POST operation to /index.php/settings/users/users results in 403 ONLY when sending email to new user.

mfleonhardt commented 8 years ago

Steps to reproduce

Navitage to Users page
Expand cog and check "Send email to new user"
Fill out username, password, email, and groups
Click "Create"
Expected behaviour
User account should be created
User should receive a new user email
GUI should notify admin of successful operation
owncloud.log should record user creation (?)
Actual behaviour
User account is created
No email sent
No notification to admin (of success or failure)
No log activity pertaining to the event
Server configuration

Operating system: Red Hat Enterprise Linux Server release 7.1 (Maipo)

Web server: Apache 2.4.6

Database: MariaDB 10.0.21/wsrep_25

PHP version: 5.4.16

ownCloud version: (see ownCloud admin page) 8.1.3/8.1.4 (seeing this on two installations)

Updated from an older ownCloud or fresh install: Fresh install

List of activated apps:

Enabled:
 - activity: 2.0.2
 - documents: 0.10.2
 - files: 1.1.10
 - files_antivirus: 0.7.0.1
 - files_locking:
 - files_pdfviewer: 0.7
 - files_sharing: 0.6.2
 - files_texteditor: 0.4
 - files_trashbin: 0.6.3
 - files_versions: 1.0.6
 - files_videoviewer: 0.1.3
 - galleryplus: 14.0.0
 - piwik: 0.1.0
 - provisioning_api: 0.2
 - templateeditor: 0.1
 - user_external: 0.4
 - user_ldap: 0.6.1
Disabled:
 - encryption
 - external
 - files_external
 - firstrunwizard
 - gallery
 - user_webdavauth

The content of config/config.php:

<?php
define("DEBUG", 1);

$CONFIG = array (
  'instanceid' => '...',
  'passwordsalt' => '...',
  'secret' => '...',
  'trusted_domains' =>
  array (
    0 => '...',
  ),
  'forcessl' => true,
  'forceSSLforSubdomains' => true,
  'openssl' =>
  array (
    'config' => '/var/www/html/owncloud/3rdparty/phpseclib/phpseclib/phpseclib/openssl.cnf',
  ),
  'mail_smtpdebug' => true,
  'allow_user_to_change_display_name' => false,
  'config_is_read_only' => true,
  'asset-pipeline.enabled' => true,
  'datadirectory' => '/var/data/owncloud',
  'logfile' => '/var/www/html/owncloud/data/owncloud.log',
  'loglevel' => 0,
  'log_rotate_size' => 104857600,
  'overwrite.cli.url' => '...',
  'dbtype' => 'mysql',
  'version' => '8.1.3.0',
  'dbname' => 'owncloud',
  'dbhost' => '...',
  'dbtableprefix' => 'oc_',
  'dbuser' => '...',
  'dbpassword' => '...',
  'logtimezone' => 'UTC',
  'installed' => true,
  'ldapIgnoreNamingRules' => false,
  'mail_from_address' => '...',
  'mail_smtpmode' => 'php',
  'mail_domain' => '...',
  'filelocking.enabled' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 0,
    'dbindex' => 0,
  ),
  'theme' => 'mpr',
  'preview_libreoffice_path' => '/bin/libreoffice',
  'preview_libreoffice_cl_parameters' => ' --headless --nologo --nofirststartwizard --invisible --norestore -convert-to pdf -outdir ',
  'enabledPreviewProviders' =>
  array (
    0 => 'OC\\Preview\\Image',
    1 => 'OC\\Preview\\MP3',
    2 => 'OC\\Preview\\TXT',
    3 => 'OC\\Preview\\MarkDown',
  ),
  'maintenance' => false,
  'appstore.experimental.enabled' => true,
);

Are you using external storage, if yes which one: local/smb/sftp/... No

Are you using encryption: yes/no No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/... ActiveDirectory

