issue accepting share from mesh.pondersource.org (NC) to cloud.pondersource.com (OC-10)

[michielbdejong]

• I created a share through reva-cli on mesh.pondersource.org
• I saw it was created in oc_share_external on cloud.pondersource.com with mesh.pondersource.org as the remot
• when i try to accept the share I see this:

[michielbdejong]

reproduced this again just now

[michielbdejong]

For starters, I'm seeing that the share is added to oc_share_external with https://remote.php/dav/ocm as the remote. This is the share as it gets sent reva-to-reva:

Sending OCM /shares POST to https://mesh.pondersource.com/ocm/shares: 
{"shareWith":"einstein@mesh.pondersource.com",
"name":"org-to-com",
"description":"","providerId":"\"2\"",
"owner":"einstein@mesh.pondersource.org","sender":"einstein@mesh.pondersource.org",
"ownerDisplayName":"","senderDisplayName":"einstein","shareType":"user","expiration":0,
"resourceType":"folder","protocol":{"name":"multi","options":{},"webdav":
{"sharedSecret":"3AM8uirucmdbzOLxj8xCRcJ6fnPhVvTi","permissions":["read"],
"url":"remote.php/dav/ocm/3AM8uirucmdbzOLxj8xCRcJ6fnPhVvTi"}}}

[michielbdejong]

Weird, I was expecting it to send https://github.com/cs3org/reva/blob/sciencemesh-testing/pkg/ocm/client/client.go#L159-L170

[michielbdejong]

Ah wait! It's actually protocol.webdav.url so that comes from elsewhere.

[michielbdejong]

Maybe it's related to https://github.com/cs3org/ocm-test-suite/blob/main/servers/revad/sciencemesh1.toml#L97 ?

[michielbdejong]

Fixed in https://github.com/cs3org/ocm-test-suite/commit/c1d8b4cb8a1a803fc392d5e21f63ea2aa43ec1c8!

 2023-06-16 09:54:47.698 DBG ../reva/pkg/ocm/client/client.go:200 > Sending OCM /shares POST to https://mesh.pondersource.com/ocm/shares: {"shareWith":"einstein@mesh.pondersource.com","name":"org-to-com","description":"","providerId":"\"3\"","owner":"einstein@mesh.pondersource.org","sender":"einstein@mesh.pondersource.org","ownerDisplayName":"","senderDisplayName":"einstein","shareType":"user","expiration":0,"resourceType":"folder","protocol":{"name":"multi","options":{},"webdav":{"sharedSecret":"cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9","permissions":["read"],"url":"https://mesh.pondersource.org/remote.php/dav/ocm/cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9"}}}

[michielbdejong]

Next problem:

• revad on the sending (.org) side

  2023-06-16 09:56:08.072 WRN ../reva/internal/grpc/services/authprovider/authprovider.go:170 > 
  error authenticating user error="authsvc: 
  error in Authenticate: internal error: 
  error fetching remote user details" pid=333525 pkg=rgrpc traceid=083f8b4d985ad4e11c17e823e23897ab

• nc1.docker logs on the sending side:

  {"reqId":"kaA1WZOr6Pw2XTHpLw4H","level":3,"time":"2023-06-16T09:56:07+00:00","remoteAddr":"167.99.80.220","user":"--","app":"files",
  "method":"POST",
  "url":"/index.php/apps/sciencemesh/~cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9/api/auth/Authenticate",
  "message":"Backends provided no user object for cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9",
  "userAgent":"Go-http-client/1.1","version":"26.0.1.1","exception":{"Exception":"OC\\User\\NoUserException","Message":
  "Backends provided no user object","Code":0,"Trace":[{"function":"getUserFolder","class":"OC\\Files\\Node\\Root","type":"->"},{"file":"/var/www/html/lib/private/Files/Node/LazyFolder.php","line":72,"function":"call_user_func_array"},{"file":"/var/www/html/lib/private/Files/Node/LazyRoot.php","line":40,"function":"__call","class":"OC\\Files\\Node\\LazyFolder","type":"->"},{"file":"/var/www/html/apps/sciencemesh/lib/Controller/RevaController.php","line":135,"function":"getUserFolder","class":"OC\\Files\\Node\\LazyRoot","type":"->"},{"file":"/var/www/html/apps/sciencemesh/lib/Controller/RevaController.php","line":383,"function":"init","class":"OCA\\ScienceMesh\\Controller\\RevaController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"Authenticate","class":"OCA\\ScienceMesh\\Controller\\RevaController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/lib/base.php","line":1056,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Files/Node/Root.php","Line":368,"message":"Backends provided no user object for cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9","exception":{},"CustomMessage":"Backends provided no user object for cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9"}}
  {"reqId":"kaA1WZOr6Pw2XTHpLw4H","level":3,"time":"2023-06-16T09:56:07+00:00","remoteAddr":"167.99.80.220","user":"--","app":"index","method":"POST","url":"/index.php/apps/sciencemesh/~cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9/api/auth/Authenticate","message":"Backends provided no user object","userAgent":"Go-http-client/1.1","version":"26.0.1.1","exception":{"Exception":"OC\\User\\NoUserException","Message":"Backends provided no user object","Code":0,"Trace":[{"function":"getUserFolder","class":"OC\\Files\\Node\\Root","type":"->"},{"file":"/var/www/html/lib/private/Files/Node/LazyFolder.php","line":72,"function":"call_user_func_array"},{"file":"/var/www/html/lib/private/Files/Node/LazyRoot.php","line":40,"function":"__call","class":"OC\\Files\\Node\\LazyFolder","type":"->"},{"file":"/var/www/html/apps/sciencemesh/lib/Controller/RevaController.php","line":135,"function":"getUserFolder","class":"OC\\Files\\Node\\LazyRoot","type":"->"},{"file":"/var/www/html/apps/sciencemesh/lib/Controller/RevaController.php","line":383,"function":"init","class":"OCA\\ScienceMesh\\Controller\\RevaController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"Authenticate","class":"OCA\\ScienceMesh\\Controller\\RevaController","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/lib/base.php","line":1056,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/lib/private/Files/Node/Root.php","Line":368,"CustomMessage":"--"}}

"Backends provided no user object for cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9", where "cZsNFR35mTAkzZ2vUv9CytSLjc52TyZ9" is the token.

[michielbdejong]

Also, before that,

2023-06-16 09:56:08.07 ERR ../reva/internal/grpc/services/ocminvitemanager/ocminvitemanager.go:326 > 
error fetching remote user details error=
"error: not found: einstein" pid=333525 pkg=rgrpc traceid=523255cd0ecff7fe5fbe7e065452e35b

[michielbdejong]

There's also a 500 error somewhere coming from NC when authenticating the token as if it is a username, split that out to #221

[michielbdejong]

Ah! It's because of unkown@unkown:

 2023-06-16 10:13:25.898 INF ../reva/internal/grpc/services/ocminvitemanager/ocminvitemanager.go:320 > 
GetAcceptedUser unknown at unknown pid=334210 pkg=rgrpc traceid=64664d7eaa1e6eaded97cd4ba9c3e81e                                                                                                                                                                                                                                                                                       
2023-06-16 10:13:25.898 ERR ../reva/internal/grpc/services/ocminvitemanager/ocminvitemanager.go:329 > 
error fetching remote user details error="error: not found: einstein" pid=334210 pkg=rgrpc traceid=64664d7eaa1e6eaded97cd4ba9c3e81e                                                                                                                                                                                                                                                    

[michielbdejong]

Fixed! Next issue:

2023-06-16 10:46:01.862 WRN ../reva/internal/grpc/interceptors/auth/auth.go:129 > 
access token is invalid 
error="error: permission denied: 
access to resource not allowed within the assigned scope" pid=334478 pkg=rgrpc traceid=b572941d3553cc7d87842736c74ad1a4

[michielbdejong]

internal/grpc/interceptors/auth/scope.go:61 > Extracting scope from token

internal/grpc/interceptors/auth/scope.go:91 > Token scope is not ok
internal/grpc/interceptors/auth/scope.go:93 > Done extracting scope from token
internal/grpc/interceptors/auth/auth.go:129 > access token is invalid
error="error: permission denied: 
access to resource not allowed within the assigned scope"

[gmgigi96]

@michielbdejong Can you provide us some more logs?

[michielbdejong]

-> breaking this issue out to https://github.com/cs3org/reva/issues/3988