Bug 436372 - Cannot synchronize with my Nextcloud carddav/caldav
Summary: Cannot synchronize with my Nextcloud carddav/caldav
Status: RESOLVED UNMAINTAINED
Alias: None
Product: korganizer
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Arch Linux Linux
: NOR major
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-29 20:03 UTC by Olivier Churlaud
Modified: 2022-07-26 10:02 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Churlaud 2021-04-29 20:03:30 UTC
SUMMARY
I set the URI of the instance, with my login and password (it works on my smartphone with DAVx5, I tried with Evolution and it works as well).

When I try to synchronize the caldav or carddav it korganizer tells me either:

org.kde.pim.davresource: Unable to fetch collections 300 "There was a problem with the request.\nHTTP error (0)."

or 

org.kde.pim.davresource: Unable to fetch collections 300 "There was a problem with the request.\nInvalid username/password (401)."

On nextcloud side I get this (the userAgent is strange, the user as well : as if kdav was not sending the correct headers.

{"reqId":"YIsN2nk4gdZ-H3aSmnRSNwAAADQ","level":0,"time":"2021-04-29T21:49:46+02:00","remoteAddr":"2001:861:4000:870:6dee:25e:5bf0:f774","user":"--","app":"contacts","method":"PROPFIND","url":"/remote.php/dav/","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"--","version":"21.0.1.1"}
{"reqId":"YIsN2nk4gdZ-H3aSmnRSNwAAADQ","level":0,"time":"2021-04-29T21:49:47+02:00","remoteAddr":"2001:861:4000:870:6dee:25e:5bf0:f774","user":"--","app":"encryption","method":"PROPFIND","url":"/remote.php/dav/","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"--","version":"21.0.1.1"}
{"reqId":"YIsN2nk4gdZ-H3aSmnRSNwAAADQ","level":0,"time":"2021-04-29T21:49:47+02:00","remoteAddr":"2001:861:4000:870:6dee:25e:5bf0:f774","user":"--","app":"files_sharing","method":"PROPFIND","url":"/remote.php/dav/","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"--","version":"21.0.1.1"}
{"reqId":"YIsN2nk4gdZ-H3aSmnRSNwAAADQ","level":0,"time":"2021-04-29T21:49:47+02:00","remoteAddr":"2001:861:4000:870:6dee:25e:5bf0:f774","user":"--","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/","message":{"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured","Code":0,"Trace":[{"file":"/home/churlaud/cloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/home/churlaud/cloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/home/churlaud/cloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/home/churlaud/cloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/home/churlaud/cloud/apps/dav/lib/Server.php","line":332,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/home/churlaud/cloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"/home/churlaud/cloud/remote.php","line":167,"args":["/home/churlaud/cloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/home/churlaud/cloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","Line":154,"CustomMessage":"--"},"userAgent":"--","version":"21.0.1.1"}

STEPS TO REPRODUCE
1. Setup your nexcloud carddav credentials
2. Try to fetch the data

OBSERVED RESULT
It fails

EXPECTED RESULT
The data is fetched
Comment 1 Olivier Churlaud 2021-05-02 09:49:16 UTC
I tested manually with this command:

curl -v -X PROPFIND -H "Content-Type: application/xml" -u $USER https://$HOSTNAME/remote.php/dav/principals/users/$USER/

(password being given with the prompt)

and it returns an 200 status, not an 401, so I think the issue is somewhere in the korganizer -> kdav stack, during the query.

I tracked the issue to the DavCollectionsFetchJobPrivate::doCollectionsFetch method, and everything seemed fine. I wonder if the queries are correct (headers etc) but cannot find how to debug further.
Comment 2 Olivier Churlaud 2021-05-09 17:58:25 UTC
Debugging let me know that no authentication header is sent. 

With debugging qDebug() I found that my login and password are correct. 

I don't understand the logic to the authenticationHeader() method to debug further yet.
Comment 3 Olivier Churlaud 2021-05-09 19:38:31 UTC
Request to nextcloud  after which there is no authent

HTTP/1.1 401 Unauthorized
Date: Sun, 09 May 2021 19:14:27 GMT
Content-Type: application/xml; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache
X-Powered-By: PHP/7.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src none;
WWW-Authenticate: Basic realm=\"Nextcloud\", charset=\"UTF-8\"
Set-Cookie: oc_sessionPassphrase=8gUy4Ito5NUrvFD6li5%2BI%2Bt7APjHejTGdg3jj3UVwya2x%2FHCQc4g1hB8%2Bukb2po7SlTff03IY%2FWHY4VpXKJNtQAEmJmHw5i4F7NAFtfUNKnPc8E3aN%2FxVO1qqBeHpimE; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: oc9yvoa3r8f0=c492aa6aa18a95b08c9ce9ef57b2ed4a; path=/; secure; HttpOnly; SameSite=Lax
Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict


Request to baikal after which there is an authentication

HTTP/1.1 401 Unauthorized
Date: Sun, 09 May 2021 19:13:28 GMT
Content-Type: application/xml; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache
X-Powered-By: PHP/7.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Sabre-Version: 4.1.4
Vary: Brief,Prefer
DAV: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, calendar-access, calendar-proxy, calendar-auto-schedule, calendar-availability, resource-sharing, calendarserver-sharing, addressbook
WWW-Authenticate: Basic realm=\"sabre/dav\", charset=\"UTF-8\"
Set-Cookie: PHPSESSID=1978132ff2ee1d55a485fd552e3653d7; path=/; HttpOnly


Something else that might be useful: while connecting to nextcloud it fails to retrieve the Chunk:

kf.kio.slaves.http: isError= false needCredentials= true forceKeepAlive= false forceDisconnect= false
kf.kio.slaves.http: before fixup "application/xml"
kf.kio.slaves.http: after fixup "application/xml"
kf.kio.slaves.http: "-1" bytes left.
kf.kio.slaves.http: Chunk size = 557 bytes
kf.kio.slaves.http: bytesReceived: 557  m_iSize: -1  Chunked: true  BytesLeft: -1
kf.kio.slaves.http: Failed to read chunk header.
kf.kio.slaves.http: bytesReceived: -1  m_iSize: -1  Chunked: true  BytesLeft: -1
kf.kio.slaves.http: bytesReceived==-1 sz= 557  Connection broken !
Comment 4 Olivier Churlaud 2021-06-27 14:46:56 UTC
How can I help you to help me?
Comment 5 Nate Graham 2021-07-22 18:23:40 UTC
What app are you using? KMail? Something else?
Comment 6 Olivier Churlaud 2021-07-22 20:16:55 UTC
I'm using KOrganizer, Evolution, DAVx5.

Only KOrganiser is failing to retrieve my contacts and agendas.
Comment 7 Nate Graham 2021-07-22 20:55:22 UTC
Thanks.
Comment 8 Riccardo Robecchi 2021-08-02 16:48:31 UTC
Seems like I have the same or at least a very similar problem, as trying to set up a new calendar on Nextcloud fails with an HTTP 401 error. It works perfectly well with my phone with DAVx5 on my install as well.
I'm marking this as confirmed.
Comment 9 Riccardo Robecchi 2021-09-03 15:24:10 UTC
This persists even with the latest version of KDE Gear (21.08) and KDE Frameworks (5.85.0).
Comment 10 Riccardo Robecchi 2021-09-28 11:37:02 UTC
I just found out that the issue in my case was that I was using the two factor authentication and that's not supported by KOrganizer, so I had to create an app-specific password. Once I used that I had no problem whatsoever. Olivier, are you by any chance using 2FA?
I'm changing this back to "reported".
Comment 11 Olivier Churlaud 2021-09-28 18:50:04 UTC
No, I don't use 2FA
Comment 12 Olivier Churlaud 2022-02-20 17:57:54 UTC
It's still not working. In undestand it's a strange behavior on my provider side, but i'd like to fix it (and to help doing so).

Can someone give me some pointers? Thx
Comment 13 Bug Janitor Service 2022-03-13 21:26:50 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/kio/-/merge_requests/784
Comment 14 Olivier Churlaud 2022-07-26 10:02:16 UTC
I ditched nextcloud, now with baikal everything works fine. I canceled my Mr as well