Failure in uploading/copying file to encrypted folder

[GitHubUser4234]

Hi,

Issue
Not sure whether they are related, but I have two issues:

1. Files cannot be uploaded to an encrypted folder.
2. File copied from a plain folder to an encrypted folder are not encrypted.

Setup
Client: Android 4.4.2, Nextcloud Android 3.0.0 RC1
Server: Centos 7, PHP 7.0, Nextcloud 13, end_to_end_encryption app 1.0.3

How to reproduce
Issue 1):
a) Create a new user on the server and login in Nextcloud Android
b) Create a new folder in Nextcloud Android
c) Mark the new folder as encrypted
d) Enter the new folder and choose a file to upload
e) An error appears with title "Upload failed" and message "Could not upload xxx"
f) Try it again and error appears with title "Upload failed" and message "Locked"

Issue 2):
a) Create a new folder
b) Mark the new folder as encrypted
c) Copy a file from a plain folder to the encrypted folder
d) Open the file on the server, it is not encrypted

I will send testing credentials to android at nextcloud dot com so you guys can check it out.

More info

It seems there are no meta-data created. In fact the whole data/appdata_ocfxxxxxx/end_to_end_encryption/meta-data/ folder is empty.

Please help, thanks a lot!

[tobiasKaminsky]

Issue 1 is strange and I currently do not know why it is happening. Do you see any error on server side log?
Issue 2 is indeed something to fix.

[GitHubUser4234]

Issue 1 is strange and I currently do not know why it is happening. Do you see any error on server side log?
Issue 2 is indeed something to fix.

Thanks for the reply 😃

About your question:

• Upon entering the entering the encrypted folder, the user is prompted to setup encryption. Until here, no error in Nextcloud log, but in the web server's access log it says:
  "GET /server/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key?format=json HTTP/1.1" 404 163
• When the user clicks the button to setup encryption: No error in Nextcloud log, and in the web server's access log it says:
  "POST /server/ocs/v2.php/apps/end_to_end_encryption/api/v1/public-key?format=json HTTP/1.1" 200 1194
"POST /server/ocs/v2.php/apps/end_to_end_encryption/api/v1/private-key?format=json HTTP/1.1" 200 3271
• When the user tries to upload a file to the encrypted folder: No error in Nextcloud log, but in the web server's access log it says:
  "HEAD /server/remote.php/webdav/encTest/ HTTP/1.1" 200 -
"PROPFIND /server/remote.php/webdav/encTest/ HTTP/1.1" 207 768
"GET /server/index.php/204 HTTP/1.1" 204 -
"POST /server/ocs/v2.php/apps/end_to_end_encryption/api/v1/lock/313?format=json HTTP/1.1" 200 148
"GET /server/ocs/v2.php/apps/end_to_end_encryption/api/v1/meta-data/313?format=json HTTP/1.1" 404 137
• When user tries to upload a file to the encrypted folder for a second time: The following error in Nextcloud log:
  {"reqId":"WmW95fNo@yLCUHGsl2@44gAAAAI","level":4,"time":"2018-01-22T10:33:09+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"tester","app":"webdav","method":"HEAD","url":"\/server\/remote.php\/webdav\/encTest\/","message":"Exception: {\"Exception\":\"OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Exception\\\\FileLocked\",\"Message\":\"file is locked\",\"Code\":403,\"Trace\":\"#0 [internal function]: OCA\\\\EndToEndEncryption\\\\Connector\\\\Sabre\\\\LockPlugin->checkLock(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(466): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(253): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response), false)\\n#4 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpHead(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#5 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#6 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:HEAD', Array)\\n#7 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#8 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(80): Sabre\\\\DAV\\\\Server->exec()\\n#9 \\\/var\\\/www\\\/nextcloud\\\/remote.php(162): require_once('\\\/var\\\/www\\\/nextcl...')\\n#10 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/end_to_end_encryption\\\/lib\\\/Connector\\\/Sabre\\\/LockPlugin.php\",\"Line\":127}","userAgent":"Mozilla\/5.0 (Android) Nextcloud-android\/3.0.0 RC1","version":"13.0.0.6"}
  and in the web server's access log it says:
  "GET /server/ocs/v1.php/cloud/user?format=json HTTP/1.1" 200 332
"HEAD /server/remote.php/webdav/encTest/ HTTP/1.1" 423 -
"PROPFIND /server/remote.php/webdav/encTest/ HTTP/1.1" 207 768

Thanks a lot!

[tobiasKaminsky]

Current "solution" for issue 2 is to disable it. This has a lot more impact, so we have to postpone this to Milestone2.

[tobiasKaminsky]

@schiessle this locks for me that first lock is working, but then server says that the folder is locked?

[GitHubUser4234]

Hi,

I found that it is definitely not server issue, but might be related to the Android version. I tried the same with Remix OS (Android 6.0.1) and uploading a file works, it is encrypted correctly.

[tobiasKaminsky]

Indeed strange.
Can you provide us additional infos via logcat on the non working device? https://github.com/nextcloud/android/blob/master/README.md#getting-debug-info-via-logcat

[aquaritus]

I have the same problem when I try to upload files to a newly created encrypted folder. The app complains missing permissions to create the file. But the user can upload the same file to a normal, not encrypted folder. Already tried different new user, problem is still there. Also removed the app and installed it new from Play Store as well as F-Droid.

Android Version: 8.1
App Version: 3.0.1
Server Version: 13

The corresponding logfile from the server:

Fatal | webdav | OCA\DAV\Connector\Sabre\Exception\Forbidden: client not allowed to access end-to-end encrypted content/homepages/41/d723950582/htdocs/nextcloud/apps/end_to_end_encryption/lib/Connector/Sabre/LockPlugin.php - line 124: OCA\EndToEndEncryption\Connector\Sabre\LockPlugin->checkUserAgent('Mozilla/5.0 (X1...', '/E2E')[internal function] OCA\EndToEndEncryption\Connector\Sabre\LockPlugin->checkLock(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/homepages/41/d723950582/htdocs/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)/homepages/41/d723950582/htdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)/homepages/41/d723950582/htdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))/homepages/41/d723950582/htdocs/nextcloud/apps/dav/appinfo/v1/webdav.php - line 80: Sabre\DAV\Server->exec()/homepages/41/d723950582/htdocs/nextcloud/remote.php - line 164: require_once('/homepages/41/d...'){main} -- | -- | --

[aquaritus]

Tried to make a logfile with logcat to help solving this issues. Hope this logifle is some kind of useful. The error was reproduced during the logging.

logcatOutput.txt

[tobiasKaminsky]

Have you setup encryption correctly? With 12 word pass phrase? Can you access existing files in an encrypted folder?

The error message indicates that somehow the server thinks that you access the encrypted folder without proper encryption keys and therefore blocks it.

[aquaritus]

Yes, since the update to 3.0.1 the setup of the encrypted folder works fine. Didn't try to access files, because I only tried to upload files to the encrypted folder using the android app. Which unfortunately doesn't work. Am 22. Februar 2018 09:52:33 MEZ schrieb Tobias Kaminsky <notifications@github.com>:

…

Have you setup encryption correctly? With 12 word pass phrase? Can you access existing files in an encrypted folder? The error message indicates that somehow the server thinks that you access the encrypted folder without proper encryption keys and therefore blocks it. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: #2023 (comment)

-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

[knelro]

Hi,
I have the same issue using the android client (v3.0.1).
From android client (Tested on 3 devices with android v4.4.4, 7.0 and 7.1.2):

• Setup encryption -> working
• Set an empty folder as encrypted -> working
• upload a file to an encrypted folder -> not working (errors as reported by aquaritus)
• upload a file to an unencrypted folder -> working
• create a folder inside an encrypted folder -> not working (same as for uploads)
• list files already present in encrypted folder -> not working (folder is shown as empty, results also in error: "OCA\DAV\Connector\Sabre\Exception\Forbidden: client not allowed to access end-to-end encrypted content")

From iOS client:

• Everything seems to work as intended - I can setup encrypted folders, list content, up- and download encrypted files

From Windows client:

• Everything seems to work as intended - I can setup encrypted folders, list content, up- and download encrypted files

Nextcloud "setup":
v 13.0.0
php 7.1
Centos 7 (SElinux enforcing -> tried permissive no change)
MariaDB
Apache

[stale]

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

[1989gironimo]

Wow, the whole e2e feature doesn't work properly until now, isn't a priority (which I understand, because you can only concentrate on a few issues, not every issue), but the tickets get closed automatically. I think the stale bot isn't an appropriate measure to handle longstanding issues. It should get flagged, but not closed.

[tobiasKaminsky]

The bot is intended to help us to find out which bugs are still valid / people respond, so that we can focus on this one.
(there are one time reported bugs which are 2 years old and never got any feedback after we asked).

Sidenote: I would have expected that this issue gets re-opened once you reply.

Have you tried it with latest version?

[1989gironimo]

Jep, still not working, updated the android client today from the f-droid repo (version 3.6.2 RC1) and am using Nextcloud: 15.0.5.3 on my server and the e2e app in version 1.1.0.

[tobiasKaminsky]

I tried it with 3.6.2 rc1 and NC16 and it is working.
Can you create us a test account, test if the problem occurs also there and if so send the credentials to tobias at nextcloud dot com with a reference to this issue?

[1989gironimo]

I can see those files and I can download the folder as well, but the content is just gibberish.

[stale]

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

[1989gironimo]

Cmon bot, I don't like you.

[1989gironimo]

Ok, I wasn't clear enough. This issue is still not fixed, can somebody open this ticket again?

[AndyScherzinger]

@1989gironimo @tobiasKaminsky I re-opened the issue, just in case (while I am not the right person to work on a fix)

[stale]

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

[1989gironimo]

Still doesn't work.

[stale]

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

[1989gironimo]

Ok, I'm getting used to playing git pong with the stale bot.

[stale]

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

[1989gironimo]

Still happening.

[PanRe]

Seems to be still an issue... i also can not upload a file to an encrypted folder which is a pitty.. this renders the encryption feature nearly useless :/

[AlvaroBrey]

Can anyone verify this on 3.21.0? There have been a bunch of fixes to e2e code recently

[AlvaroBrey]

Uploads to encrypted folders are working in current version. Also stay tuned for a lot more e2e UX improvements currently in progress.