tomboy-notes / tomboy.osx

MonoMac-based version of Tomboy.
Other
20 stars 3 forks source link

Does not sync with grauphel #39

Open qirtaiba opened 10 years ago

qirtaiba commented 10 years ago

Tomboy OS X does not sync with grauphel:

https://github.com/cweiske/grauphel

When you try, it tells you "The URL entered https://yourdomain.tld/owncloud/index.php/apps/grauphel is not valid for syncing".

rashoodkhan commented 10 years ago

Jeremy,

Tomboy OSX currently supports syncing using Rainy Server. Right now there is no provision for any other service for sync.

Rashid Khan http://www.imrashid.com

On Wed, Sep 10, 2014 at 9:57 PM, Jeremy Malcolm notifications@github.com wrote:

Tomboy OS X does not sync with grauphel:

https://github.com/cweiske/grauphel

When you try, it tells you "The URL entered https://yourdomain.tld/owncloud/index.php/apps/grauphel is not valid for syncing".

— Reply to this email directly or view it on GitHub https://github.com/tomboy-notes/tomboy.osx/issues/39.

qirtaiba commented 10 years ago

Hence the bug report; consider it a feature request. :-)

cweiske commented 10 years ago

@rashoodkhan: grauphel implements the Tomboy REST API that Rainy implements, too - so it should work.

rashoodkhan commented 10 years ago

Awesome.

Will look in to grauphel and see how Tomboy can be enhanced to support it.

Rashid Khan http://www.imrashid.com

On Wed, Sep 10, 2014 at 10:37 PM, Christian Weiske <notifications@github.com

wrote:

@rashoodkhan https://github.com/rashoodkhan: grauphel implements the Tomboy REST API that Rainy implements, too - so it should work.

— Reply to this email directly or view it on GitHub https://github.com/tomboy-notes/tomboy.osx/issues/39#issuecomment-55147824 .

cweiske commented 10 years ago

@rashoodkhan - I can provide a test account on my server if you want.

cweiske commented 10 years ago

@qirtaiba: Does Tomboy on Linux work with your server? If not it could have to do with the owncloud/ subdirectory. I did not test that yet.

qirtaiba commented 10 years ago

Yes it does.

rashoodkhan commented 10 years ago

After debugging the issue for a while, I am getting an invalid signature error when trying to get the oauth token. Below is the Response received:

oauth_problem=signature_invalid&debug_sbs=POST&=https://wolke.cweiske.de/index.php/apps/grauphel/oauth/request_token,oauth_callback=http%3A%2F%2Flocalhost%3A9001%2F&oauth_consumer_key=anyone&oauth_nonce=9025122&oauth_signature_method=PLAINTEXT&oauth_timestamp=1412368667&oauth_version=1.0

@Dynalon - Any idea why this is happening?

sbusch commented 10 years ago

The root certificate for this domain doesn't seem to be trusted generally, see https://ssl-tools.net/webservers/wolke.cweiske.de

trepidity commented 10 years ago

That's a valid point. We probably should allow the user to trust the site manually. This could be a big deal for users hosting their own site.

Created https://trello.com/c/pxvdZlN6/1-support-untrusted-certificates-from-sync-server

cweiske commented 10 years ago

Yes, I use a certificate from cacert.org, whose root certificate is not included in most browsers/operating systems.

You can try it without SSL at http://nossl-wolke.cweiske.de/

gregor2005 commented 10 years ago

hi, i searched through the code to find a solution. is anybody else working on this? i'm not familiar with mono so i have to investigate a little bit of time to get into. after debugging the code and output webexception it looks like it is searching for somesthing special but it gets the html code. is the code of the osx project separated from the linux version? (i check the linux code because there it is working on my home workstation)

qirtaiba commented 10 years ago

Yes they are separate. You want this code: https://github.com/tomboy-notes/tomboy.osx

cweiske commented 10 years ago

@qirtaiba - try adding a slash at the end of the sync url.

qirtaiba commented 10 years ago

No joy. It doesn't give an error, but it doesn't do anything when I click "Authenticate". I get this in the webserver log:

208.90.213.162 - - [11/Nov/2014:06:49:46 +0800] "GET /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1" 200 356 "-" "-" 208.90.213.162 - - [11/Nov/2014:06:49:47 +0800] "POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1" 401 347 "-" "-"

After that when I choose "Sync Now" I get:

Sync Failed The sync was not successful. Please check the Sync Settings.

And if I try Authenticate again the application crashes.

cweiske commented 10 years ago

"GET /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1" 200 356 "-" "-"`

This means that tomboy.osx finally fetched the correct first file, which it did not before.

"POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1" 401 347 "-" "-"`

The HTTP status code 401 is an indication that something is wrong with the OAuth request (401 means unauthorized). Could you install wireshark to see what's happening there? It can will show you the actual HTTP response that's sent back to tomboy.osx from grauphel (try that on a connection without ssl).

See http://fotostore.cweiske.de/screenshots/2014-11-11%20wireshark%20http.png for a small explanation.

qirtaiba commented 10 years ago

I can't install wireshark because the machine is an OpenVZ container and I don't have the right permissions for that sort of low-level network access. But I installed something else called httpry and it returned this, does that help any?

2014-11-12 04:46:58.884 208.90.213.162 85.234.150.215 > GET www.malcolm.id.au /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1 - - 2014-11-12 04:46:59.007 85.234.150.215 208.90.213.162 < - - - HTTP/1.1 200 OK 2014-11-12 04:46:59.435 208.90.213.162 85.234.150.215 > POST www.malcolm.id.au /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1 - - 2014-11-12 04:46:59.564 85.234.150.215 208.90.213.162 < - - - HTTP/1.1 401 Unauthorized

cweiske commented 10 years ago

I need the full content (body) of the 401 response :/

qirtaiba commented 10 years ago

OK, got it now (I misunderstood that I should install Wireshark on the server, but I now understand that you meant on the client):

HTTP/1.1 401 Unauthorized Date: Tue, 11 Nov 2014 21:08:22 GMT Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2 X-Powered-By: PHP/5.4.4-14+deb7u11 Set-Cookie: oc1e0d67c158=ti1iauuree9geoclsfdt7481u1; path=/owncloud; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: Sameorigin Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src * X-Robots-Tag: none Content-Length: 346 Content-Type: text/html; charset=utf-8

oauth_problem=signature_invalid&debug_sbs=POST&http%3A%2F%2Fwww.malcolm.id.au%2Fowncloud%2Findex.php%2Fapps%2Fgrauphel%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A9001%252F%26oauth_consumer_key%3Danyone%26oauth_nonce%3D6815528%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1415740104%26oauth_version%3D1.0

cweiske commented 10 years ago

Ok, that's the same problem that @rashoodkhan commented on Oct 3.

rashoodkhan commented 10 years ago

Yes. I had captured the error by logging on the tomboy app itself. Does this seem an issue with tomboy-library service or the API service which grauphel provides?

cweiske commented 10 years ago

Since grauphel works fine with Tomboy, Tomdroid and Conboy, I suppose it's a problem with tomboy.osx or the library.

cweiske commented 10 years ago

@qirtaiba or @rashoodkhan: Could you please also paste the Authorization header that is sent with the POST request?

Since PLAINTEXT is used, the oauth_signature in the authorization header should only be

oauth_signature="anyone%26"
qirtaiba commented 10 years ago

POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1 Authorization: OAuth realm="Snowy",oauth_callback="http%3A%2F%2Flocalhost%3A9001%2F",oauth_consumer_key="anyone",oauth_nonce="8150851",oauth_signature="anyone%2526",oauth_signature_method="PLAINTEXT",oauth_timestamp="1415908783",oauth_version="1.0" Content-Type: application/json; charset=utf-8 Content-Length: 0 Host: www.malcolm.id.au

cweiske commented 10 years ago

Ha, there we have it!

oauth_signature="anyone%2526"

This is double encoded. It happens because OAuthConnection.cs#221 encodes the signature, and OAuthBase.cs#211 also urlencodes the signature. This double-encoding breaks it.

RFC 5849 section 2.1. Temporary Credentials has an example how it should look, and it looks single encoded:

   For example, the client makes the following HTTPS request:

     POST /request_temp_credentials HTTP/1.1
     Host: server.example.com
     Authorization: OAuth realm="Example",
        oauth_consumer_key="jd83jd92dhsh93js",
        oauth_signature_method="PLAINTEXT",
        oauth_callback="http%3A%2F%2Fclient.example.net%2Fcb%3Fx%3D1",
        oauth_signature="ja893SD9%26"

@rashoodkhan or @Dynalon: Can you remove the double encoding?

cweiske commented 9 years ago

@qirtaiba - could you try grauphel from git, branch tomboyosxfix? I've added a workaround for this bug.

qirtaiba commented 9 years ago

Well, from the grauphel side it now seems to work, thanks! But although getting further, it still didn't ultimately help. It says "The authentication with the server has been successful. You can sync with the web server now", but then when you try to sync the application immediately crashes.

Can I borrow someone's Rainy login to see if it crashes in the same way with a different server?

In case it helps here is some HTTP debugging after clicking "Sync":

Request:

GET /owncloud/index.php/apps/grauphel//api/1.0 HTTP/1.1 Accept: application/json Authorization: OAuth realm="Snowy",oauth_consumer_key="anyone",oauth_nonce="454019",oauth_signature_method="PLAINTEXT",oauth_timestamp="1416858300",oauth_version="1.0" Host: www.malcolm.id.au Accept-Encoding: gzip, deflate

Response:

HTTP/1.1 200 OK Date: Mon, 24 Nov 2014 19:44:31 GMT Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2 X-Powered-By: PHP/5.4.4-14+deb7u11 Set-Cookie: oc1e0d67c158=dh5rv64dte59jr341tmndqnj90; path=/owncloud; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: Sameorigin Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src * X-Robots-Tag: none Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

followed by the HTML of an ownCloud login page.

rashoodkhan commented 9 years ago

Timo has generated a lot of public usernames and password - http://dynalon.github.io/Rainy/#!PUBLIC_SERVER.md

qirtaiba commented 9 years ago

Yeah it works fine with Rainy. So, Grauphel sync bug persists.

cweiske commented 9 years ago

The problem here is the double slash: GET /owncloud/index.php/apps/grauphel//api/1.0, which is caused by the comment

@qirtaiba - try adding a slash at the end of the sync url. and which is ultimately bug #41.

Problem is now that either API detection does not work at all ("is not valid for syncing"), or syncing fails (double slash). If tomboy.osx would fix bug #41, it would work. But I don't have much hope since @rashoodkhan and friends already did not find the time to fix the trivial double encoding bug here :-/

cweiske commented 9 years ago

I tried to add a workaround in grauphel to allow the double slash in the URL, but ownCloud does not support that. Seems we really have to wait for bug #41 to get fixed.

cweiske commented 9 years ago

@qirtaiba: What do you get when opening /owncloud/index.php/apps/grauphel/api/1.0 in your browser?

trepidity commented 9 years ago

I will see if I can fix it Tuesday. Sorry for the delay.

qirtaiba commented 9 years ago

{"oauth_request_token_url":"https:\/\/www.malcolm.id.au\/owncloud\/index.php\/apps\/grauphel\/oauth\/request_token","oauth_authorize_url":"https:\/\/www.malcolm.id.au\/owncloud\/index.php\/apps\/grauphel\/oauth\/authorize","oauth_access_token_url":"https:\/\/www.malcolm.id.au\/owncloud\/index.php\/apps\/grauphel\/oauth\/access_token","api-version":"1.0"}

cweiske commented 9 years ago

@qirtaiba - ok, that does not explain why tomboy.osx does the api once correctly, and once wrongly :/ Seem to be two places in the code that the URL is built.

Ah, found them:

This needs to be fixed in #41.

trepidity commented 9 years ago

OK guys, give it a try. https://www.dropbox.com/s/98qonz4z2w9wr0d/Tomboy-osx%2341.zip?dl=0

MD5=d9b8acf5b5bdb2908496758fda9af057

You can see my changes at -> https://github.com/trepidity/tomboy-library/commit/41c1fac99b2b27bd1a76a1f9aff855cf3050f2e4

qirtaiba commented 9 years ago

It now authenticates, but crashes on sync.

cweiske commented 9 years ago

@qirtaiba - auth already worked with my workaround. The crash did also already happen. Could you repeat the HTTP debugging output again?

qirtaiba commented 9 years ago

Almost the same but look at the error in the GET below:

Request: GET /owncloud/index.php/apps/grauphelapi/1.0/ HTTP/1.1 Accept: application/json Authorization: OAuth realm="Snowy",oauth_consumer_key="anyone",oauth_nonce="2501748",oauth_signature_method="PLAINTEXT",oauth_timestamp="1417029380",oauth_version="1.0" Host: www.malcolm.id.au Accept-Encoding: gzip, deflate

Response: 200 OK Date: Wed, 26 Nov 2014 19:16:20 GMT Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2 X-Powered-By: PHP/5.4.4-14+deb7u11 Set-Cookie: oc1e0d67c158=m9b758t5t7np6ek755c5mu29s3; path=/owncloud; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: Sameorigin Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src * X-Robots-Tag: none Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

followed by the HTML of an ownCloud login page.

trepidity commented 9 years ago

But the server URL looks valid and the oauth_nonce="2501748" isn't encoded right?

qirtaiba commented 9 years ago

GET /owncloud/index.php/apps/grauphelapi/1.0/ doesn't look valid. (But whether or not I include a trailing slash, same result.)

cweiske commented 9 years ago

The URL isn't valid, that's right.

@trepidity - if you fix the oauth signature double encoding issue you can test on wolke.cweiske.de. I already sent you the login data via e-mail some time ago.

trepidity commented 9 years ago

Trying now.

trepidity commented 9 years ago

@cweiske Are you on chat somewhere? Skype, G+ Hangouts, IRC?

nedson commented 9 years ago

Would love to see this get fixed! Sending positive vibes to anyone working on this :-)

trepidity commented 9 years ago

I know, sorry!! Thinks at work are not behaving. Of course, more than willing for someone else to fix it :)

--  JJ

On December 8, 2014 at 5:37:30 PM, nedson (notifications@github.com) wrote:

Would love to see this get fixed! Sending positive vibes to anyone working on this :-)

nedson commented 9 years ago

:-) for now, running a tomboy virtualized to hack at my notes...thank you for your work! It is appreciated!