search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.22k stars 4.05k forks source link

Built-in picture viewer not working for folders shared via public link #22174

Closed BrozzSama closed 4 years ago

BrozzSama commented 4 years ago

Today I shared a folder with around 150 JPEG images inside. If I login with my account, or another nextcloud account with access to the share I can successfully view the images directly from the web browser, however if I share the folder using a public link a guest can only download the pictures but cannot use the built-in viewer.

I ran Nextcloud in debug mode and got the following error:

[webdav] Debug: Sabre\DAV\Exception\NotAuthenticated: at <>

0. /var/www/nextcloud/apps/dav/lib/Connector/Sabre/ServerFactory.php line 148
   {closure}("*** sensitive parameters replaced ***")
1. <<closure>>
   OCA\DAV\Connector\Sabre\ServerFactory->OCA\DAV\Connector\Sabre\{closure}("*** sensitive parameters replaced ***")
2. /var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105
   call_user_func_array(Closure {}, ["*** sensitive  ... "])
3. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 466
   Sabre\Event\EventEmitter->emit("beforeMethod", ["*** sensitive  ... "])
4. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 254
   Sabre\DAV\Server->invokeMethod("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
5. /var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php line 111
   Sabre\DAV\Server->exec()
6. /var/www/nextcloud/public.php line 81
   require_once("/var/www/nextcl ... p")

PROPFIND /public.php/webdav/100_2293.JPG
from 192.168.1.44 at 2020-08-10T14:53:43+00:00

which makes me think that guests are not allowed to look at previews even though they are allowed to do so.

Steps to reproduce

  1. Upload pictures inside a nextcloud folder
  2. Share pictures using public link
  3. Access link without a user account and try to view the pictures using the built-in viewer

Expected behaviour

A guest should be allowed to view the pictures directly from the web browser without having to download them

Actual behaviour

Guests cannot use the built-in viewer

Server configuration

Operating system: Ubuntu 18.04

Web server: Nginx 1.14.0

Database: MariaDB 15.1

PHP version: PHP 7.2.24

Nextcloud version: 18.0.7

Updated from an older Nextcloud/ownCloud or fresh install: Updated

Where did you install Nextcloud from: From the nextcloud website

Signing status:

No errors have been found.

List of activated apps:

App list ``` Enabled: - accessibility: 1.4.0 - activity: 2.11.0 - bruteforcesettings: 1.6.0 - cloud_federation_api: 1.1.0 - comments: 1.8.0 - contacts: 3.3.0 - dav: 1.14.0 - federatedfilesharing: 1.8.0 - federation: 1.8.0 - files: 1.13.1 - files_markdown: 2.3.0 - files_pdfviewer: 1.7.0 - files_rightclick: 0.15.2 - files_sharing: 1.10.1 - files_trashbin: 1.8.0 - files_versions: 1.11.0 - files_videoplayer: 1.7.0 - firstrunwizard: 2.7.0 - logreader: 2.3.0 - lookup_server_connector: 1.6.0 - notifications: 2.6.0 - oauth2: 1.6.0 - password_policy: 1.8.0 - photos: 1.0.0 - privacy: 1.2.0 - provisioning_api: 1.8.0 - recommendations: 0.6.0 - serverinfo: 1.8.0 - settings: 1.0.0 - sharebymail: 1.8.0 - spreed: 8.0.10 - support: 1.1.1 - survey_client: 1.6.0 - systemtags: 1.8.0 - text: 2.0.0 - theming: 1.9.0 - twofactor_backupcodes: 1.7.0 - updatenotification: 1.8.0 - viewer: 1.2.0 - workflowengine: 2.0.0 Disabled: - admin_audit - encryption - files_external - nextcloud_announcements - user_ldap ```

Nextcloud configuration:

Config report ``` { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "dbname": "***REMOVED SENSITIVE VALUE***", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "version": "18.0.7.1", "installed": true, "overwrite.cli.url": "http:\/\/localhost", "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "dbindex": 0, "password": "***REMOVED SENSITIVE VALUE***", "timeout": 1.5 }, "maintenance": false, "loglevel": "0", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "ssl", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "preview_max_y": 512, "preview_max_x": 512, "preview_libreoffice_path": "\/usr\/bin\/libreoffice", "enable_previews": true, "enabledPreviewProviders": [ "OC\\Preview\\TXT", "OC\\Preview\\MarkDown", "OC\\Preview\\OpenDocument", "OC\\Preview\\PDF", "OC\\Preview\\MSOffice2003", "OC\\Preview\\MSOfficeDoc", "OC\\Preview\\PDF", "OC\\Preview\\Image", "OC\\Preview\\Photoshop", "OC\\Preview\\TIFF", "OC\\Preview\\SVG", "OC\\Preview\\Font", "OC\\Preview\\MP3", "OC\\Preview\\Movie", "OC\\Preview\\MKV", "OC\\Preview\\MP4", "OC\\Preview\\AVI" ], "theme": "", "versions_retention_obligation": "auto, 15", "trashbin_expire": "auto, 4" } }```

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser: Chromium: 84.0.4147.105 (Official Build) (64-bit)

