line 36
OC::handleRequest()
GET /index.php/apps/richdocuments/wopi/files/1003469_oc11addbb0ba/contents?access_token=notforyou&access_token_ttl=1669774106000%2Fws%3FWOPISrc%3Dhttps%3A%2F%2Fmy.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1003469_oc11addbb0ba&compat=
from ::1 at 2022-11-29T16:08:27+00:00
Same thing for me. Did you figure it out ?
I tried to migrate to the new built-in Collabora, fixed as many "Security & setup warnings" as possible, including the one that told me to disable legacy encryption. I followed encryption migration and how to install collabora online nextcloud hub but I'm unable to edit any document using Collabora.
The error is the same :
[richdocuments] Error: OCA\Encryption\Exceptions\PrivateKeyMissingException: Private Key missing for user: please try to log-out and log-in again at <<closure>>
0. /var/www/html/apps/encryption/lib/KeyManager.php line 475
OCA\Encryption\Session->getPrivateKey()
1. /var/www/html/apps/encryption/lib/Crypto/Encryption.php line 204
OCA\Encryption\KeyManager->getFileKey()
2. /var/www/html/lib/private/Files/Stream/Encryption.php line 285
OCA\Encryption\Crypto\Encryption->begin()
3. <<closure>>
OC\Files\Stream\Encryption->stream_open()
4. /var/www/html/lib/private/Files/Stream/Encryption.php line 213
fopen()
5. /var/www/html/lib/private/Files/Stream/Encryption.php line 188
OC\Files\Stream\Encryption::wrapSource()
6. /var/www/html/lib/private/Files/Storage/Wrapper/Encryption.php line 470
OC\Files\Stream\Encryption::wrap()
7. /var/www/html/lib/private/Files/Storage/Wrapper/Wrapper.php line 301
OC\Files\Storage\Wrapper\Encryption->fopen()
8. /var/www/html/lib/private/Files/View.php line 1179
OC\Files\Storage\Wrapper\Wrapper->fopen()
9. /var/www/html/lib/private/Files/View.php line 1004
OC\Files\View->basicOperation()
10. /var/www/html/lib/private/Files/Node/File.php line 114
OC\Files\View->fopen()
11. /var/www/html/apps/richdocuments/lib/Controller/WopiController.php line 390
OC\Files\Node\File->fopen()
12. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 225
OCA\Richdocuments\Controller\WopiController->getFile()
13. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 133
OC\AppFramework\Http\Dispatcher->executeController()
14. /var/www/html/lib/private/AppFramework/App.php line 172
OC\AppFramework\Http\Dispatcher->dispatch()
15. /var/www/html/lib/private/Route/Router.php line 298
OC\AppFramework\App::main()
16. /var/www/html/lib/base.php line 1047
OC\Route\Router->match()
17. /var/www/html/index.php line 36
OC::handleRequest()
GET /index.php/apps/richdocuments/wopi/files/40541_ocf0sndqo3s8/contents?access_token=hello_there&access_token_ttl=1674300617000&permission=edit%2Fws%3FWOPISrc%3Dhttps%3A%2F%2Fsome.where.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F40541_ocf0sndqo3s8&compat=
from 192.168.1.1 at 2023-01-21T01:31:00+00:00
EDIT:
As @inthreedee mentioned, I'm also able to open/edit a shared resource as an anonymous user. I'm unable to do so with my privileged account however.
We have the same problem. Nextcloud 25 docker with server-side encryption + Nextcloud Office with collabora code docker container.
Just so you know, I gave up and ended up decrypting all my files. It works fine now. I might switch to end-to-end encryption at some point. Server-side encryption is not that useful anyway.
@ShellCode33 Ok, thank you! We would need the passwords or all users for this...
@juliushaertl Should NC Office work with per-user keys?
Hey, I'm having the same issue, as @ShellCode33 mentioned, editing as anonymous user (accessing share link in private window) is possible. Before enabling per-user key encryption, worked like a charm. Hopefully this will get solved, and we won't have to sacrifice security for functionality.
According to this NC Office does not support encryption: https://docs.nextcloud.com/server/latest/admin_manual/office/troubleshooting.html#frequently-asked-questions
But I‘m not sure if that information is still up to date.
But I‘m not sure if that information is still up to date.
I don't think it is, or it's referring specifically to the default server-key encryption mode. If you look in my OP, I link to a couple of merged pull requests that implement support for per-user encryption keys.
But I‘m not sure if that information is still up to date.
I don't think it is, or it's referring specifically to the default server-key encryption mode. If you look in my OP, I link to a couple of merged pull requests that implement support for per-user encryption keys.
You are right it seems that it’s supposed to work… but I think with a single master key it should be even simpler than with per-user keys.
I use server side encryption to encrypt all files in AWS server, but all files in the virtual private server are unencrypted. Collabora doesn't work for any files.
@juliushaertl Maybe you could give information if issues with the server-side encryption and NC office are known or if it‘s rather a configuration error?
It‘s not working since january for us know.
Has anything changed in the topic?
Any Update on this?
This still a problem with v.8.4.6. If I make a share and give it edit permissions and open the link in another browser, then edit it and close it. I can then open it on the user that created the file but not before.
edit Correction it works if I have the share open in another window, as soon as I close the window it stops working, which is most likely because it uses the incognitomode then
Describe the bug When per-user keys are enabled on the server, opening a new document fails with the error
Private Key missing for user: please try to log-out and log-in again
. If the new file is then manually shared, edit capabilities are enabled, and then accessed only from the shared link, the document then opens normally.Based on existing bug reports and pull requests (https://github.com/nextcloud/richdocuments/pull/52, https://github.com/nextcloud/richdocuments/issues/1379, https://github.com/nextcloud/richdocuments/pull/1396), it's my understanding that this should be working. https://github.com/nextcloud/richdocuments/issues/1379 specifically explains that a new document should be shared and then fetched automatically upon creation. It also appears that this was working as of last year.
(Line numbers updated from original issue to match current code)
I believe I have everything configured correctly because I can open, edit, and save documents as long as I first manually share a new document, enable editing, and then access it only from the shared url. Even after sharing, attempting to open the file directly from my files list results in the same private key missing error in the logs. It only seems to work by copying and pasting the share url.
To Reproduce Steps to reproduce the behavior:
Expected behavior The new document should be auto shared with editing capabilities, and opened using those sharing credentials.
Client details:
Server details
Operating system: Ubuntu Server
Web server: Apache
Database: mysql
PHP version: 8.0.23
Nextcloud version: 24.0.4 via Snap
Version of the richdocuments app 6.2.0
Version of Collabora Online 22.05.6.3 via dockerhub image
Logs
#### Nextcloud log (data/nextcloud.log) ``` [richdocuments] Error: OCA\Encryption\Exceptions\PrivateKeyMissingException: Private Key missing for user: please try to log-out and log-in again at <