You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Loading a document fails initially when using an oauth2 proxy in front of collabora. Nextcloud will show this error:
Failed to read document from storage, please try to load the document again.
Please check the Collabora Online server log for more details and make sure that Nextcloud can be reached from there.
When making the first request to collabora (http://collabora.example.org/browser/a7d2941/cool.html?WOPISrc=http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg&title=%2Ftesting.odt&lang=en&closebutton=1&revisionhistory=1) and not being authenticated by the authproxy a 302 redirect will be received by the browser and the user gets authenticated (and after that of course being redirected to the original URL resulting in a HTTP 200 response).
This seems to cause that the following websocket request doesn't contain the access_token which results in an error in the collabora server (see collabora log).
Uncaught error: OCA\Richdocuments\Db\WopiMapper::getWopiForToken(): Argument #1 ($token) must be of type string, null given, called in /var/www/html/custom_apps/richdocuments/lib/Middleware/WOPIMiddleware.php on line 81 in file '/var/www/html/custom_apps/richdocuments/lib/Db/WopiMapper.php' line 142
After this initial request (for example when just refreshing) the access token is included in the URL and loading a document works: ws://collabora.example.org/cool/http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg%3Faccess_token%3DiT6UfHIWmtxxxxxxn5A5zf%26access_token_ttl%3D0/ws?WOPISrc=http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg&compat=/ws
Is there any way to make the first request work?
To Reproduce
Steps to reproduce the behavior:
run oauth2-proxy in front of collabora
try to open any document
document is not loading, when the user is not authenticated already
Expected behavior
Document loads after authentication is done without having to refresh.
Client details:
Browser Firefox, Chrome
Server details
Nextcloud version:
28.0.3 Version of the richdocuments app
8.3.2 Version of Collabora Online
23.05.8.2.1 Configuration of the richdocuments app
Uncaught error: OCA\Richdocuments\Db\WopiMapper::getWopiForToken(): Argument #1 ($token) must be of type string, null given, called in /var/www/html/custom_apps/richdocuments/lib/Middleware/WOPIMiddleware.php on line 81 in file '/var/www/html/custom_apps/richdocuments/lib/Db/WopiMapper.php' line 142
Collabora log
wsd-00009-00247 2024-04-08 14:47:46.519162 +0000 [ docbroker_017 ] ERR No HTTP Authorization type detected. Assuming no authorization needed. Specify access_token to set the Authorization Bearer header.| common/Authorization.cpp:86
frk-00029-00029 2024-04-08 14:47:46.519371 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:529
wsd-00009-00247 2024-04-08 14:47:46.549027 +0000 [ docbroker_017 ] ERR WOPI::CheckFileInfo failed for URI [http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg]: 500 (Internal Server Error) Internal Server Error. Headers: Date: Mon, 08 Apr 2024 14:47:46 GMT / Server: Apache/2.4.57 (Debian) / Referrer-Policy: no-referrer / X-Content-Type-Options: nosniff / X-Frame-Options: SAMEORIGIN / X-Permitted-Cross-Domain-Policies: none / X-Robots-Tag: noindex, nofollow / X-XSS-Protection: 1; mode=block / X-Powered-By: PHP/8.2.16 / Set-Cookie: ocr50ypxrjmg=2b22babf4be66b76a62512892acd67ed; path=/; HttpOnly; SameSite=Lax / Expires: Thu, 19 Nov 1981 08:52:00 GMT / Cache-Control: no-cache, no-store, must-revalidate / Pragma: no-cache / Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / X-Request-Id: 0xiQKJB9Yv2sJcCLGeIf / Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / Content-Length: 19 / Connection: close / Content-Type: application/json; charset=utf-8 Body: [{"message":"Error"}]| wsd/Storage.cpp:708
wsd-00009-00247 2024-04-08 14:47:46.549088 +0000 [ docbroker_017 ] ERR loading document exception: WOPI::CheckFileInfo failed: {"message":"Error"}| wsd/DocumentBroker.cpp:2679
wsd-00009-00247 2024-04-08 14:47:46.549104 +0000 [ docbroker_017 ] ERR Failed to add session to [http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg] with URI [http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg]: WOPI::CheckFileInfo failed: {"message":"Error"}| wsd/DocumentBroker.cpp:2641
wsd-00009-00247 2024-04-08 14:47:46.549118 +0000 [ docbroker_017 ] ERR Storage error while starting session on http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg for socket #18. Terminating connection. Error: WOPI::CheckFileInfo failed: {"message":"Error"}| wsd/COOLWSD.cpp:5434
wsd-00009-00247 2024-04-08 14:47:46.556158 +0000 [ docbroker_017 ] ERR #26: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1137
