TOS breaks collabora #260
Comments
|
Did you accept the tos on a neighbour file before? |
|
I don't understand your question, I'm afraid. But, yes, the TOS have been accepted on that specific machine by that specific user. |
|
I can confirm the described behaviour for collabora and onlyoffice. As soon as I enable the app, documents cannot be opened anymore. When I disable the app, editing documents by using collabora / onlyoffice works again. |
|
does it happen for all files, or just shared files, etc? |
|
in my environmen, it happened for all files. I suspect that the 'ok' dialog that comes up when you login to a TOS-enabled cloud comes up as well for the connection that the lool server initiates to the nextcloud server after the file-open request from the user |
|
Yes, it makes no difference between shared / unshared documents. Here are the log lines which are produced afterwards the file could not be opened: OnlyOffice |
|
The new commit 0b7fcd2 does not change the behavior: Opening documents with Onlyoffice or Collabora is still not possible. |
|
I can not reproduce this with
|
The app and nextcloud versions are the same for me. But I uses the docker solution for OnlyOffice. Anyhow I don't believe it has any to do with the docker, because it works as soon as I disable TOS. Where comes the "Download without access right" of above error log from? Edit: The server certificate of the docker server is self-signed. I trust it in my browser so that the preview works. |
|
I#ve seen the same happening today with ONLYOFFICE where the TOS cache wrapper basically blocks the check if the file is readable in the download callback handler of the ONLYOFFICE app, though I cannot reproduce it locally on 1.6.1 nor master yet with the latest releases. I'll check back on the instance where this occured if there was maybe only a specific setting either tos_for_users or tos_on_public_shares enabled. |
|
long time and some versions later: This can be closed because TOS work perfectly along with COOL. |
|
It is still here! Nextcloud AIO v2.0.3 (NC 24.0.5) Possibly step to reproduce: Formated Errors:
After deleting second TOS (global), broken users are starting working fine. Three days of searching info in Collabora's threads, which was wrong :/ |
|
I put it on my todo list to check it again. |
|
Can you please post the following details, that would really help me debugging this:
|
|
Hi! In that case I have an error when trying to open document via Collabora. Now I'm removing global (polish in my case) ToS via NC GUI: OCC seems with no changes: But now Collabora opens documents. As I mentioned before the broken time is broken only for some users and have no idea what's making a difference among users. I'm not a developer, but fell free to ask for more. |
Maybe whether they signed it before opening the document? My colleague in the meantime added some code to the ToS app which makes sure that the ToS are triggered there before: Maybe that already solves it? Other than that I can still not reproduce the issue even with the information given above. The only thing that I can otherwise imagine is #691 but that was fixed in 1.10.2 |
|
I could reproduce this having a region (not global) set. The requests for Collabora always get checked against global ToS but without the user scope, so it might be that some users have the global signed (for those it works) and some only the polish (which doesn't work then). @nickvergessen I think the most sane thing to do would be to still allow the requests for /richdocuments/wopi/ as even with setting the correct user during the wopi requests, we could not be able to match the country code that the user had in the browser requests. Any preference on how to do that? I'd say with nextcloud/richdocuments#2559 it would be fine to only check against the request url, otherwise we probably need an event that TOS could dispatch so richdocuments could determine if the request ip is from the allow list. How the wopi allow list is handled in richdocuments https://github.com/nextcloud/richdocuments/blob/2eca85078cf46e2ed61fad070a625d9161ffd26f/lib/Middleware/WOPIMiddleware.php#L68-L81 |
I would prefer this over URL checking, but we could even combine it. |
|
Let me prepare a patch for this. |
|
@nickvergessen This seems to happen also with OnlyOffice. NC v24.0.9, TOS v1.10.2, OnlyOffice v7.5.8. |
|
Yeah, seems I forgot to make releases... Will queue a todo item for it |
|
Still happening in v2.5.0 {
"reqId": "GWDTcDbWLJfR2z3wFYRt",
"level": 3,
"time": "2024-09-20T12:20:53+00:00",
"remoteAddr": "::ffff:212.46.103.227",
"user": "--",
"app": "richdocuments",
"method": "GET",
"url": "/index.php/apps/richdocuments/wopi/files/2781_ocylie5fucfr/contents?
"message": "getFile failed: ",
"userAgent": "COOLWSD HTTP Agent 24.04.6.3",
"version": "29.0.7.2",
"exception": {
"Exception": "OCP\\Files\\NotPermittedException",
"Message": "",
"Code": 0,
"Trace": [{
"file": "/var/www/nextcloud/apps/richdocuments/lib/Controller/WopiController.php",
"line": 385,
"function": "fopen",
"class": "OC\\Files\\Node\\File",
"type": "->",
"args": ["rb"]
}, {
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 232,
"function": "getFile",
"class": "OCA\\Richdocuments\\Controller\\WopiController",
"type": "->",
"args": ["2781", "j0g9sGbmdmHv7zi4938DtTxfZ9GZu65V"]
}, {
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 138,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->",
"args": [
["OCA\\Richdocuments\\Controller\\WopiController"], "getFile"
]
}, {
"file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
"line": 184,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->",
"args": [
["OCA\\Richdocuments\\Controller\\WopiController"], "getFile"
]
}, {
"file": "/var/www/nextcloud/lib/private/Route/Router.php",
"line": 331,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::",
"args": ["OCA\\Richdocuments\\Controller\\WopiController", "getFile", ["OC\\AppFramework\\DependencyInjection\\DIContainer"],
["2781_ocylie5fucfr", "richdocuments.wopi.getfile"]
]
}, {
"file": "/var/www/nextcloud/lib/base.php",
"line": 1058,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->",
"args": ["/apps/richdocuments/wopi/files/2781_ocylie5fucfr/contents"]
}, {
"file": "/var/www/nextcloud/index.php",
"line": 49,
"function": "handleRequest",
"class": "OC",
"type": "::",
"args": []
}],
"File": "/var/www/nextcloud/lib/private/Files/Node/File.php",
"Line": 120,
"message": "getFile failed: ",
"exception": {},
"CustomMessage": "getFile failed: "
}
} |
see issue nextcloud/richdocuments#681 : when TOS is activated, Collabora is broken.
(unchanged with Version 1.3.1)
The text was updated successfully, but these errors were encountered: