Hello,
I have a problem while doing a PROPFIND via cURL. I use this script in PHP:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://our.nextcloud.server/owncloud/remote.php/dav/files/testuser');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PROPFIND');
curl_setopt($ch, CURLOPT_POSTFIELDS, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><d:propfind xmlns:d=\"DAV:\"><d:prop xmlns:oc=\"http://owncloud.org/ns\"><d:getlastmodified/><d:getcontentlength/><d:getcontenttype/><oc:permissions/><d:resourcetype/><d:getetag/></d:prop></d:propfind>");
curl_setopt($ch, CURLOPT_USERPWD, 'testuser' . ':' . 'password of testuser');
$headers = array();
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);
If I do this with a user, that is created in nextcloud then I get the data as xml like this:
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Thu, 07 May 2020 10:55:07 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype>
<d:collection/>
</d:resourcetype>
<d:getetag>"7ed738ddc4b2814c67db05e3f802d56d"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/>
<d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Documents/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Mon, 18 Mar 2019 09:25:53 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5c8f6421a8007"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/>
<d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Dokument.docx</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Tue, 10 Mar 2020 15:45:03 GMT</d:getlastmodified>
<d:getcontentlength>17513</d:getcontentlength>
<d:getcontenttype>application/vnd.openxmlformats-officedocument.wordprocessingml.document</d:getcontenttype>
<oc:permissions>RGDNVW</oc:permissions>
<d:resourcetype/>
<d:getetag>"81cc6934fed1f047c168120b1c0760dc"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Freigabe_per_Link/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Fri, 09 Feb 2018 12:50:51 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5b2c95d4c85c4"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/MKITestordner/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Wed, 29 Apr 2020 07:35:10 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5ea92e2eced18"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/MKITestordner2/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Wed, 29 Apr 2020 06:09:08 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5ea91a04ba2ec"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/>
<d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Ordner%20mit%20Leerzeichen/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Wed, 29 Apr 2020 08:19:21 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5ea93889da919"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Shared/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Thu, 07 May 2020 10:55:07 GMT</d:getlastmodified>
<oc:permissions>RGDNVCK</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"cfd1005ba59e02b11a001a17bdad118b"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Holzbau%20Produktvideos/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Fri, 22 Jun 2018 06:23:33 GMT</d:getlastmodified>
<oc:permissions>SGDNV</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5b2c95e518276"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Trockenbau/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Fri, 22 Jun 2018 06:23:32 GMT</d:getlastmodified>
<oc:permissions>SGDNV</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5b2c95e518276"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
<d:response>
<d:href>/owncloud/remote.php/dav/files/testuser/Twenta%20Produktvideo/</d:href>
<d:propstat>
<d:prop>
<d:getlastmodified>Fri, 22 Jun 2018 06:23:32 GMT</d:getlastmodified>
<oc:permissions>SGDNV</oc:permissions>
<d:resourcetype><d:collection/></d:resourcetype>
<d:getetag>"5b2c95e518276"</d:getetag>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
<d:propstat>
<d:prop>
<d:getcontentlength/><d:getcontenttype/>
</d:prop>
<d:status>HTTP/1.1 404 Not Found</d:status>
</d:propstat>
</d:response>
</d:multistatus>
We are using active-directory users. We create a apppassword for every user with this script:
$headers = array();
$headers[] = 'Ocs-Apirequest: true';
$headers[] = 'Accept: application/json';
$headers[] = 'Content-Type: application/json';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://our.nextcloud.server/owncloud/ocs/v2.php/core/getapppassword');
curl_setopt($curl, CURLOPT_USERAGENT, 'CRM');
curl_setopt($curl, CURLOPT_USERPWD, $dav_username . ':' . $dav_password);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$jsonResult = json_decode(curl_exec($curl), true);
curl_close($curl);
The password we get in the creation process is stored in a mysql database.
Now if we want do get data from the nextcloud-server like PROPFIND, we run the first script with the credentials of the active-directory user. But we only get this answer:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
<s:message>No public access to this resource., No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, Username or password was incorrect</s:message>
</d:error>
I found a hint that I should use the authorization bearer with the token, stored in the nextcloud database in the oc_authtoken table, but then, I get this error:
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
<s:message>No public access to this resource., Bearer token was incorrect, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>
And the weird thing is that in the first hours after creating a user, the PROPFIND returns the correct xml like in the first example with the testuser-account.
What happens here, can anybody explain it to me?