Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ERROR] NC20 and sidebar --> How-To? #188

Closed
aheider opened this issue Apr 22, 2021 · 12 comments
Closed

[ERROR] NC20 and sidebar --> How-To? #188

aheider opened this issue Apr 22, 2021 · 12 comments

Comments

@aheider
Copy link

aheider commented Apr 22, 2021

Dear all,
I set up a nextcloud instance using docker with compose and letsencrypt SSL certificates (works since ages). It is running on NC20.
I recently updated the NC app container with the dependencies according to the LibreSign app and I added a CFSSL container.
I installed the LibreSign app from the app store (version 2.2.1) --> installed smoothly
I added Email details in NC admin section --> test email got through without issues.
I added CFSSL details in NC admin section as follows:
grafik
--> root certificate was issued successfully and I could see it in the /cfssl folder

I created a new "abonnement" for a given email address as follows:
grafik
--> created successfully
grafik

I tried to sign the Nextcloud Manual.pdf:
grafik

The result was this, which reads "document could not be signed":
grafik

In the logs I see the following errors:
`[index] Error: Exception: Call to a member function loadKeys() on null at <>
0. /var/www/html/lib/private/AppFramework/App.php line 152
OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")

  1. /var/www/html/lib/private/Route/Router.php line 309
    OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
  2. /var/www/html/lib/base.php line 1008
    OC\Route\Router->match("/apps/libresign ... e")
  3. /var/www/html/index.php line 37
    OC::handleRequest()
    GET /apps/libresign/api/0.1/admin/certificate
    from MYIP by andreas at 2021-04-22T14:55:01+00:00

[PHP] Error: Error: Undefined property: OCA\Libresign\Controller\AdminController::$service at /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php#74 at <>
0. /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php line 74
OC\Log\ErrorHandler::onError(8, "Undefined prope ... e", "/var/www/html/c ... p", 74, [])

  1. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 169
    OCA\Libresign\Controller\AdminController->loadCertificate()
  2. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 100
    OC\AppFramework\Http\Dispatcher->executeController(OCA\Libresign\Co ... }}, "loadCertificate")
  3. /var/www/html/lib/private/AppFramework/App.php line 152
    OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")
  4. /var/www/html/lib/private/Route/Router.php line 309
    OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
  5. /var/www/html/lib/base.php line 1008
    OC\Route\Router->match("/apps/libresign ... e")
  6. /var/www/html/index.php line 37
    OC::handleRequest()
    GET /apps/libresign/api/0.1/admin/certificate
    from MYIP by andreas at 2021-04-22T14:55:01+00:00

[index] Error: Exception: Call to a member function loadKeys() on null at <>
0. /var/www/html/lib/private/AppFramework/App.php line 152
OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")

  1. /var/www/html/lib/private/Route/Router.php line 309
    OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
  2. /var/www/html/lib/base.php line 1008
    OC\Route\Router->match("/apps/libresign ... e")
  3. /var/www/html/index.php line 37
    OC::handleRequest()
    GET /apps/libresign/api/0.1/admin/certificate
    from MYIP by andreas at 2021-04-22T14:41:17+00:00

[PHP] Error: Error: Undefined property: OCA\Libresign\Controller\AdminController::$service at /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php#74 at <>
0. /var/www/html/custom_apps/libresign/lib/Controller/AdminController.php line 74
OC\Log\ErrorHandler::onError(8, "Undefined prope ... e", "/var/www/html/c ... p", 74, [])

  1. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 169
    OCA\Libresign\Controller\AdminController->loadCertificate()
  2. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 100
    OC\AppFramework\Http\Dispatcher->executeController(OCA\Libresign\Co ... }}, "loadCertificate")
  3. /var/www/html/lib/private/AppFramework/App.php line 152
    OC\AppFramework\Http\Dispatcher->dispatch(OCA\Libresign\Co ... }}, "loadCertificate")
  4. /var/www/html/lib/private/Route/Router.php line 309
    OC\AppFramework\App::main("OCA\Libresign\ ... r", "loadCertificate", OC\AppFramework\ ... {}, {_route: "libres ... "})
  5. /var/www/html/lib/base.php line 1008
    OC\Route\Router->match("/apps/libresign ... e")
  6. /var/www/html/index.php line 37
    OC::handleRequest()
    GET /apps/libresign/api/0.1/admin/certificate
    from MYIP by andreas at 2021-04-22T14:41:17+00:00
    `

What have I done wrong?
Was this suppossed to happen?
How can I fix this (on NC20 including use of the sidebar?
If this is not possible, what is the alternative?

THank you so much!

@vitormattos
Copy link
Member

Hi @aheider!

Grateful for the contact and I am very happy that you are testing LibreSign, it is an app that we believe can be very useful for thousands of people.

At the moment this option to sign as shown in your print is not working because it was a proof of concept that we did using jQuery, we need to rewrite this part of the application using VueJS #60 which is the framework adopted as standard in the newer versions of Nextcloud .

For now the start of the signature flow is only working well with requests for API as described in the documentation: https://libresign.github.io/libresign/Getting-started.html

There is also an identified problem described in this issue #170. The creation of the signature file as it is in the print you sent is also a proof of concept that in a future version will be removed and simplified with a screen listing all documents and their status #5.

To test, make a request as described in the link I sent above. Make the request for someone with an email that does not have an account on your Nextcloud instance. This person will receive an email asking them to sign the document.

@aheider
Copy link
Author

aheider commented Apr 22, 2021

Ok, thanks.
I now tried the following:

curl -X POST \ http://MYNC.URL/index.php/apps/libresign/api/0.1/webhook/register \ -H 'Accept: application/json' \ -H 'Authorization: Basic BASE64OFUSER:PASS' \ -H 'Content-Type: application/json' \ -d '{ "file":{ "url":"https://MYNC.URL/s/LnRqEjngG7BHsMT" }, "name":"Nextcloud Manual", "callback":"https://test.coop/callbackWebhook", "users":[ { "display_name":"My Name", "email":"my.email@mailserver.org", "description":"sign here to test LibreSign App" } ] }'

But what I got was:
`

<title>301 Moved Permanently</title>

301 Moved Permanently


nginx/1.17.6 `

I also tried https://MYNC.URL/s/LnRqEjngG7BHsMT/download for a direct download link, which gives the same error.
And I tried for the webhook http://MYNC.URL/index.php/apps/libresign/api/v1.0/webhook/register as this was indicated in the first paragraph of the Guide.

So could it be that the webhook URL is the wrong one?
I guess the authentication works, because the response does not seem so.
Do we need a direkt URL to a PDF file (like with the "/download")?
The callback URL is optional and it would work without this, right?

A minimum working example that gets me to sign a sample doc would be really great. But I think I will get there if I get 2 more hints or so B-)

@vitormattos
Copy link
Member

I have not yet identified the exact reason but in some cases when the HTTP protocol of the PDF URL is HTTPS, it returns 302 and does not download the PDF. You can use either the url or base64 of the file when making the request to the API.

If you are not going to use any callback webhook you can remove this parameter from json.

@aheider
Copy link
Author

aheider commented Apr 22, 2021

Ok, funny thing:
When I just set "https" as protocol, I don't get an error message back but I also don't get back ANYTHING. Not too bad but I also don't get an email.

Any additional tipps? What to try next?

@vitormattos
Copy link
Member

I made some recent adjustments that are in the main branch and maybe they will solve with what you reported in the last message, I will generate a new release.

@vitormattos
Copy link
Member

There, I just published a new release. Update and see if the request works.

@aheider
Copy link
Author

aheider commented Apr 23, 2021

Ok. I got further now!

FIrst, I tried this POST:
curl -X POST \ https://mync.url/index.php/apps/libresign/api/0.1/webhook/register \ -H 'Accept: application/json' \ -H 'Authorization: Basic base64ofuser:pass' \ -H 'Content-Type: application/json' \ -d '{ "file":{ "url":"https://mync.url/s/LnRqEjngG7BHsMT/download" }, "name":"Nextcloud Manual", "callback":"https://test.coop/callbackWebhook", "users":[ { "display_name":"My Name", "email":"myemail@mailserver.org", "description":"sign here to test LibreSign App" } ] }'

--> message: invalid PDF

I searched for a really small PDF in base64 encoding and tried:
curl -X POST \ https://mync.url/index.php/apps/libresign/api/0.1/webhook/register \ -H 'Accept: application/json' \ -H 'Authorization: Basic base64ofuser:pass' \ -H 'Content-Type: application/json' \ -d '{ "file":{ "base64":"JVBERi0xLjcKCjEgMCBvYmogICUgZW50cnkgcG9pbnQKPDwKICAvVHlwZSAvQ2F0YWxvZwogIC9QYWdlcyAyIDAgUgo+PgplbmRvYmoKCjIgMCBvYmoKPDwKICAvVHlwZSAvUGFnZXMKICAvTWVkaWFCb3ggWyAwIDAgMjAwIDIwMCBdCiAgL0NvdW50IDEKICAvS2lkcyBbIDMgMCBSIF0KPj4KZW5kb2JqCgozIDAgb2JqCjw8CiAgL1R5cGUgL1BhZ2UKICAvUGFyZW50IDIgMCBSCiAgL1Jlc291cmNlcyA8PAogICAgL0ZvbnQgPDwKICAgICAgL0YxIDQgMCBSIAogICAgPj4KICA+PgogIC9Db250ZW50cyA1IDAgUgo+PgplbmRvYmoKCjQgMCBvYmoKPDwKICAvVHlwZSAvRm9udAogIC9TdWJ0eXBlIC9UeXBlMQogIC9CYXNlRm9udCAvVGltZXMtUm9tYW4KPj4KZW5kb2JqCgo1IDAgb2JqICAlIHBhZ2UgY29udGVudAo8PAogIC9MZW5ndGggNDQKPj4Kc3RyZWFtCkJUCjcwIDUwIFRECi9GMSAxMiBUZgooSGVsbG8sIHdvcmxkISkgVGoKRVQKZW5kc3RyZWFtCmVuZG9iagoKeHJlZgowIDYKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDAwMDEwIDAwMDAwIG4gCjAwMDAwMDAwNzkgMDAwMDAgbiAKMDAwMDAwMDE3MyAwMDAwMCBuIAowMDAwMDAwMzAxIDAwMDAwIG4gCjAwMDAwMDAzODAgMDAwMDAgbiAKdHJhaWxlcgo8PAogIC9TaXplIDYKICAvUm9vdCAxIDAgUgo+PgpzdGFydHhyZWYKNDkyCiUlRU9G" }, "name":"Nextcloud Manual", "callback":"https://test.coop/callbackWebhook", "users":[ { "display_name":"My Name", "email":"mymail@mailserver.org", "description":"sign here to test LibreSign App" } ] }'

--> {"message":"Erfolgreich","data":{"uuid":"c54338bf-86d3-4318-9555-0b141ea89f9d"}}
--> I got an email!
--> I clicked on the link
--> I got to the sign page
--> I wrote the signature password
--> I got "Signature FIle Not Found"

By what means does LibreSign find the right signature file (and in there the password or a hash) in my Nextcloud instance? What I did was use the NC app from within NC to create a "pfx" file in the folder /files/signatures/My Name.pfx
What could have gone wrong now? NC did not throw any errors at all.

What I also learned was:

  • you must set "https" explicitely, otherwise it won't work at least if you are using SSL
  • you must set the "name" field, otherwise it gives an error

@aheider
Copy link
Author

aheider commented Apr 23, 2021

when I use an email address that is not one of the NC users, and I have it previously registered, I get:
`404
Dies ist nicht deine Datei

Es tut uns leid, aber die Seite, nach der du suchst, existiert nicht, wurde entfernt, verschoben oder ist vorübergehend nicht verfügbar.`

--> "404 This is not your file..."

