Closed jpylypiw closed 4 years ago
The returned error is this:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
<s:message>No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>
The error occurs with seemingly any remote.php
call.
It only happens after some time has passed, so immediately after login it works.
My nextcloud has been stable for a long time before this (so no fresh install). The only thing I changed was the cache and changing that back doesn't help.
Hello, I have exactly the same error, basic auth on /public.php/webdav/ on a public share Nextcloud version: 18.0.4 No differences except that I use a local account and not LDAP
I tried a new installation in 18.0.4, and still the same problem
I fixed the issue some days ago. It seems that I had some misconfiguration in my Apache2 Webserver in combination with PHP FPM. After changing my Apache VirtualHost from FPM Proxy to direct FPM Access everything worked.
Configuration before:
ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/var/run/php-fpm.sock|fcgi://localhost/var/www/nextcloud"
Configuration after:
<IfModule setenvif_module>
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch ".+\.phps$">
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
In fact I activated the php7.3-fpm.conf
file in conf-available
of the apache folder and removed the ProxyPassMatch from the VirtualHost and everything started working.
I hope this helps you guys on troubleshooting your problem.
That fix didn't work at all for me, I had to trick the system by using:
<Location /remote.php>
SetEnvIf requesttoken ".+" hasToken
RequestHeader setIfEmpty Authorization "Basic Og==" env=hasToken
</Location>
Which seems like there's just a bad check that checks if the Authorization
header is there without checking if the requesttoken
is already present, which seems to be checked before the Authorization
header is actually validated though (because the snippet above just sets it to empty credentials), so the really seems like some kind of edge case problem that should be dealt with.
How to use GitHub
Steps to reproduce
Expected behaviour
The files in the folder should be shown correctly without authentication.
Actual behaviour
There is a 401 Error on /public.php/webdav/ and the browser is showing a HTTP Basic Auth Dialog.
Server configuration
Operating system: Debian 10 4.19.0-8-amd64
Web server: Apache/2.4.38 (Debian)
Database: MariaDB 10.3.22
PHP version: 7.3.14
Nextcloud version: 18.0.4
Updated from an older Nextcloud/ownCloud or fresh install: Fresh NextCloud installation
Where did you install Nextcloud from: directly using SSH on the system, no FTP involved.
Signing status:
Signing status
``` No errors have been found. ```List of activated apps:
App list
``` Enabled: - accessibility: 1.4.0 - activity: 2.11.0 - admin_audit: 1.8.0 - bruteforcesettings: 1.6.0 - calendar: 2.0.3 - checksum: 0.4.4 - cloud_federation_api: 1.1.0 - contacts: 3.3.0 - dav: 1.14.0 - federatedfilesharing: 1.8.0 - files: 1.13.1 - files_automatedtagging: 1.8.2 - files_external: 1.9.0 - files_pdfviewer: 1.7.0 - files_retention: 1.7.0 - files_rightclick: 0.15.2 - files_sharing: 1.10.1 - files_versions: 1.11.0 - logreader: 2.3.0 - lookup_server_connector: 1.6.0 - metadata: 0.11.1 - nextcloud_announcements: 1.7.0 - notifications: 2.6.0 - oauth2: 1.6.0 - password_policy: 1.8.0 - photos: 1.0.0 - privacy: 1.2.0 - provisioning_api: 1.8.0 - ransomware_protection: 1.6.1 - recommendations: 0.6.0 - serverinfo: 1.8.0 - settings: 1.0.0 - sharebymail: 1.8.0 - systemtags: 1.8.0 - text: 2.0.0 - theming: 1.9.0 - twofactor_backupcodes: 1.7.0 - twofactor_email: 1.0.1 - twofactor_totp: 4.1.3 - updatenotification: 1.8.0 - user_ldap: 1.8.0 - viewer: 1.2.0 - workflowengine: 2.0.0 Disabled: - comments - encryption - federation - files_trashbin - files_videoplayer - firstrunwizard - richdocuments - spreed - support - survey_client ```Nextcloud configuration:
Config report
``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "xxx", "yyy" ], "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "18.0.4.2", "overwrite.cli.url": "https:\/\/xxx", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "3306", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "mail_smtpmode": "sendmail", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "maintenance": false, "theme": "", "loglevel": 0, "app_install_overwrite": [ "files_automatedtagging" ], "updater.release.channel": "stable", "memcache.local": "\\OC\\Memcache\\APCu", "twofactor_enforced": "false", "twofactor_enforced_groups": [], "twofactor_enforced_excluded_groups": [], "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "993", "mail_smtpsecure": "ssl", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpauth": 1, "mysql.utf8mb4": true, "updater.secret": "***REMOVED SENSITIVE VALUE***" } } ```Are you using external storage, if yes which one: no external storage used
Are you using encryption: no
Are you using an external user-backend, if yes which one: LDAP
LDAP configuration (delete this part if not used)
LDAP config