wsd-00009-00247 2024-04-08 14:47:46.556189 +0000 [ docbroker_017 ] WRN #26: Unassociated Kit (233) disconnected unexpectedly| wsd/COOLWSD.cpp:3851
wsd-00009-00249 2024-04-08 14:47:46.728920 +0000 [ docbroker_018 ] ERR No HTTP Authorization type detected. Assuming no authorization needed. Specify access_token to set the Authorization Bearer header.| common/Authorization.cpp:86
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
wsd-00009-00249 2024-04-08 14:47:46.754493 +0000 [ docbroker_018 ] ERR WOPI::CheckFileInfo failed for URI [http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg?permission=edit]: 500 (Internal Server Error) Internal Server Error. Headers: Date: Mon, 08 Apr 2024 14:47:46 GMT / Server: Apache/2.4.57 (Debian) / Referrer-Policy: no-referrer / X-Content-Type-Options: nosniff / X-Frame-Options: SAMEORIGIN / X-Permitted-Cross-Domain-Policies: none / X-Robots-Tag: noindex, nofollow / X-XSS-Protection: 1; mode=block / X-Powered-By: PHP/8.2.16 / Set-Cookie: ocr50ypxrjmg=a0a9eac0b802a0a60c8b751a30b401b9; path=/; HttpOnly; SameSite=Lax / Expires: Thu, 19 Nov 1981 08:52:00 GMT / Cache-Control: no-cache, no-store, must-revalidate / Pragma: no-cache / Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / X-Request-Id: gGOmbYwF3TdgBV6dt8JM / Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / Content-Length: 19 / Connection: close / Content-Type: application/json; charset=utf-8 Body: [{"message":"Error"}]| wsd/Storage.cpp:708
wsd-00009-00249 2024-04-08 14:47:46.754562 +0000 [ docbroker_018 ] ERR loading document exception: WOPI::CheckFileInfo failed: {"message":"Error"}| wsd/DocumentBroker.cpp:2679
wsd-00009-00249 2024-04-08 14:47:46.754581 +0000 [ docbroker_018 ] ERR Failed to add session to [http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg] with URI [http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg?permission=edit]: WOPI::CheckFileInfo failed: {"message":"Error"}| wsd/DocumentBroker.cpp:2641
wsd-00009-00249 2024-04-08 14:47:46.754599 +0000 [ docbroker_018 ] ERR Storage error while starting session on http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg for socket #25. Terminating connection. Error: WOPI::CheckFileInfo failed: {"message":"Error"}| wsd/COOLWSD.cpp:5434
wsd-00009-00249 2024-04-08 14:47:46.761977 +0000 [ docbroker_018 ] ERR #18: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1137
wsd-00009-00249 2024-04-08 14:47:46.762004 +0000 [ docbroker_018 ] WRN #18: Unassociated Kit (248) disconnected unexpectedly| wsd/COOLWSD.cpp:3851
frk-00029-00029 2024-04-08 14:47:46.779736 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:529
The text was updated successfully, but these errors were encountered:
k-jell
changed the title
Document loading fails when using oauth2 proxy for collabora - no acces token is sent (302 redirect breaking it?)
Document loading fails when using oauth2 proxy for collabora - no access token is sent (302 redirect breaking it?)
Apr 8, 2024
Describe the bug
Loading a document fails initially when using an oauth2 proxy in front of collabora. Nextcloud will show this error:
When making the first request to collabora (
http://collabora.example.org/browser/a7d2941/cool.html?WOPISrc=http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg&title=%2Ftesting.odt&lang=en&closebutton=1&revisionhistory=1
) and not being authenticated by the authproxy a 302 redirect will be received by the browser and the user gets authenticated (and after that of course being redirected to the original URL resulting in a HTTP 200 response).This seems to cause that the following websocket request doesn't contain the
access_token
which results in an error in the collabora server (see collabora log).Request URL:
ws://collabora.example.org/cool/http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg/ws?WOPISrc=http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg&compat=/ws
In the nextcloud logs this error appears:
After this initial request (for example when just refreshing) the access token is included in the URL and loading a document works:
ws://collabora.example.org/cool/http%3A%2F%2F10.10.10.1%3A9999%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1717_ocr50ypxrjmg%3Faccess_token%3DiT6UfHIWmtxxxxxxn5A5zf%26access_token_ttl%3D0/ws?WOPISrc=http://10.10.10.1:9999/index.php/apps/richdocuments/wopi/files/1717_ocr50ypxrjmg&compat=/ws
Is there any way to make the first request work?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Document loads after authentication is done without having to refresh.
Client details:
Server details
Nextcloud version:
28.0.3
Version of the richdocuments app
8.3.2
Version of Collabora Online
23.05.8.2.1
Configuration of the richdocuments app
Logs
Nextcloud log (data/nextcloud.log)
Collabora log
The text was updated successfully, but these errors were encountered: