Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New WEB app broking share links. #41213

Open
voodoovood opened this issue Mar 12, 2024 · 4 comments
Open

New WEB app broking share links. #41213

voodoovood opened this issue Mar 12, 2024 · 4 comments

Comments

@voodoovood
Copy link

Steps to reproduce

  1. latest owncloud on Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-100-generic x86_64), nginx version: nginx/1.18.0 (Ubuntu)
  2. follow the guide - https://doc.owncloud.com/webui/next/owncloud_web/web_with_oc_server.html
  3. change config.php
  4. 'web.baseUrl' => 'https:///index.php/apps/web',
  5. 'web.rewriteLinks' => true,

Expected behaviour

Just a new interface.

Actual behaviour

everything fine - public shares has been rewrited.
https://server/s/fdnfk34434fkkfndnkf -> https://server/login/ *------ awaiting login and password

Server configuration

Operating system: Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-100-generic x86_64)

Web server: nginx version: nginx/1.18.0 (Ubuntu)

from my point of view, there is some condition in rewrite of url on shares. 5. 'web.rewriteLinks' => true,

Database: mysql

PHP version:

ownCloud version: actual 10.14? i think

Updated from an older ownCloud or fresh install: updated

Where did you install ownCloud from: wget latest....

Signing status (ownCloud 9.0 and above): i dont know

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.
``` No errors have been found.
https://storage.special.sk/index.php/settings/integrity/failed


**The content of config/config.php:**

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
sudo -u www-data php occ config:list system
{
"system": {
"instanceid": "ocs7rq1jbjgk",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"storage.special.sk"
],
"datadirectory": "******************
"dbtype": "mysql",
"version": "10.14.0.3",
"dbname": "storage",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"logtimezone": "UTC",
"installed": true,
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_smtpmode": "smtp",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "25",
"mail_smtpname": "REMOVED SENSITIVE VALUE",
"mail_smtppassword": "REMOVED SENSITIVE VALUE",
"loglevel": 0,
"maintenance": false,
"theme": "",
"overwrite.cli.url": "",
"htaccess.RewriteBase": "/",
"memcache.local": "\OC\Memcache\Redis",
"memcached_servers": [
[
"localhost",
11211
]
],
"filelocking.enabled": true,
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "/var/run/redis/redis.sock",
"port": 0
},
"updater.secret": "REMOVED SENSITIVE VALUE",
"ldapIgnoreNamingRules": false,
"allow_user_to_change_mail_address": "",
"integrity.excluded.files": [
"core/img/logo-icon.svg",
"core/img/logo.svg",
"themes/owncloud/theme.json",
"resources/config/ca-bundle.crt"
]
}
}

ATTENTION: Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove all host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.


**List of activated apps:**

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.


**Are you using external storage, if yes which one:** local/smb/sftp/...

**Are you using encryption:** yes/no

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...

#### LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM oc_appconfig WHERE appid = 'user_ldap';

Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.


### Client configuration
**Browser:**

INDEPENDENT

**Operating system:**

INDEPENDENT

### Logs
#### Web server error log

Insert your webserver log here


#### ownCloud log (data/owncloud.log)

Insert your ownCloud log here


#### Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
@voodoovood
Copy link
Author

fcourse.

https://doc.owncloud.com/webui/next/owncloud_web/web_with_oc_server.html

'web.baseUrl' => 'https://myFQDN.country/index.php/apps/web',
'web.rewriteLinks' => true,

a have ignored

Optionally make ownCloud Web the default interface users see after they log in to ownCloud. By default, the regular web interface will be used. To make ownCloud Web the default, add the following line to the config/config.php file:
defaultapp' => 'web',

would just the leave users to switch.

removing
'web.baseUrl' => 'https://myFQDN.country/index.php/apps/web',
'web.rewriteLinks' => true,

revert the behavior of public share links to functional state.

@phil-davis
Copy link
Contributor

Which version of the "web" app are you running?

Note: https://owncloud.dev/clients/web/deployments/oc10-app/#compatibility
"Please note that the usage of Web UI and ownCloud 10 as backend is not recommended starting with version 7.1.0 of the Web UI. Therefore, this section only applies to versions < 7.1.0."

I have raised issue owncloud/docs-webui#167 to get that documented in the usual docs.

@voodoovood
Copy link
Author

Which version of the "web" app are you running?

Note: https://owncloud.dev/clients/web/deployments/oc10-app/#compatibility "Please note that the usage of Web UI and ownCloud 10 as backend is not recommended starting with version 7.1.0 of the Web UI. Therefore, this section only applies to versions < 7.1.0."

I have raised issue owncloud/docs-webui#167 to get that documented in the usual docs.

ownCloud 10.14.0 (stable)

@phil-davis
Copy link
Contributor

The "web" app should be version 7.x - I am expecting an answer like 7.0.3 or 7.1.0 or similar.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phil-davis @voodoovood