``` +-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | s01 | +-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 1 | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | CN=xxx,CN=Users,DC=xxx,DC=local | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | xxx.xxx.local | | ldapBackupPort | 389 | | ldapBase | CN=Users,DC=xxx,DC=local | | ldapBaseGroups | CN=Users,DC=xxx,DC=local | | ldapBaseUsers | CN=Users,DC=xxx,DC=local | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | | | ldapExtStorageHomeAttribute | | | ldapGidNumber | gidNumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | (&(|(objectclass=group))(|(cn=xxx)(cn=xxx))) | | ldapGroupFilterGroups | xxx;yyy | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | group | | ldapGroupMemberAssocAttr | member | | ldapHost | xxx.xxx.local | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(&(|(objectclass=user))(|(|(memberof=CN=xxx,CN=Users,DC=xxx,DC=local)(primaryGroupID=1234))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 1 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 1 | | ldapUserAvatarRule | default | | ldapUserDisplayName | displayname | | ldapUserDisplayName2 | | | ldapUserFilter | (&(|(objectclass=user))(|(|(memberof=CN=xxx,CN=Users,DC=xxx,DC=local)(primaryGroupID=1234)))) | | ldapUserFilterGroups | xxx | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | user | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ```Client configuration
Browser: Google Chrome Version 81.0.4044.122 (Offizieller Build) (64-Bit)
Operating system: Windows 10 Pro
Logs
Web server error log
Web server error log
``` no error log created, access los instead: xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:51 +0200] "GET /index.php/s/s3YWSjpobH3DLH2 HTTP/1.1" 200 7722 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /index.php/css/icons/icons-vars.css?v=1588020846 HTTP/1.1" 200 28984 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /apps/files_sharing/js/dist/main.js.map HTTP/1.1" 200 3654 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /cron.php HTTP/1.1" 200 1558 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "PROPFIND /public.php/webdav/ HTTP/1.1" 401 1336 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2 HTTP/1.1" 404 6313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /apps/text/js/public.js.map HTTP/1.1" 200 116970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:01:01 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 1480 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /apps/text/js/vendor.js.map?v=f6ab5562fe05f8500a71 HTTP/1.1" 200 159643 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:01:02 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 904 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /core/js/dist/main.js.map HTTP/1.1" 200 1265531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" ```Nextcloud log (data/nextcloud.log)
Nextcloud log
``` {"reqId":"p6w3mf63auVPxok5albO","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/index.php/s/s3YWSjpobH3DLH2","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"p6w3mf63auVPxok5albO","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/index.php/s/s3YWSjpobH3DLH2","message":"Deprecated event type for OCA\\Files_Sharing::loadAdditionalScripts: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"ITVzGqDjJ2rkjUGwrjP9","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/cron.php","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"a0xS3DOj0j64jRQjMe3c","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"PROPFIND","url":"/public.php/webdav/","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"a0xS3DOj0j64jRQjMe3c","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"webdav","method":"PROPFIND","url":"/public.php/webdav/","message":{"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured","Code":0,"Trace":[{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php","line":109,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/nextcloud/public.php","line":81,"args":["/var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php"],"function":"require_once"}],"File":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","Line":168,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"bGIMdLMa5GACveRChOXJ","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} ```Browser log
Browser log
``` Console Log: jquery-migrate.min.js:2 JQMIGRATE: Migrate is installed, version 1.4.1 globals.js:66 Handlebars is deprecated: please ship your own, this will be removed in Nextcloud 20 ne @ globals.js:64 get @ globals.js:64 (anonymous) @ templates.js?v=864e0f07-29:2 (anonymous) @ templates.js?v=864e0f07-29:43 globals.js:66 Handlebars is deprecated: please ship your own, this will be removed in Nextcloud 20 ne @ globals.js:64 get @ globals.js:64 (anonymous) @ templates.js?v=864e0f07-29:2 (anonymous) @ templates.js?v=864e0f07-29:424 Viewer.js:41 OCA.Viewer initialized xhr.js:178 GET https://xxx/ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2 404 (Not Found) (anonymous) @ files.js:32 e.exports @ files.js:32 e.exports @ files.js:32 Promise.then (async) s.request @ files.js:32 n.forEach.s.