Does not sync with grauphel

[qirtaiba]

Tomboy OS X does not sync with grauphel:

https://github.com/cweiske/grauphel

When you try, it tells you "The URL entered https://yourdomain.tld/owncloud/index.php/apps/grauphel is not valid for syncing".

[rashoodkhan]

Jeremy,

Tomboy OSX currently supports syncing using Rainy Server. Right now there is no provision for any other service for sync.

Rashid Khan http://www.imrashid.com

On Wed, Sep 10, 2014 at 9:57 PM, Jeremy Malcolm notifications@github.com wrote:

Tomboy OS X does not sync with grauphel:

https://github.com/cweiske/grauphel

When you try, it tells you "The URL entered https://yourdomain.tld/owncloud/index.php/apps/grauphel is not valid for syncing".

— Reply to this email directly or view it on GitHub https://github.com/tomboy-notes/tomboy.osx/issues/39.

[qirtaiba]

Hence the bug report; consider it a feature request. :-)

[cweiske]

@rashoodkhan: grauphel implements the Tomboy REST API that Rainy implements, too - so it should work.

[rashoodkhan]

Awesome.

Will look in to grauphel and see how Tomboy can be enhanced to support it.

Rashid Khan http://www.imrashid.com

On Wed, Sep 10, 2014 at 10:37 PM, Christian Weiske <notifications@github.com

wrote:

@rashoodkhan https://github.com/rashoodkhan: grauphel implements the Tomboy REST API that Rainy implements, too - so it should work.

— Reply to this email directly or view it on GitHub https://github.com/tomboy-notes/tomboy.osx/issues/39#issuecomment-55147824 .

[cweiske]

@rashoodkhan - I can provide a test account on my server if you want.

[cweiske]

@qirtaiba: Does Tomboy on Linux work with your server? If not it could have to do with the owncloud/ subdirectory. I did not test that yet.

[qirtaiba]

Yes it does.

[rashoodkhan]

After debugging the issue for a while, I am getting an invalid signature error when trying to get the oauth token. Below is the Response received:

oauth_problem=signature_invalid&debug_sbs=POST&=https://wolke.cweiske.de/index.php/apps/grauphel/oauth/request_token,oauth_callback=http%3A%2F%2Flocalhost%3A9001%2F&oauth_consumer_key=anyone&oauth_nonce=9025122&oauth_signature_method=PLAINTEXT&oauth_timestamp=1412368667&oauth_version=1.0

@Dynalon - Any idea why this is happening?

[sbusch]

The root certificate for this domain doesn't seem to be trusted generally, see https://ssl-tools.net/webservers/wolke.cweiske.de

[trepidity]

That's a valid point. We probably should allow the user to trust the site manually. This could be a big deal for users hosting their own site.

Created https://trello.com/c/pxvdZlN6/1-support-untrusted-certificates-from-sync-server

[cweiske]

Yes, I use a certificate from cacert.org, whose root certificate is not included in most browsers/operating systems.

You can try it without SSL at http://nossl-wolke.cweiske.de/

[gregor2005]

hi, i searched through the code to find a solution. is anybody else working on this? i'm not familiar with mono so i have to investigate a little bit of time to get into. after debugging the code and output webexception it looks like it is searching for somesthing special but it gets the html code. is the code of the osx project separated from the linux version? (i check the linux code because there it is working on my home workstation)

[qirtaiba]

Yes they are separate. You want this code: https://github.com/tomboy-notes/tomboy.osx

[cweiske]

@qirtaiba - try adding a slash at the end of the sync url.

[qirtaiba]

No joy. It doesn't give an error, but it doesn't do anything when I click "Authenticate". I get this in the webserver log:

208.90.213.162 - - [11/Nov/2014:06:49:46 +0800] "GET /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1" 200 356 "-" "-" 208.90.213.162 - - [11/Nov/2014:06:49:47 +0800] "POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1" 401 347 "-" "-"

After that when I choose "Sync Now" I get:

Sync Failed The sync was not successful. Please check the Sync Settings.

And if I try Authenticate again the application crashes.

[cweiske]

"GET /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1" 200 356 "-" "-"`

This means that tomboy.osx finally fetched the correct first file, which it did not before.

"POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1" 401 347 "-" "-"`

The HTTP status code 401 is an indication that something is wrong with the OAuth request (401 means unauthorized). Could you install wireshark to see what's happening there? It can will show you the actual HTTP response that's sent back to tomboy.osx from grauphel (try that on a connection without ssl).

See http://fotostore.cweiske.de/screenshots/2014-11-11%20wireshark%20http.png for a small explanation.

[qirtaiba]

I can't install wireshark because the machine is an OpenVZ container and I don't have the right permissions for that sort of low-level network access. But I installed something else called httpry and it returned this, does that help any?

2014-11-12 04:46:58.884 208.90.213.162 85.234.150.215 > GET www.malcolm.id.au /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1 - - 2014-11-12 04:46:59.007 85.234.150.215 208.90.213.162 < - - - HTTP/1.1 200 OK 2014-11-12 04:46:59.435 208.90.213.162 85.234.150.215 > POST www.malcolm.id.au /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1 - - 2014-11-12 04:46:59.564 85.234.150.215 208.90.213.162 < - - - HTTP/1.1 401 Unauthorized

[cweiske]

I need the full content (body) of the 401 response :/

[qirtaiba]

OK, got it now (I misunderstood that I should install Wireshark on the server, but I now understand that you meant on the client):

HTTP/1.1 401 Unauthorized Date: Tue, 11 Nov 2014 21:08:22 GMT Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2 X-Powered-By: PHP/5.4.4-14+deb7u11 Set-Cookie: oc1e0d67c158=ti1iauuree9geoclsfdt7481u1; path=/owncloud; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: Sameorigin Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src * X-Robots-Tag: none Content-Length: 346 Content-Type: text/html; charset=utf-8

oauth_problem=signature_invalid&debug_sbs=POST&http%3A%2F%2Fwww.malcolm.id.au%2Fowncloud%2Findex.php%2Fapps%2Fgrauphel%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A9001%252F%26oauth_consumer_key%3Danyone%26oauth_nonce%3D6815528%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1415740104%26oauth_version%3D1.0

[cweiske]

Ok, that's the same problem that @rashoodkhan commented on Oct 3.

[rashoodkhan]

Yes. I had captured the error by logging on the tomboy app itself. Does this seem an issue with tomboy-library service or the API service which grauphel provides?

[cweiske]

Since grauphel works fine with Tomboy, Tomdroid and Conboy, I suppose it's a problem with tomboy.osx or the library.

[cweiske]

@qirtaiba or @rashoodkhan: Could you please also paste the Authorization header that is sent with the POST request?

Since PLAINTEXT is used, the oauth_signature in the authorization header should only be

oauth_signature="anyone%26"

[qirtaiba]

POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1 Authorization: OAuth realm="Snowy",oauth_callback="http%3A%2F%2Flocalhost%3A9001%2F",oauth_consumer_key="anyone",oauth_nonce="8150851",oauth_signature="anyone%2526",oauth_signature_method="PLAINTEXT",oauth_timestamp="1415908783",oauth_version="1.0" Content-Type: application/json; charset=utf-8 Content-Length: 0 Host: www.malcolm.id.au

[cweiske]

Ha, there we have it!

oauth_signature="anyone%2526"

This is double encoded. It happens because OAuthConnection.cs#221 encodes the signature, and OAuthBase.cs#211 also urlencodes the signature. This double-encoding breaks it.

RFC 5849 section 2.1. Temporary Credentials has an example how it should look, and it looks single encoded:

   For example, the client makes the following HTTPS request:

     POST /request_temp_credentials HTTP/1.1
     Host: server.example.com
     Authorization: OAuth realm="Example",
        oauth_consumer_key="jd83jd92dhsh93js",
        oauth_signature_method="PLAINTEXT",
        oauth_callback="http%3A%2F%2Fclient.example.net%2Fcb%3Fx%3D1",
        oauth_signature="ja893SD9%26"

@rashoodkhan or @Dynalon: Can you remove the double encoding?

[cweiske]

@qirtaiba - could you try grauphel from git, branch tomboyosxfix? I've added a workaround for this bug.

[qirtaiba]

Well, from the grauphel side it now seems to work, thanks! But although getting further, it still didn't ultimately help. It says "The authentication with the server has been successful. You can sync with the web server now", but then when you try to sync the application immediately crashes.

Can I borrow someone's Rainy login to see if it crashes in the same way with a different server?

In case it helps here is some HTTP debugging after clicking "Sync":

Request:

GET /owncloud/index.php/apps/grauphel//api/1.0 HTTP/1.1 Accept: application/json Authorization: OAuth realm="Snowy",oauth_consumer_key="anyone",oauth_nonce="454019",oauth_signature_method="PLAINTEXT",oauth_timestamp="1416858300",oauth_version="1.0" Host: www.malcolm.id.au Accept-Encoding: gzip, deflate

Response:

HTTP/1.1 200 OK Date: Mon, 24 Nov 2014 19:44:31 GMT Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2 X-Powered-By: PHP/5.4.4-14+deb7u11 Set-Cookie: oc1e0d67c158=dh5rv64dte59jr341tmndqnj90; path=/owncloud; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: Sameorigin Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src * X-Robots-Tag: none Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

followed by the HTML of an ownCloud login page.

[rashoodkhan]

Timo has generated a lot of public usernames and password - http://dynalon.github.io/Rainy/#!PUBLIC_SERVER.md

[qirtaiba]

Yeah it works fine with Rainy. So, Grauphel sync bug persists.

[cweiske]

The problem here is the double slash: GET /owncloud/index.php/apps/grauphel//api/1.0, which is caused by the comment

@qirtaiba - try adding a slash at the end of the sync url. and which is ultimately bug #41.

Problem is now that either API detection does not work at all ("is not valid for syncing"), or syncing fails (double slash). If tomboy.osx would fix bug #41, it would work. But I don't have much hope since @rashoodkhan and friends already did not find the time to fix the trivial double encoding bug here :-/

[cweiske]

I tried to add a workaround in grauphel to allow the double slash in the URL, but ownCloud does not support that. Seems we really have to wait for bug #41 to get fixed.

[cweiske]

@qirtaiba: What do you get when opening /owncloud/index.php/apps/grauphel/api/1.0 in your browser?

[trepidity]

I will see if I can fix it Tuesday. Sorry for the delay.

[qirtaiba]

{"oauth_request_token_url":"https:\/\/www.malcolm.id.au\/owncloud\/index.php\/apps\/grauphel\/oauth\/request_token","oauth_authorize_url":"https:\/\/www.malcolm.id.au\/owncloud\/index.php\/apps\/grauphel\/oauth\/authorize","oauth_access_token_url":"https:\/\/www.malcolm.id.au\/owncloud\/index.php\/apps\/grauphel\/oauth\/access_token","api-version":"1.0"}

[cweiske]

@qirtaiba - ok, that does not explain why tomboy.osx does the api once correctly, and once wrongly :/ Seem to be two places in the code that the URL is built.

Ah, found them:

• Tomboy-library/Tomboy/Sync/WebSync/WebSyncServer.cs: rootApiUrl = serverUrl + "/api/1.0"
• Tomboy-library/Tomboy/Sync/WebSync/OAuth/OAuthConnection.cs: apiRoot = rest_client.Get<ApiResponse> (rootUrl+ "api/1.0/");

This needs to be fixed in #41.

[trepidity]

OK guys, give it a try. https://www.dropbox.com/s/98qonz4z2w9wr0d/Tomboy-osx%2341.zip?dl=0

MD5=d9b8acf5b5bdb2908496758fda9af057

You can see my changes at -> https://github.com/trepidity/tomboy-library/commit/41c1fac99b2b27bd1a76a1f9aff855cf3050f2e4

[qirtaiba]

It now authenticates, but crashes on sync.

[cweiske]

@qirtaiba - auth already worked with my workaround. The crash did also already happen. Could you repeat the HTTP debugging output again?

[qirtaiba]

Almost the same but look at the error in the GET below:

Request: GET /owncloud/index.php/apps/grauphelapi/1.0/ HTTP/1.1 Accept: application/json Authorization: OAuth realm="Snowy",oauth_consumer_key="anyone",oauth_nonce="2501748",oauth_signature_method="PLAINTEXT",oauth_timestamp="1417029380",oauth_version="1.0" Host: www.malcolm.id.au Accept-Encoding: gzip, deflate

Response: 200 OK Date: Wed, 26 Nov 2014 19:16:20 GMT Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2 X-Powered-By: PHP/5.4.4-14+deb7u11 Set-Cookie: oc1e0d67c158=m9b758t5t7np6ek755c5mu29s3; path=/owncloud; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: Sameorigin Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src * X-Robots-Tag: none Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

followed by the HTML of an ownCloud login page.

[trepidity]

But the server URL looks valid and the oauth_nonce="2501748" isn't encoded right?

[qirtaiba]

GET /owncloud/index.php/apps/grauphelapi/1.0/ doesn't look valid. (But whether or not I include a trailing slash, same result.)

[cweiske]

The URL isn't valid, that's right.

@trepidity - if you fix the oauth signature double encoding issue you can test on wolke.cweiske.de. I already sent you the login data via e-mail some time ago.

[trepidity]

Trying now.

[trepidity]

@cweiske Are you on chat somewhere? Skype, G+ Hangouts, IRC?

[nedson]

Would love to see this get fixed! Sending positive vibes to anyone working on this :-)

[trepidity]

I know, sorry!! Thinks at work are not behaving. Of course, more than willing for someone else to fix it :)

--  JJ

On December 8, 2014 at 5:37:30 PM, nedson (notifications@github.com) wrote:

Would love to see this get fixed! Sending positive vibes to anyone working on this :-)

[nedson]

:-) for now, running a tomboy virtualized to hack at my notes...thank you for your work! It is appreciated!