Operating system: Windows 10 64-bit

Logs

Web server error log

Web server error log ``` Insert your webserver log here ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` [webdav] Debug: Sabre\DAV\Exception\NotAuthenticated: at <> ``` 0. /var/www/nextcloud/apps/dav/lib/Connector/Sabre/ServerFactory.php line 148 {closure}("*** sensitive parameters replaced ***") 1. <> OCA\DAV\Connector\Sabre\ServerFactory->OCA\DAV\Connector\Sabre\{closure}("*** sensitive parameters replaced ***") 2. /var/www/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105 call_user_func_array(Closure {}, ["*** sensitive ... "]) 3. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 466 Sabre\Event\EventEmitter->emit("beforeMethod", ["*** sensitive ... "]) 4. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 254 Sabre\DAV\Server->invokeMethod("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***") 5. /var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php line 111 Sabre\DAV\Server->exec() 6. /var/www/nextcloud/public.php line 81 require_once("/var/www/nextcl ... p") PROPFIND /public.php/webdav/100_2293.JPG from 192.168.1.44 at 2020-08-10T14:53:43+00:00 ``` ```

Browser log

Browser log ``` Opening viewer for file /100_2293.JPG viewer.js?v=dee034fe-10:39 PROPFIND https://cloud.brozzu.xyz/public.php/webdav/100_2293.JPG 401 (anonymous) @ viewer.js?v=dee034fe-10:39 t.exports @ viewer.js?v=dee034fe-10:39 t.exports @ viewer.js?v=dee034fe-10:260 Promise.then (async) c.request @ viewer.js?v=dee034fe-10:260 (anonymous) @ viewer.js?v=dee034fe-10:39 (anonymous) @ viewer.js?v=dee034fe-10:260 value @ viewer.js?v=dee034fe-10:260 value @ viewer.js?v=dee034fe-10:260 c @ viewer.js?v=dee034fe-10:260 t.exports @ viewer.js?v=dee034fe-10:260 request @ viewer.js?v=dee034fe-10:14 getStat @ viewer.js?v=dee034fe-10:261 stat @ viewer.js?v=dee034fe-10:260 (anonymous) @ viewer.js?v=dee034fe-10:324 u @ main.js?v=dee034fe-10:565 (anonymous) @ main.js?v=dee034fe-10:565 forEach.e. @ main.js?v=dee034fe-10:565 F @ viewer.js?v=dee034fe-10:303 s @ viewer.js?v=dee034fe-10:303 (anonymous) @ viewer.js?v=dee034fe-10:303 (anonymous) @ viewer.js?v=dee034fe-10:303 $ @ viewer.js?v=dee034fe-10:324 z @ viewer.js?v=dee034fe-10:324 (anonymous) @ viewer.js?v=dee034fe-10:347 u @ main.js?v=dee034fe-10:565 (anonymous) @ main.js?v=dee034fe-10:565 forEach.e. @ main.js?v=dee034fe-10:565 G @ viewer.js?v=dee034fe-10:324 s @ viewer.js?v=dee034fe-10:347 (anonymous) @ viewer.js?v=dee034fe-10:347 (anonymous) @ viewer.js?v=dee034fe-10:347 (anonymous) @ viewer.js?v=dee034fe-10:347 (anonymous) @ viewer.js?v=dee034fe-10:347 u @ main.js?v=dee034fe-10:565 (anonymous) @ main.js?v=dee034fe-10:565 forEach.e. @ main.js?v=dee034fe-10:565 Q @ viewer.js?v=dee034fe-10:347 s @ viewer.js?v=dee034fe-10:347 (anonymous) @ viewer.js?v=dee034fe-10:347 (anonymous) @ viewer.js?v=dee034fe-10:347 openFile @ viewer.js?v=dee034fe-10:347 file @ viewer.js?v=dee034fe-10:347 pn.run @ viewer.js?v=dee034fe-10:14 ln @ viewer.js?v=dee034fe-10:14 (anonymous) @ viewer.js?v=dee034fe-10:14 Xt @ viewer.js?v=dee034fe-10:14 Promise.then (async) Vt @ viewer.js?v=dee034fe-10:14 ee @ viewer.js?v=dee034fe-10:14 (anonymous) @ viewer.js?v=dee034fe-10:14 pn.update @ viewer.js?v=dee034fe-10:14 lt.notify @ viewer.js?v=dee034fe-10:14 set @ viewer.js?v=dee034fe-10:14 value @ viewer.js?v=dee034fe-10:369 actionHandler @ viewer.js?v=dee034fe-10:347 action @ fileactions.js?v=dee034fe-10:136 _onClickFile @ filelist.js?v=dee034fe-10:901 I @ main.js?v=dee034fe-10:25 (anonymous) @ main.js?v=dee034fe-10:25 (anonymous) @ main.js?v=dee034fe-10:25 dispatch @ main.js?v=dee034fe-10:25 v.handle @ main.js?v=dee034fe-10:25 Show 16 more frames viewer.js?v=dee034fe-10:347 Error: Request failed with status code 401 at t.exports (viewer.js?v=dee034fe-10:39) at t.exports (viewer.js?v=dee034fe-10:260) at XMLHttpRequest.h.onreadystatechange (viewer.js?v=dee034fe-10:39) ```
skjnldsv commented 4 years ago

Hi, do you have federated sharing disabled. If so, please enable it again

BrozzSama commented 4 years ago

I enabled the federated shares as you suggested and it seems like the previews are now working. Is that the expected behavior?

skjnldsv commented 4 years ago

Yes :)

See https://github.com/nextcloud/server/issues/20132