Closed didierm closed 3 years ago
-> label = [feature: federation] ?
Any chance of this getting triaged ?
Being able to add trusted servers via curl (without unexpected CSRF errors) allows for batch processing server lists, which proves beneficial as the number of servers in a federated cloud grows.
It's not a OCS endpoint hence a CSRF token is required. Someone has to move it ;)
cc @nextcloud/server-triage
Well the question is if we want to move this... And I'm actually not sure
WHat is the use case for automating adding trusted servers?
Revisiting this bug, the answer to @rullzer 's question is in comment https://github.com/nextcloud/server/issues/16819#issuecomment-525786425 :
"Being able to add trusted servers via curl (without unexpected CSRF errors) allows for batch processing server lists, which proves beneficial as the number of servers in a federated cloud grows."
I suppose this issue is still valid on NC21.0.2?
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.
When attempting to use curl to add a trusted server in the federation app, NextCloud returns a CSRF error.
This happens when executing curl from both an external client, as from within a shell on the NC server.
Steps to reproduce
Expected behaviour
$TRUSTEDSERVER should be added to table _oc_trusted_servers_
Actual behaviour
Return code
{"message":"CSRF check failed"}
Server configuration
Operating system: CentOS Linux release 7.6.1810 (Core) Web server: Apache 2.4.6 Database: PostgreSQL 9.2.24 PHP version: PHP 7.2.21 Nextcloud version: (see Nextcloud admin page) 16.0.4.1 Updated from an older Nextcloud/ownCloud or fresh install: Update from 15.0.5 Where did you install Nextcloud from: https://download.nextcloud.com/server/releases/nextcloud-16.0.4.zip Signing status:
Signing status
``` No errors have been found. ```List of activated apps:
App list
``` Enabled: - accessibility: 1.2.0 - activity: 2.9.1 - admin_audit: 1.6.0 - announcementcenter: 3.5.1 - bruteforcesettings: 1.4.0 - calendar: 1.7.0 - circles: 0.17.7 - cloud_federation_api: 0.2.0 - comments: 1.6.0 - contacts: 3.1.3 - dav: 1.9.2 - encryption: 2.4.0 - federatedfilesharing: 1.6.0 - federation: 1.6.0 - files: 1.11.0 - files_external: 1.7.0 - files_pdfviewer: 1.5.0 - files_rightclick: 0.13.0 - files_sharing: 1.8.0 - files_texteditor: 2.8.0 - files_trashbin: 1.6.0 - files_versions: 1.9.0 - files_videoplayer: 1.5.0 - firstrunwizard: 2.5.0 - gallery: 18.3.0 - impersonate: 1.3.0 - logreader: 2.1.0 - lookup_server_connector: 1.4.0 - nextcloud_announcements: 1.5.0 - notifications: 2.4.1 - oauth2: 1.4.2 - password_policy: 1.6.0 - privacy: 1.0.0 - provisioning_api: 1.6.0 - recommendations: 0.4.0 - serverinfo: 1.6.0 - sharebymail: 1.6.0 - survey_client: 1.4.0 - systemtags: 1.6.0 - twofactor_backupcodes: 1.5.0 - updatenotification: 1.6.0 - user_ldap: 1.6.0 - viewer: 1.1.0 - workflowengine: 1.6.0 Disabled: - bookmarks - external - files_accesscontrol - files_automatedtagging - files_retention - keeweb - news - ojsxc - support - tasks - theming - user_saml ```Nextcloud configuration:
Config report
``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "$SERVER", "$SERVER2", "$SERVER3", ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "version": "16.0.4.1", "dbtype": "pgsql", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbname": "***REMOVED SENSITIVE VALUE***", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "nc_", "installed": true, "lost_password_link": "disabled", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "overwritehost": "$SERVER", "overwriteprotocol": "https", "overwritewebroot": "\/$INSTANCE", "overwrite.cli.url": "https:\/\/$SERVER\/$INSTANCE", "connectivity_check_domains": [], "updatechecker": false, "updater.release.channel": "stable", "log_type": "file", "logfile": "\/srv\/nextcloud\/cloud01\/cloud01.log", "loglevel": 0, "logtimezone": "Europe\/Brussels", "log_query": true, "log_rotate_size": 33554432, "apps_paths": [ { "path": "\/opt\/nextcloud\/apps", "url": "\/apps", "writable": false }, { "path": "\/srv\/nextcloud\/cloud01\/apps", "url": "\/apps-appstore", "writable": true } ], "preview_libreoffice_path": "\/usr\/bin\/libreoffice", "sort_groups_by_name": true, "maintenance": false, "memcache.local": "\\OC\\Memcache\\APCu", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0 }, "theme": "", "filesystem_check_changes": 1, "secret": "***REMOVED SENSITIVE VALUE***", "memcache.locking": "\\OC\\Memcache\\Redis", "upgrade.disable-web": true, "debug": true, "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory" } } ```Are you using external storage, if yes which one:
Are you using encryption: no
Are you using an external user-backend, if yes which one:
Client configuration
Browser: Firefox 68.0.2 Operating system: Fedora release 30 (Thirty)
Logs
Web server error log
Web server error log
``` aa.bb.cc.dd - admin [20/Aug/2019:22:38:45 +0200] "POST /pub/index.php/apps/federation/trusted-servers HTTP/1.1" 412 31 ```Nextcloud log (data/nextcloud.log)
Nextcloud log
``` no entries (loglevel=0, debug=true) ```Browser log
Browser log
``` no entries (curl = command-line) ```This looks somewhat related to https://github.com/nextcloud/groupfolders/issues/63 , reported against the groupfolders app , where it is suggested to move the API routes under OCS (I am not a developer).