search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
26.85k stars 4.01k forks source link

BasicAuth Dialog on Public Share #20698

Closed jpylypiw closed 4 years ago

jpylypiw commented 4 years ago

How to use GitHub

Steps to reproduce

  1. Create a Public Folder Share as LDAP User
  2. Copy the URL of the Folder Share
  3. Enter the URL in a private Window
  4. HTTP Basic Auth Dialog will shot up

Expected behaviour

The files in the folder should be shown correctly without authentication.

Actual behaviour

There is a 401 Error on /public.php/webdav/ and the browser is showing a HTTP Basic Auth Dialog.

Server configuration

Operating system: Debian 10 4.19.0-8-amd64

Web server: Apache/2.4.38 (Debian)

Database: MariaDB 10.3.22

PHP version: 7.3.14

Nextcloud version: 18.0.4

Updated from an older Nextcloud/ownCloud or fresh install: Fresh NextCloud installation

Where did you install Nextcloud from: directly using SSH on the system, no FTP involved.

Signing status:

Signing status ``` No errors have been found. ```

List of activated apps:

App list ``` Enabled: - accessibility: 1.4.0 - activity: 2.11.0 - admin_audit: 1.8.0 - bruteforcesettings: 1.6.0 - calendar: 2.0.3 - checksum: 0.4.4 - cloud_federation_api: 1.1.0 - contacts: 3.3.0 - dav: 1.14.0 - federatedfilesharing: 1.8.0 - files: 1.13.1 - files_automatedtagging: 1.8.2 - files_external: 1.9.0 - files_pdfviewer: 1.7.0 - files_retention: 1.7.0 - files_rightclick: 0.15.2 - files_sharing: 1.10.1 - files_versions: 1.11.0 - logreader: 2.3.0 - lookup_server_connector: 1.6.0 - metadata: 0.11.1 - nextcloud_announcements: 1.7.0 - notifications: 2.6.0 - oauth2: 1.6.0 - password_policy: 1.8.0 - photos: 1.0.0 - privacy: 1.2.0 - provisioning_api: 1.8.0 - ransomware_protection: 1.6.1 - recommendations: 0.6.0 - serverinfo: 1.8.0 - settings: 1.0.0 - sharebymail: 1.8.0 - systemtags: 1.8.0 - text: 2.0.0 - theming: 1.9.0 - twofactor_backupcodes: 1.7.0 - twofactor_email: 1.0.1 - twofactor_totp: 4.1.3 - updatenotification: 1.8.0 - user_ldap: 1.8.0 - viewer: 1.2.0 - workflowengine: 2.0.0 Disabled: - comments - encryption - federation - files_trashbin - files_videoplayer - firstrunwizard - richdocuments - spreed - support - survey_client ```

Nextcloud configuration:

Config report ``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "xxx", "yyy" ], "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "18.0.4.2", "overwrite.cli.url": "https:\/\/xxx", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "3306", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "mail_smtpmode": "sendmail", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "maintenance": false, "theme": "", "loglevel": 0, "app_install_overwrite": [ "files_automatedtagging" ], "updater.release.channel": "stable", "memcache.local": "\\OC\\Memcache\\APCu", "twofactor_enforced": "false", "twofactor_enforced_groups": [], "twofactor_enforced_excluded_groups": [], "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "993", "mail_smtpsecure": "ssl", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpauth": 1, "mysql.utf8mb4": true, "updater.secret": "***REMOVED SENSITIVE VALUE***" } } ```

Are you using external storage, if yes which one: no external storage used

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP

LDAP configuration (delete this part if not used)

LDAP config ``` +-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | s01 | +-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 1 | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | CN=xxx,CN=Users,DC=xxx,DC=local | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | xxx.xxx.local | | ldapBackupPort | 389 | | ldapBase | CN=Users,DC=xxx,DC=local | | ldapBaseGroups | CN=Users,DC=xxx,DC=local | | ldapBaseUsers | CN=Users,DC=xxx,DC=local | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | | | ldapExtStorageHomeAttribute | | | ldapGidNumber | gidNumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | (&(|(objectclass=group))(|(cn=xxx)(cn=xxx))) | | ldapGroupFilterGroups | xxx;yyy | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | group | | ldapGroupMemberAssocAttr | member | | ldapHost | xxx.xxx.local | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(&(|(objectclass=user))(|(|(memberof=CN=xxx,CN=Users,DC=xxx,DC=local)(primaryGroupID=1234))))(|(samaccountname=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid)))) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 1 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 1 | | ldapUserAvatarRule | default | | ldapUserDisplayName | displayname | | ldapUserDisplayName2 | | | ldapUserFilter | (&(|(objectclass=user))(|(|(memberof=CN=xxx,CN=Users,DC=xxx,DC=local)(primaryGroupID=1234)))) | | ldapUserFilterGroups | xxx | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | user | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ```

Client configuration

Browser: Google Chrome Version 81.0.4044.122 (Offizieller Build) (64-Bit)

Operating system: Windows 10 Pro

Logs

Web server error log

Web server error log ``` no error log created, access los instead: xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:51 +0200] "GET /index.php/s/s3YWSjpobH3DLH2 HTTP/1.1" 200 7722 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /index.php/css/icons/icons-vars.css?v=1588020846 HTTP/1.1" 200 28984 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /apps/files_sharing/js/dist/main.js.map HTTP/1.1" 200 3654 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /cron.php HTTP/1.1" 200 1558 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "PROPFIND /public.php/webdav/ HTTP/1.1" 401 1336 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2 HTTP/1.1" 404 6313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /apps/text/js/public.js.map HTTP/1.1" 200 116970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:01:01 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 1480 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /apps/text/js/vendor.js.map?v=f6ab5562fe05f8500a71 HTTP/1.1" 200 159643 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:01:02 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 904 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" xxx:443 192.168.198.40 - - [27/Apr/2020:23:00:52 +0200] "GET /core/js/dist/main.js.map HTTP/1.1" 200 1265531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` {"reqId":"p6w3mf63auVPxok5albO","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/index.php/s/s3YWSjpobH3DLH2","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"p6w3mf63auVPxok5albO","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/index.php/s/s3YWSjpobH3DLH2","message":"Deprecated event type for OCA\\Files_Sharing::loadAdditionalScripts: Symfony\\Component\\EventDispatcher\\GenericEvent","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"ITVzGqDjJ2rkjUGwrjP9","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/cron.php","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"a0xS3DOj0j64jRQjMe3c","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"PROPFIND","url":"/public.php/webdav/","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"a0xS3DOj0j64jRQjMe3c","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"webdav","method":"PROPFIND","url":"/public.php/webdav/","message":{"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured","Code":0,"Trace":[{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https://xxx/public.php/webdav/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php","line":109,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/var/www/nextcloud/public.php","line":81,"args":["/var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php"],"function":"require_once"}],"File":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","Line":168,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} {"reqId":"bGIMdLMa5GACveRChOXJ","level":0,"time":"2020-04-27T21:02:22+00:00","remoteAddr":"192.168.198.40","user":"--","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2","message":"Deprecated event type for OCA\\User_LDAP\\User\\User::postLDAPBackendAdded: null","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36","version":"18.0.4.2"} ```

Browser log

Browser log ``` Console Log: jquery-migrate.min.js:2 JQMIGRATE: Migrate is installed, version 1.4.1 globals.js:66 Handlebars is deprecated: please ship your own, this will be removed in Nextcloud 20 ne @ globals.js:64 get @ globals.js:64 (anonymous) @ templates.js?v=864e0f07-29:2 (anonymous) @ templates.js?v=864e0f07-29:43 globals.js:66 Handlebars is deprecated: please ship your own, this will be removed in Nextcloud 20 ne @ globals.js:64 get @ globals.js:64 (anonymous) @ templates.js?v=864e0f07-29:2 (anonymous) @ templates.js?v=864e0f07-29:424 Viewer.js:41 OCA.Viewer initialized xhr.js:178 GET https://xxx/ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2 404 (Not Found) (anonymous) @ files.js:32 e.exports @ files.js:32 e.exports @ files.js:32 Promise.then (async) s.request @ files.js:32 n.forEach.s. @ files.js:32 (anonymous) @ files.js:32 getFileInfo @ mime.js:23 (anonymous) @ mime.js:23 c @ windows-phone.js:23 (anonymous) @ windows-phone.js:23 forEach.e. @ windows-phone.js:23 u @ mime.js:23 a @ mime.js:23 (anonymous) @ mime.js:23 (anonymous) @ mime.js:23 mounted @ mime.js:23 Ke @ vue.esm.js:8 rn @ vue.esm.js:8 (anonymous) @ vue.esm.js:8 On.$mount @ vue.esm.js:8 On.$mount @ vue.esm.js:8 (anonymous) @ files.js:32 Promise.then (async) render @ files.js:32 (anonymous) @ filelist.js?v=864e0f07-29:461 setTimeout (async) (anonymous) @ filelist.js?v=864e0f07-29:460 initHeadersAndFooters @ filelist.js?v=864e0f07-29:451 initialize @ filelist.js?v=864e0f07-29:439 FileList @ filelist.js?v=864e0f07-29:32 initialize @ public.js?v=864e0f07-29:66 (anonymous) @ public.js?v=864e0f07-29:483 (anonymous) @ jquery.js:564 setTimeout (async) (anonymous) @ jquery.js:564 (anonymous) @ jquery.js:564 I @ jquery.js:564 i @ jquery.js:564 (anonymous) @ public.js?v=864e0f07-29:482 c @ jquery.js:564 fireWith @ jquery.js:564 ready @ jquery.js:564 P @ jquery.js:564 client.js:270 PROPFIND https://xxx/public.php/webdav/ 401 (Unauthorized) request @ query-string.js:27 propFind @ query-string.js:27 getFolderContents @ client.js?v=864e0f07-29:491 reload @ filelist.js?v=864e0f07-29:2044 changeDirectory @ filelist.js?v=864e0f07-29:1900 initialize @ public.js?v=864e0f07-29:292 (anonymous) @ public.js?v=864e0f07-29:483 (anonymous) @ jquery.js:564 setTimeout (async) (anonymous) @ jquery.js:564 (anonymous) @ jquery.js:564 I @ jquery.js:564 i @ jquery.js:564 (anonymous) @ public.js?v=864e0f07-29:482 c @ jquery.js:564 fireWith @ jquery.js:564 ready @ jquery.js:564 P @ jquery.js:564 jquery.js:8630 XHR finished loading: GET "https://xxx/cron.php". send @ jquery.js:564 ajax @ jquery.js:564 m.each.m. @ jquery.js:564 (anonymous) @ backgroundjobs.js?v=864e0f07-29:24 c @ jquery.js:564 fireWith @ jquery.js:564 ready @ jquery.js:564 P @ jquery.js:564 xhr.js:178 XHR failed loading: GET "https://xxx/ocs/v2.php/apps/text/public/workspace?path=%2F&shareToken=s3YWSjpobH3DLH2". (anonymous) @ files.js:32 e.exports @ files.js:32 e.exports @ files.js:32 Promise.then (async) s.request @ files.js:32 n.forEach.s. @ files.js:32 (anonymous) @ files.js:32 getFileInfo @ mime.js:23 (anonymous) @ mime.js:23 c @ windows-phone.js:23 (anonymous) @ windows-phone.js:23 forEach.e. @ windows-phone.js:23 u @ mime.js:23 a @ mime.js:23 (anonymous) @ mime.js:23 (anonymous) @ mime.js:23 mounted @ mime.js:23 Ke @ vue.esm.js:8 rn @ vue.esm.js:8 (anonymous) @ vue.esm.js:8 On.$mount @ vue.esm.js:8 On.$mount @ vue.esm.js:8 (anonymous) @ files.js:32 Promise.then (async) render @ files.js:32 (anonymous) @ filelist.js?v=864e0f07-29:461 setTimeout (async) (anonymous) @ filelist.js?v=864e0f07-29:460 initHeadersAndFooters @ filelist.js?v=864e0f07-29:451 initialize @ filelist.js?v=864e0f07-29:439 FileList @ filelist.js?v=864e0f07-29:32 initialize @ public.js?v=864e0f07-29:66 (anonymous) @ public.js?v=864e0f07-29:483 (anonymous) @ jquery.js:564 setTimeout (async) (anonymous) @ jquery.js:564 (anonymous) @ jquery.js:564 I @ jquery.js:564 i @ jquery.js:564 (anonymous) @ public.js?v=864e0f07-29:482 c @ jquery.js:564 fireWith @ jquery.js:564 ready @ jquery.js:564 P @ jquery.js:564 client.js:270 XHR failed loading: PROPFIND "https://xxx/public.php/webdav/". request @ query-string.js:27 propFind @ query-string.js:27 getFolderContents @ client.js?v=864e0f07-29:491 reload @ filelist.js?v=864e0f07-29:2044 changeDirectory @ filelist.js?v=864e0f07-29:1900 initialize @ public.js?v=864e0f07-29:292 (anonymous) @ public.js?v=864e0f07-29:483 (anonymous) @ jquery.js:564 setTimeout (async) (anonymous) @ jquery.js:564 (anonymous) @ jquery.js:564 I @ jquery.js:564 i @ jquery.js:564 (anonymous) @ public.js?v=864e0f07-29:482 c @ jquery.js:564 fireWith @ jquery.js:564 ready @ jquery.js:564 P @ jquery.js:564 ```
cromefire commented 4 years ago

The returned error is this:

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>

The error occurs with seemingly any remote.php call.

It only happens after some time has passed, so immediately after login it works.

My nextcloud has been stable for a long time before this (so no fresh install). The only thing I changed was the cache and changing that back doesn't help.

charlyroot commented 4 years ago

Hello, I have exactly the same error, basic auth on /public.php/webdav/ on a public share Nextcloud version: 18.0.4 No differences except that I use a local account and not LDAP

I tried a new installation in 18.0.4, and still the same problem

jpylypiw commented 4 years ago

I fixed the issue some days ago. It seems that I had some misconfiguration in my Apache2 Webserver in combination with PHP FPM. After changing my Apache VirtualHost from FPM Proxy to direct FPM Access everything worked.

Configuration before:

ProxyPassMatch ^/(.*\.php(/.*)?)$ "unix:/var/run/php-fpm.sock|fcgi://localhost/var/www/nextcloud"

Configuration after:

<IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>

In fact I activated the php7.3-fpm.conf file in conf-available of the apache folder and removed the ProxyPassMatch from the VirtualHost and everything started working.

I hope this helps you guys on troubleshooting your problem.

cromefire commented 3 years ago

That fix didn't work at all for me, I had to trick the system by using:

<Location /remote.php>
    SetEnvIf requesttoken ".+" hasToken
    RequestHeader setIfEmpty Authorization "Basic Og==" env=hasToken
</Location>

Which seems like there's just a bad check that checks if the Authorization header is there without checking if the requesttoken is already present, which seems to be checked before the Authorization header is actually validated though (because the snippet above just sets it to empty credentials), so the really seems like some kind of edge case problem that should be dealt with.