Manual testing (public-link-flow, ownCloud->Nextcloud)

[michielbdejong]

I should set up some server on localhost (outside the testnet) and try out how OCM works from the GUIs.

[michielbdejong]

Using ./manualTesting.sh I can run one Nextcloud instance on https://localhost and one ownCloud instance on http://localhost:8080. I can log in with alice / alice123 and admin / admin. I can find the 'cloud sharing' option in both, but neither of them work yet. Should I share with alice@localhost / admin@localhost:8080 ? Both directions fail.
Will investigate more tomorrow!

[michielbdejong]

I would expect the docker containers can't talk to each other via the host bridge on MacOS.
Just re-reading https://docs.docker.com/docker-for-mac/networking/ it should be OK. I'll augment
https://github.com/michielbdejong/ocm-test-suite/blob/9475d01741ed00f8b1a09b7276bcafdc3f721b62/manualTesting.sh
to run Nextcloudx2 + ownCloudx2.

[michielbdejong]

Maybe I can run Seafile without Docker or create a dockerfile myself for Seafile 8 / latest master -> see #4

[michielbdejong]

These are the XHR calls made for 'share with'.

On ownCloud:

curl 'http://localhost:180/ocs/v2.php/apps/files_sharing/api/v1/shares?format=json' \
  -H 'Connection: keep-alive' \
  -H 'sec-ch-ua: "Google Chrome";v="87", "\"Not;A\\Brand";v="99", "Chromium";v="87"' \
  -H 'requesttoken: axRpYkBcKURgPFJWNEcwUw0+QyAyGzNFXVgmCWZFIQo=:RMBPvsp37xc/w2zfjY+kgBpvdkh010kRuCAn9vnkbQY=' \
  -H 'sec-ch-ua-mobile: ?1' \
  -H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36' \
  -H 'OCS-APIREQUEST: true' \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/javascript, */*; q=0.01' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H 'Origin: http://localhost:180' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fr-FR;q=0.6,fr;q=0.5,de-DE;q=0.4,de;q=0.3,es-ES;q=0.2,es;q=0.1,id-ID;q=0.1,id;q=0.1' \
  -H 'Cookie: oc_sessionPassphrase=y4otuG%2BATllVGpimDISJLnrsgQKcAPnSdVujNaepjyV69KRVLEDXFowelgU8mD7Bd2RS8idHKhc4X3bWja%2Ba41zjMYoPAcSwKz2U3488ETj54ft0j5CVPf%2BrWIcfdfZh; oc9aiwqzi260=ee6vpd5kfps87o2vve9qt5pr3i; sfcsrftoken=9TwLosRL5GmgTJzlaoDW0t7gyjNwtboe298h8EmKNxh2MsRLA7TGoBeXCzf8rNsz; ocp1fcfhnt8y=2kng8faatmo64vnspeb7sv4thm; ocz4cthxqd7a=3oo0p1b6e8fl6h48tgmi7a85k0; ocbwr4iaa9i7=gm2h0q2ltfc3hhchq8nk13dqcu; oc600zji8q1b=bvsdrepmbdh4dcsbdjvfgchq20; ocgxlg4x1q2x=mj4akn0836n94q55902tlmbloi' \
  --data-binary '{"shareType":6,"shareWith":"admin@localhost:280","permissions":19,"path":"/Documents/Example.odt"}' \
  --compressed

On Nextcloud:

curl 'https://localhost:1443/ocs/v2.php/apps/files_sharing/api/v1/shares' \
  -H 'Connection: keep-alive' \
  -H 'sec-ch-ua: "Google Chrome";v="87", "\"Not;A\\Brand";v="99", "Chromium";v="87"' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'requesttoken: kWYPNQHjHCoG4aYL8j98pY2jqTRtgF/WbolQWEjlTog=:/BVCVzSIJXpWkdxDullO8f3x2ABCzh2yLOs6NC2xP7w=' \
  -H 'sec-ch-ua-mobile: ?1' \
  -H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36' \
  -H 'Content-Type: application/json;charset=UTF-8' \
  -H 'Origin: https://localhost:1443' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fr-FR;q=0.6,fr;q=0.5,de-DE;q=0.4,de;q=0.3,es-ES;q=0.2,es;q=0.1,id-ID;q=0.1,id;q=0.1' \
  -H 'Cookie: oc_sessionPassphrase=y4otuG%2BATllVGpimDISJLnrsgQKcAPnSdVujNaepjyV69KRVLEDXFowelgU8mD7Bd2RS8idHKhc4X3bWja%2Ba41zjMYoPAcSwKz2U3488ETj54ft0j5CVPf%2BrWIcfdfZh; oc9aiwqzi260=ee6vpd5kfps87o2vve9qt5pr3i; sfcsrftoken=9TwLosRL5GmgTJzlaoDW0t7gyjNwtboe298h8EmKNxh2MsRLA7TGoBeXCzf8rNsz; ocp1fcfhnt8y=2kng8faatmo64vnspeb7sv4thm; oc9qurp1m907=a503da20a70026d2e86800f9c4d2c094; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oci7fzhcpf19=c6eb0d4cbc210308db4fc51c70d19249; nc_username=alice; ocz4cthxqd7a=3oo0p1b6e8fl6h48tgmi7a85k0; ocb5fh466uhv=0f10767b4807784a97cb4f31933ce250; oc8f8i8qp2sz=d00d61129dd8645181f4cf94d180e2a2; ocbwr4iaa9i7=gm2h0q2ltfc3hhchq8nk13dqcu; oc600zji8q1b=bvsdrepmbdh4dcsbdjvfgchq20; ocgxlg4x1q2x=mj4akn0836n94q55902tlmbloi; ocqpqsvygf85=06eb46095f0f8a37a30f9cb46b374c1b; ocvf68uo9ej4=772e44975686ca74d3e9484fd9251060; nc_token=5TNoA1iWEOCKz%2FWe5J12u0aMmlU9uMmf; nc_session_id=772e44975686ca74d3e9484fd9251060' \
  --data-binary '{"path":"/Documents/Readme.md","permissions":19,"shareType":6,"shareWith":"admin@https://localhost:2443"}' \
  --compressed \
  --insecure

Both could be related to the TLS situation (one unencrypyted and one self-signed), but I need more server-side logging.

[michielbdejong]

Public link 180 -> 280 results in 'Storage not valid':

curl 'http://localhost:280/apps/files_sharing/external' \
  -H 'Connection: keep-alive' \
  -H 'sec-ch-ua: "Google Chrome";v="87", "\"Not;A\\Brand";v="99", "Chromium";v="87"' \
  -H 'requesttoken: U3UIHgMdHiwODVsOViwSJUgTIAECD3wUGFUDCQU3ZDM=:b7ZZ1LRJOocy7DjbgeJ1ThWbr7lodn7XMkm5GlIkif8=' \
  -H 'sec-ch-ua-mobile: ?1' \
  -H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36' \
  -H 'OCS-APIREQUEST: true' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Accept: */*' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H 'Origin: http://localhost:280' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fr-FR;q=0.6,fr;q=0.5,de-DE;q=0.4,de;q=0.3,es-ES;q=0.2,es;q=0.1,id-ID;q=0.1,id;q=0.1' \
  -H 'Cookie: oc_sessionPassphrase=y4otuG%2BATllVGpimDISJLnrsgQKcAPnSdVujNaepjyV69KRVLEDXFowelgU8mD7Bd2RS8idHKhc4X3bWja%2Ba41zjMYoPAcSwKz2U3488ETj54ft0j5CVPf%2BrWIcfdfZh; oc9aiwqzi260=ee6vpd5kfps87o2vve9qt5pr3i; sfcsrftoken=9TwLosRL5GmgTJzlaoDW0t7gyjNwtboe298h8EmKNxh2MsRLA7TGoBeXCzf8rNsz; ocp1fcfhnt8y=2kng8faatmo64vnspeb7sv4thm; ocz4cthxqd7a=3oo0p1b6e8fl6h48tgmi7a85k0; ocbwr4iaa9i7=gm2h0q2ltfc3hhchq8nk13dqcu; oc600zji8q1b=bvsdrepmbdh4dcsbdjvfgchq20; ocgxlg4x1q2x=mj4akn0836n94q55902tlmbloi' \
  --data-raw 'remote=http%3A%2F%2Flocalhost%3A180&token=EqlnNT6E2HdWdWn&owner=admin&ownerDisplayName=admin&name=Example.odt&password=' \
  --compressed

which makes sense because in all these flows, 'localhost' stays inside each of the containers instead of referring to the host system.

root@e82948f68179: /var/www/owncloud # curl http://localhost:180/ocm-provider/
curl: (7) Failed to connect to localhost port 180: Connection refused

[michielbdejong]

And in fact, http://host.docker.internal:180 does work from inside the owncloud280 container:

root@e82948f68179: /var/www/owncloud # curl http://host.docker.internal:180/ocm-provider/
{"enabled":true,"apiVersion":"1.0-proposal1","endPoint":"http:\/\/host.docker.internal:180\/apps\/federatedfilesharing","shareTypes":[{"name":"file","protocols":{"webdav":"\/public.php\/webdav\/"}}]}

[michielbdejong]

\o/ by adding host.docker.internal to my host system's /etc/hosts, I was now able to share from owncloud280 to owncloud180 through the public-link-flow.

[michielbdejong]

Had to blind-type the phrase 'thisisunsafe' into Chrome's TLS warning page :D https://stackoverflow.com/a/47646463/680454

[michielbdejong]

public-link-flow works ownCloud -> ownCloud for both folders and files.
public-link-flow ownCloud -> Nextcloud fails with:
public-link-flow Nextcloud -> ownCloud fails with:

Kon geen gefedereerde share tot stand brengen, waarschijnlijk was de federatieserver te oud (Nextcloud <=9).

Share-with flow doesn't work in any direction yet.

[michielbdejong]

Debugging this server-side:

 curl 'https://host.docker.internal:1443/apps/federatedfilesharing/askForFederatedShare' \
  -H 'Connection: keep-alive' \
  -H 'sec-ch-ua: "Google Chrome";v="87", "\"Not;A\\Brand";v="99", "Chromium";v="87"' \
  -H 'requesttoken: h7yU3ECo4cI6WIcbZtZEDubiZvskFmRJnyW+jbxSH0M=:3vrjjHLiorV+Fb9KFa99d4SSB8NmZzUq9WrWve1rTnA=' \
  -H 'sec-ch-ua-mobile: ?1' \
  -H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36' \
  -H 'OCS-APIREQUEST: true' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Accept: */*' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H 'Origin: https://host.docker.internal:1443' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fr-FR;q=0.6,fr;q=0.5,de-DE;q=0.4,de;q=0.3,es-ES;q=0.2,es;q=0.1,id-ID;q=0.1,id;q=0.1' \
  -H 'Cookie: oc600zji8q1b=bd3cqk81fco2vc2fotmml956qa; ocgxlg4x1q2x=7bqllde7pdtkc7s3ggt4serm0u; ocqpqsvygf85=35c3e0ad812e3ce018c4f109639ef824; ocircggq8hdl=1e6ae154735900284c612111273c0665; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=alice; ocwvlo7yymno=7603af9531a191de5ca1fd1445d2772d; oc677fb5r4zo=0rf52h9g2q1b7os9d5vii1hfn8; oc106qgb5z67=vdbvdfuirree6mgq86tk927pfk; oc_sessionPassphrase=7fWLpH5jK4V6a70MoB5X%2BxnhpoFT%2FSphXkhXXPNpvFRXtUyjONF8xw62mrWduuw4ZMcQcZBnwl%2BRkLIv1uhlXpTVeyOWGG0ejS9KFR9A4eDsC4zEvkp8oUX7Iz%2BFf8sX; ocrv47tsoyg9=3cafbbcf92e6b1125c2697d007cdcd14; nc_token=lNiI3Q8aNV96k9gC59SPkfkXPIDH%2FxMZ; nc_session_id=3cafbbcf92e6b1125c2697d007cdcd14' \
  --data-raw 'remote=http%3A%2F%2Flocalhost%3A180&token=RO23cUS81ZIPfz0&owner=admin&ownerDisplayName=admin&name=ownCloud+Manual.pdf&password=' \
  --compressed \
  --insecure 

{"message":"Kon geen gefedereerde share tot stand brengen"}

[michielbdejong]

Split this issue into two, one for each flow ^

[michielbdejong]

/var/www/html/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php: public function askForFederatedShare($token, $remote, $password = '', $owner = '', $ownerDisplayName = '', $name = '') {

[michielbdejong]

OCP\Http\Client\LocalServerException:
Host violates local access rules in /var/www/html/lib/private/Http/Client/Client.php:176\n
Stack trace:\n
#0 /var/www/html/lib/private/Http/Client/Client.php(298):
OC\Http\Client\Client-\u003EpreventLocalAddress('http://localhos...', Array)\n
#1 /var/www/html/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php(208): OC\Http\Client\Client-\u003Epost('http://localhos...', Array)\n
#2 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(169): OCA\FederatedFileSharing\Controller\MountPublicLinkController-\u003EaskForFederatedShare('RO23cUS81ZIPfz0', 'http://localhos...', '', 'admin', 'admin', 'ownCloud Manual...')\n
#3 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(100): OC\AppFramework\Http\Dispatcher-\u003EexecuteController(Object(OCA\FederatedFileSharing\Controller\MountPublicLinkController), 'askForFederated...')\n
#4 /var/www/html/lib/private/AppFramework/App.php(152): OC\AppFramework\Http\Dispatcher-\u003Edispatch(Object(OCA\FederatedFileSharing\Controller\MountPublicLinkController), 'askForFederated...')\n
#5 /var/www/html/lib/private/Route/Router.php(308): OC\AppFramework\App::main('OCA\\FederatedFi...', 'askForFederated...', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)\n
#6 /var/www/html/lib/base.php(1008): OC\Route\Router-\u003Ematch('/apps/federated...')\n
#7 /var/www/html/index.php(37): OC::handleRequest()\n
#8 {main}"}

Ah, I had accidentally used a share from localhost. At least I can see logs now, so that's good. Moving on!

[michielbdejong]

https://host.docker.internal:1443/index.php/apps/files#remote=https%3A%2F%2Fhost.docker.internal%3A2443&token=56gzaqKB7mzywfn&owner=&ownerDisplayName=&name=Nextcloud%20intro.mp4&protected=0 does nothing. why? -> splitting this out to #5.

[michielbdejong]

https://host.docker.internal:1443/index.php/apps/files#remote=http%3A%2F%2Fhost.docker.internal%3A280&token=vxgE876fsIa9dwR&owner=admin&ownerDisplayName=admin&name=ownCloud%20Manual.pdf&protected=0 does trigger the right dialog, but leads to "Kon geen gefedereerde share tot stand brengen, waarschijnlijk was de federatieserver te oud (Nextcloud <=9)."

[michielbdejong]

curl 'https://host.docker.internal:1443/apps/federatedfilesharing/askForFederatedShare' \
  -H 'Connection: keep-alive' \
  -H 'sec-ch-ua: "Google Chrome";v="87", "\"Not;A\\Brand";v="99", "Chromium";v="87"' \
  -H 'requesttoken: mkPoMyYaIWd9NV7Ve/co3Wikwan2C0FDsdCCVrJIBNQ=:wwWfYxRQYhA5eGaECI4RpArUoJG0ehAg25/qZuNxVec=' \
  -H 'sec-ch-ua-mobile: ?1' \
  -H 'User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36' \
  -H 'OCS-APIREQUEST: true' \
  -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'Accept: */*' \
  -H 'X-Requested-With: XMLHttpRequest' \
  -H 'Origin: https://host.docker.internal:1443' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fr-FR;q=0.6,fr;q=0.5,de-DE;q=0.4,de;q=0.3,es-ES;q=0.2,es;q=0.1,id-ID;q=0.1,id;q=0.1' \
  -H 'Cookie: oc600zji8q1b=bd3cqk81fco2vc2fotmml956qa; ocgxlg4x1q2x=7bqllde7pdtkc7s3ggt4serm0u; ocqpqsvygf85=35c3e0ad812e3ce018c4f109639ef824; ocircggq8hdl=1e6ae154735900284c612111273c0665; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; nc_username=alice; oc677fb5r4zo=0rf52h9g2q1b7os9d5vii1hfn8; oc106qgb5z67=vdbvdfuirree6mgq86tk927pfk; oc_sessionPassphrase=7fWLpH5jK4V6a70MoB5X%2BxnhpoFT%2FSphXkhXXPNpvFRXtUyjONF8xw62mrWduuw4ZMcQcZBnwl%2BRkLIv1uhlXpTVeyOWGG0ejS9KFR9A4eDsC4zEvkp8oUX7Iz%2BFf8sX; ocrv47tsoyg9=3cafbbcf92e6b1125c2697d007cdcd14; ocwvlo7yymno=cd145ff23098b24e564ec31902107afc; nc_token=1WTmYWzvMFXN%2F%2Bw%2F06eVVrpZnl7p4Fpd; nc_session_id=cd145ff23098b24e564ec31902107afc' \
  --data-raw 'remote=http%3A%2F%2Fhost.docker.internal%3A280&token=vxgE876fsIa9dwR&owner=admin&ownerDisplayName=admin&name=ownCloud+Manual.pdf&password=' \
  --compressed \
  --insecure

[michielbdejong]

It's doing an outgoing http POST to http://host.docker.internal:280/index.php/apps/federatedfilesharing/createFederatedShare
with body: [
token: "vxgE876fsIa9dwR",
"shareWith":"alice@https://host.docker.internal:1443",
"password":""
]

[michielbdejong]

curl -i -d"token=vxgE876fsIa9dwR&shareWith=alice@https://host.docker.internal:1443&password=" http://host.docker.internal:280/index.php/apps/federatedfilesharing/createFederatedShare

This results in a 302 redirect to http://host.docker.internal:280/login.

[michielbdejong]

Will find out what ownCloud does here.

[michielbdejong]

Not sure if the redirect to login is expected. Will need to resolve #7 before I can get much further with this.

[michielbdejong]

Trying https://nc1.pdsinterop.net/ocm#remote=http%3A%2F%2Foc2.pdsinterop.net&token=41eTBwtB5OW7nRs&owner=admin&ownerDisplayName=admin&name=ownCloud%20Manual.pdf&protected=0 now, but not much luck yet.

[michielbdejong]

From http://oc2.pdsinterop.net/s/NOpmF8WM1o1Uiyh
It goes to
https://nc2.pdsinterop.net/index.php/apps/files#remote=http%3A%2F%2Foc2.pdsinterop.net&token=NOpmF8WM1o1Uiyh&owner=admin&ownerDisplayName=admin&name=Teotihuacan.jpg&protected=0
and then to
https://nc2.pdsinterop.net/index.php/apps/files#
with a modal

Remote share // Do you want to add the remote share Teotihuacan.jpg from admin@oc2.pdsinterop.net?

and then the error message

Kon geen gefedereerde share tot stand brengen, waarschijnlijk was de federatieserver te oud (Nextcloud <=9).✖Ga naar hoofdinhoudGa naar navigatie van app

[michielbdejong]

This is the post it does when receiving oC->Nc:

{"url":"\/index.php\/apps\/federatedfilesharing\/createFederatedShare","token":"NOpmF8WM1o1Uiyh","shareWith":"alice@https:\/\/nc2.pdsinterop.net","password":""}

Code in /var/www/html/apps/cloud_federation_api/lib/Controller/RequestHandlerController.php :

Example: curl -H "Content-Type: application/json" -X POST -d '{"shareWith":"admin1@serve1","name":"welcome server2.txt","description":"desc","providerId":"2","owner":"admin2@http://localhost/server2","ownerDisplayName":"admin2 display","shareType":"user","resourceType":"file","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' http://localhost/server/index.php/ocm/shares
public function addShare($shareWith, $name, $description, $providerId, $owner, $ownerDisplayName, $sharedBy, $sharedByDisplayName, $protocol, $shareType, $resourceType) {

[michielbdejong]

curl -H "Content-Type: application/json" -X POST -d '{"shareWith":"alice@nc2.pdsinterop.net","name":"welcome server2.txt","description":"desc","providerId":"2","owner":"admin2@http://localhost/server2","ownerDisplayName":"admin2 display","shareType":"user","resourceType":"file","protocol":{"name":"webdav","options":{"sharedSecret":"secret","permissions":"webdav-property"}}}' http://nc2.pdsinterop.net/index.php/ocm/shares

->

{"recipientDisplayName":"alice"}

[michielbdejong]

I think ownCloud doesn't do this POST at all, it just does the redirect.

[michielbdejong]

Next step is to find out what the spec says about this and see if I can create a PR that fixes it.

[michielbdejong]

https://rawgit.com/GEANT/OCM-API/v1/docs.html#null%2Fpaths%2F~1shares%2Fpost