LDAP configuration (delete this part if not used)

| hasMemberOfFilterSupport      | 1 |
| hasPagedResultSupport         ||
| homeFolderNamingRule          ||
| lastJpegPhotoLookup           | 0 |
| ldapAgentName                 | ... |
| ldapAgentPassword             | *** |
| ldapAttributesForGroupSearch  | |
| ldapAttributesForUserSearch   | samaccountname;displayname;sn;givenname |
| ldapBackupHost                | |
| ldapBackupPort                | |
| ldapBase                      | dc=...,dc=com |
| ldapBaseGroups                | DC=...,DC=com |
| ldapBaseUsers                 | DC=...,DC=com |
| ldapCacheTTL                  | 5 |
| ldapConfigurationActive       | 1 |
| ldapEmailAttribute            | mail |
| ldapExperiencedAdmin          | 0 |
| ldapExpertUUIDGroupAttr       | |
| ldapExpertUUIDUserAttr        | |
| ldapExpertUsernameAttr        | sAMAccountName |
| ldapGroupDisplayName          | cn |
| ldapGroupFilter               | (&(|(objectclass=top))(|(cn=grp1)(cn=grp2(cn=grp3))) |
| ldapGroupFilterGroups         | grp1; grp2; grp3 |
| ldapGroupFilterMode           | 0 |
| ldapGroupFilterObjectclass    | top |
| ldapGroupMemberAssocAttr      | member |
| ldapHost                      | ... |
| ldapIgnoreNamingRules         | |
| ldapLoginFilter               | (&(&(|(objectclass=person)))(samaccountname=%uid)) |
| ldapLoginFilterAttributes     | |
| ldapLoginFilterEmail          | 0 |
| ldapLoginFilterMode           | 0 |
| ldapLoginFilterUsername       | 1 |
| ldapNestedGroups              | 1 |
| ldapNoCase                    | 1 |
| ldapOverrideMainServer        | |
| ldapPagingSize                | 500 |
| ldapPort                      | 389 |
| ldapQuotaAttribute            | |
| ldapQuotaDefault              | |
| ldapTLS                       | 0 |
| ldapUserDisplayName           | displayname |
| ldapUserFilter                | (&(|(objectclass=person))(|(|(memberof=CN=office1,OU=unit,OU=Security,OU=Groups,OU=location,DC=company,DC=com)(primaryGroupID=2116))(|(memberof=CN=office2,OU=Distribution,OU=Groups,OU=location,DC=company,DC=com)(primaryGroupID=2772))(|(memberof=CN=office3,OU=Security,OU=Groups,OU=location,DC=company,DC=com)(primaryGroupID=2917))(|(memberof=CN=office4,OU=Security,OU=Groups,OU=location,DC=company,DC=com)(primaryGroupID=7758)))) |
| ldapUserFilterGroups          | office1; office2; office3; office4 |
| ldapUserFilterMode            | 0 |
| ldapUserFilterObjectclass     | person |
| ldapUuidGroupAttribute        | auto |
| ldapUuidUserAttribute         | auto |
| turnOffCertCheck              | 1 |
| useMemberOfToDetectMembership | 1 |

Client configuration

Browser: Chrome 48.0.2564.71 beta-m (64-bit)

Operating system: Windows 7 Professional

Logs

Web server error log

No relevant logs

ownCloud log (data/owncloud.log)

{"reqId":"VpAijfK6wpZ3oGBpLSuNVQAAAF4","remoteAddr":"10.10.10.10","app":"user_ldap","message":"No DN found for user1 on ldap.company.com","level":0,"time":"2016-01-08T20:56:45+00:00","method":"POST","url":"\/index.php\/settings\/users\/users"}

Same log entry for successful and unsuccessful POSTs

Browser log

Without sending email to new user:

Request URL:https://.../index.php/settings/users/users
Request Method:POST
Status Code:201 Created

With sending email to new user:

Request URL:https://.../index.php/settings/users/users
Request Method:POST
Status Code:403 Forbidden

nickvergessen commented 8 years ago

Did you create "user1" in that example?

mfleonhardt commented 8 years ago

Yes. "user1" is being created as a database user, not part of the LDAP backend. (And creation is successful)

PVince81 commented 8 years ago

@mfleonhardt are you still seeing this issue on 8.1.9 ?

So far it still looks like an environment issue and there isn't enough info to be able to reproduce this.

mfleonhardt commented 8 years ago

I've moved on to 9.0.2. When I looked at this in a dev install on 8.1/8.2, I couldn't get the error to reproduce either (CentOS 7). Environmental causes are a good guess, but no idea what difference in the environment are responsible.

9.0.2 in the same production environment (RHEL7) behaves as expected.

PVince81 commented 8 years ago

This is something I've been unable to reproduce, so I'm going to close this now as env issue.

If other people find the same issue and are able to provide env details, then we might be able to correlate similarities and find whether it's a bug or env issue.

Closing for now. Thanks for the feedback !

lock[bot] commented 5 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

owncloud / core