Questions:

  • is it required that the signing email user is preregistered using the within NC LibreSign Register app?
  • if so, what to do if several "pfx" files with the same email address have been registered? Can I simply delete the "pfx" files and they are gone? Can I "erase" parts of the database or so?
  • if preregistering from within NC LibreSign app is NOT NECCESSARY, what is the process to register?
  • how can I overcome the "This is not your file" situation?

I think I am almost there!
But I still need some help...

Thank you so much.

@aheider
Copy link
Author

aheider commented Apr 23, 2021

So...

I figured out that you need to logout from any open NC connections in your browser, otherwise, this won#t work and NC/LibreSign thinks you are the already logged in person!

I tried with an up to now untouched email address in the POST ---> I got the email --> clicked the link --> got the "REGISTER NEW USER" page, which is the first time ---> inserted details ---> clicked the button (with spanish text) --> This is not your file

I tried a new POST request with an email address which has been preregistered in NC/LibreSign --> logged out --> got the mail --> clicked the link --> register account page --> entered details --> clicked the button (spanish text) --> internal server error, contact admin --> error in the log of NC:
{"reqId":"6xQNtFUsSuoJb4fLHZH5","level":3,"time":"2021-04-23T08:57:09+00:00","remoteAddr":"myip","user":"mymail@mailserver.org","app":"libresign","method":"POST","url":"/apps/libresign/api/0.1/sign/614ae278-8d67-46af-b20a-cfc6549bfec6","message":"Java not installed, set the flag \"isUseJavaInstalled\" as false or install java.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","version":"20.0.7.1","id":"60828c03ede37"}

Of course Java is installed. I verified this in the NC app docker container --> its not there, seems dockerfile did not work as expected --> got exec in the container --> mkdir -p /usr/share/man/man1 /usr/share/man/man2 --> apt update; apt install default-jre --> succeeded --> java -v --> gives correct version

Redone all the LibreSign steps from sending the POST onwards --> error "eror to sign pdf []"
{"reqId":"xuo6ATpNmVLAe79uIgWY","level":3,"time":"2021-04-23T09:20:30+00:00","remoteAddr":"myip","user":"mymail@mailser.org","app":"libresign","method":"POST","url":"/apps/libresign/api/0.1/sign/de97af5b-ba22-46ca-9b71-cd9545117a03","message":"Error to sign PDF. []","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","version":"20.0.7.1","id":"6082917444edf"}

So I still miss some magic bits ;-)

Please give my a hand here...

Thank you so much!

@aheider
Copy link
Author

aheider commented Apr 23, 2021

Ok. Somehow jsignpdf WAS NOT INSTALLED CORRECTLY via the dockerfile, when running the commands by hand all worked well!

Redone all steps from POST request onwards --> something godd happened!
grafik

In the account of the signer nothing special happened.

However in the NC account of the person whose credentials were used to send the POST request there is a new folder "LibreSign" that had a new folder for each signing operation. I searched for the last one as that was the working one. In there I found 2 PDF files: original one and one which had "_unterschrieben" (= "_signed") in its name. I opened it and it has a line "Digital Unterschrieben mit LibreSign" (= "digitally singed with LibreSign") in. I downloaded it and opened it in Adobe Reader (NOT PRO). Here is what I found:
grafik

Not all too bad! There is a signature on it, but Adobe Reader cannot read the details and thus cannot verify it. I guess also it has no access to the rott certificate (of course).

Can I get Adobe Reader to validate the signature against a root certificate or something?
Can I get Adobe Reader to list the signer name, email and maybe other details? TImestamp, IP, eg?

Thank you so much!

@RenataAmoedo
Copy link

Hi there! How are you coming along with LibreSign? Is this issue solved or there's anything else we can help?

We're glad to see you sharing your experiencies with LibreSign! Do you know your page at Patreon (https://www.patreon.com/librecode)? Over there you can learn more about the project and contribute opening and solving new issues. Feel free to be part of it and contribute as you can!

@fishfree

This comment was marked as off-topic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants