Missing Personal Space for some users

LucasRueckert commented 4 days ago

Describe the bug

While testing OCIS we found that some users have a "Personal Space" and some users don't. All user accounts come from our LDAP, there is no pattern visible regarding the accounts, it seems to be random. But "Personal Space" is available to all users through WebDav.

When a user without the "Personal Space" tries to access it through the URL directly ,the user gets the Message "Resolving private link ...", without being able to accessing it.

Users with "Personal Space":

Web Interface:

API Request:

curl -sL -u mwassmann https://[DOMAIN]/graph/v1.0/me/drive/ | json_pp
{
   "driveAlias" : "personal/mwassmann",
   "driveType" : "personal",
   "id" : "f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann",
   "lastModifiedDateTime" : "2024-06-26T13:30:10.511648693Z",
   "name" : "Martin Waßmann",
   "owner" : {
      "user" : {
         "displayName" : "",
         "id" : "mwassmann"
      }
   },
   "quota" : {
      "remaining" : 1266208768,
      "state" : "normal",
      "total" : 0,
      "used" : 0
   },
   "root" : {
      "eTag" : "\"3b692f2b1ea99b046eb4697f92d0f910\"",
      "id" : "f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann",
      "webDavUrl" : "https://[DOMAIN]/dav/spaces/f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann"
   },
   "webUrl" : "https://[DOMAIN]/f/f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann"
}

curl -sL -u mwassmann https://[DOMAIN]/graph/v1.0/drives/ | json_pp
{
   "value" : [
      {
         "driveAlias" : "virtual/shares",
         "driveType" : "virtual",
         "id" : "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668",
         "name" : "Shares",
         "root" : {
            "eTag" : "DECAFC00FEE",
            "id" : "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668",
            "webDavUrl" : "https://[DOMAIN]/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668"
         },
         "webUrl" : "https://[DOMAIN]/f/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668"
      },
      {
         "driveAlias" : "personal/mwassmann",
         "driveType" : "personal",
         "id" : "f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann",
         "lastModifiedDateTime" : "2024-06-26T13:30:10.511648693Z",
         "name" : "Martin Waßmann",
         "owner" : {
            "user" : {
               "displayName" : "",
               "id" : "mwassmann"
            }
         },
         "quota" : {
            "remaining" : 1266208768,
            "state" : "normal",
            "total" : 0,
            "used" : 0
         },
         "root" : {
            "eTag" : "\"3b692f2b1ea99b046eb4697f92d0f910\"",
            "id" : "f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann",
            "webDavUrl" : "https://[DOMAIN]/dav/spaces/f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann"
         },
         "webUrl" : "https://[DOMAIN]/f/f2528657-cfb9-4ce7-af08-805a4bb9fae1$mwassmann"
      }
   ]
}

Users without "Personal Space:"

Web Interface:

API Request:

curl -sL -u tpabst https://[DOMAIN]/graph/v1.0/me/drive/ | json_pp
{
   "error" : {
      "code" : "itemNotFound",
      "innererror" : {
         "date" : "2024-06-27T11:55:58Z",
         "request-id" : "owncloud-is-poc/9T6i48Uk85-000088"
      },
      "message" : "no drive returned from storage"
   }
}

curl -sL -u tpabst https://[DOMAIN]/graph/v1.0/drives/ | json_pp
{
   "value" : [
      {
         "driveAlias" : "virtual/shares",
         "driveType" : "virtual",
         "id" : "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668",
         "name" : "Shares",
         "root" : {
            "eTag" : "DECAFC00FEE",
            "id" : "a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668",
            "webDavUrl" : "https://[DOMAIN]/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668"
         },
         "webUrl" : "https://[DOMAIN]/f/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668"
      }
   ]
}

Steps to reproduce

none

Expected behavior

All users get a "Personal Space" at first login.

Actual behavior

Randomly some users have a "Personal Space" and some don't.

Setup

OS: Debian 11

Additional context

We had the problem from Version 4.0 of OCIS till Version 6.

kobergj commented 4 days ago

From the top of my head I see two possible reasons for this:

Logins: In ocis, the personal spaces get created when the user logs in for the first time. Maybe the users that don't have a personal space are just coming from the LDAP, but they just haven't logged into ocis yet?
Light Users: In ocis there is a user role "Light User". Other than regular users these do not have a personal space. Maybe there is a wrong mapping between ldap claims and ocis roles?

LucasRueckert commented 4 days ago

The users we tested with have all logged in at leased once and none of them are "Light Users". We currently have no mapping between LDAP and any OCIS roles/groups.

micbar commented 4 days ago

We had some migrations of space indices from 4 to 6.

You can re run them to repair the space index.

https://doc.owncloud.com/ocis/5.0/maintenance/commands/rolling-back-and-forward.html

LucasRueckert commented 4 days ago

We did setup version 6 from scratch, so no old data/config.

kobergj commented 4 days ago

Are there any error logs on the server? Especially when a user who doesn't have a space logs in, ocis will try to create a space for him. This seems to fail though. Could you check if there any logs telling what is wrong?

LucasRueckert commented 3 days ago

Here are the logs from a user without a "Personal Space" logging in:

Jun 28 08:05:50 ocis[8077]: {"level":"warn","service":"frontend","pkg":"rhttp","traceid":"70a6ee7a6205b0329ba83facf1bfca62","time":"2024-06-28T08:05:50Z","message":"core access token not set"}
Jun 28 08:05:50 ocis[8077]: {"level":"error","service":"storage-users","pkg":"rgrpc","traceid":"7cae196b20e0c9f0f62aa781076a73d5","error":"internal error: malformed link","id":"","time":"2024-06-28T08:05:50Z","message":"resolve space id index entry, skipping"}
Jun 28 08:05:50 ocis[8077]: {"level":"error","service":"storage-users","pkg":"rgrpc","traceid":"d195abd5965b7c4ff3adca56700ba0ed","error":"internal error: malformed link","id":"","time":"2024-06-28T08:05:50Z","message":"resolve space id index entry, skipping"}
Jun 28 08:05:51 ocis[8077]: {"level":"error","service":"storage-users","pkg":"rgrpc","traceid":"dab78a3d44facc2dbe304467bbe9da7f","error":"internal error: malformed link","id":"","time":"2024-06-28T08:05:51Z","message":"resolve space id index entry, skipping"}

Also we found in /var/lib/ocis/storage/users/indexes/by-user-id that, when looking at the .mpk-files in a hexeditor, all users with a "Personal Space" had dots between their username and the first slash, while all users without the "Personal Space " had one other character between the username and the first slash.

with "Personal Space": ..mwassmann..../../../spaces/mw/assmann/nodes/mw/as/sm/an/n

without "Personal Space": ..tpabst.&../../../spaces/tp/abst/nodes/tp/ab/st

owncloud / ocis