NC12 Authentication issue with Cardav, Caldav and Sogo connector

Hi guys,

I updated just now from NC 11.0.3 to NC 12. It worked without any issues.

First I noticed that my Thunderbird Lightning was not able to connect no more, but I could not see any errors. The same with the SoGo connector.

After that I checked on my two Android the cardav-sync as well as the caldav-sync. Both are refusing to work.

Still no error, even the Nextcloud log stays empty.

Then I removed on my Android test-wise the caldav account to start over. The problem I am facing is that caldav is keep telling me that the password or user name is wrong. But I haven’t changed anything and it worked few minutes back with NC11. I am sure that both are right. Password and user name.

What I am missing, what can I do to fix it?

EDIT:

Now there was this in the log:

Sabre\DAV\Exception\NotAuthenticated: HTTP/1.1 401 No ‘Authorization: Basic’ header found. Either the client didn’t send one, or the server is misconfigured, No ‘Authorization: Bearer’ header found. Either the client didn’t send one, or the server is mis-configured

[internal function] Sabre\DAV\Auth\Plugin->beforeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/vhosts/domain/httpdocs/nextcloud/3rdparty/sabre/event/lib/EventEmitterTrait.php - line 105: call_user_func_array(Array, Array)
/var/www/vhosts/domain/httpdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 466: Sabre\Event\EventEmitter->emit('beforeMethod', Array)
/var/www/vhosts/domain/httpdocs/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 254: Sabre\DAV\Server->invokeMethod(Object(Sabre\HTTP\Request), Object(Sabre\HTTP\Response))
/var/www/vhosts/domain/httpdocs/nextcloud/apps/dav/appinfo/v1/webdav.php - line 71: Sabre\DAV\Server->exec()
/var/www/vhosts/domain/httpdocs/nextcloud/remote.php - line 162: require_once('/var/www/vhosts...')
{main}

It is a shared host. Not sure what I should configure and it worked up to NC11.0.3

1 Like

Hi @MeCias,

My guess would be that the used client broke due to this: https://github.com/nextcloud/android/issues/1028
Which has been fixed in our own Nextcloud Android client 1.4.3 and likely other clients will have to fix this too :confused:
The NC12 server suppoert new Auth methods, so I’d say that is the reason.

cc @LukasReschke and @nickvergessen

Hi @Andy,

That is not good. Does not help if the whole environment around NC has to be updated as well. I guess it will take some time until all the Devs notice the changes and will take some actions. Sogo was just updated and it does not work for example.

Now I have to figure out how to get back from 12 to 11.

Hi @MeCias,

according to the Nextcloud website or rather the server documentation for upgrades you can only upgrade versions but never downgrade. From what I understood from the developers who fixed the issue for the Nextcloud Android client, it is a client bug not a server issue since the server now sends all available authentication methods not just one -> “so the client can’t just simply pick the first one”. :confused:
Other than that I only know that the Server has published several beta versions and release candidates giving developers the chance to test their client. But I am not an expert on auth methods or the mentioned clients, so I might be mistaken regarding the cause of the problem.

cc @tobiasKaminsky and @LukasReschke who might know more about this issue/topic

Thanks for the heads up @Andy.

It is a small environment with 4 user, so I might start from scratch with NC11.0.3. Card- and Caldav is crucial to me.
Maybe there is a workaround to get it working even with NC12, that would be nice, to safe me the effort.

Not working:
Lightning 5.4.1.1
Sogo connector: 31.0.4
Caldav-sync: 0.4.29
Carddav-sync: 0.4.21

Working:
ES File Explorer Pro: 1.0.8
Nextcloud: 1.4.3
FolderSync: 2.9.9

@MeCias, does the calendar load in Web?

See my After update from 11 to 12 (and now 12.0.3 to 12.0.4 again): Calendar loading infinitly (and php-fpm 100% CPU usage)

Hi @MikeLupe
The web calendar is working fine on my site. Everything on the web works surprisingly smoothly, way better then NC11.

Ok, thanks for the feedback @MeCias.

Besides calendar (and custom theme) everything went smooth on 12, true. But had to revert, because calendar is crucial for me aswell.

I’m not 100% sure it works, but maybe this small hack can get it working again.
But you should only do this when absolutely necessary, since it breaks OAuth2 and some other things.
So don’t complain when those things don’t work then anymore.

And also I just tested and can confirm, that Lightning 5.4 works against Nextcloud 12 without this.

apps/dav/appinfo/v1/webdav.php

Replace:

$authPlugin->addBackend($bearerAuthPlugin);

with:

// FIXME I disabled this myself following https://help.nextcloud.com/t/nc12-authentication-issue-with-cardav-caldav-and-sogo-connector/12924 $authPlugin->addBackend($bearerAuthPlugin);

apps/dav/lib/Server.php

Replace:

$authPlugin->addBackend($bearerAuthBackend);

with:

// FIXME I disabled this myself following https://help.nextcloud.com/t/nc12-authentication-issue-with-cardav-caldav-and-sogo-connector/12924 $authPlugin->addBackend($bearerAuthBackend);
6 Likes

Same here :confused:

After updating two Nextcloud instances, both have problems with Thunderbird Sync
(Lightning - Calendar 5.4.1.1 “CALDAV” & SOGo Connector 31.0.4 “CARDDAV”).

Calendars are no longer displayed (disabled) and reactivate fails without error!

After creating a new app-pin in Nextcloud and deleting the saved password in Thunderbird, you will not be prompted for a new one?! It seems as no connection could be established.

Little note on the edge if it’s related :eyeglasses:

When I call the calendar URL in Firefox, I get the following text:
This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client. CLEAR!

When I call the calendar URL in IE, I get the following text:
Unauthorized ?

There are no entries in the Bruteforce block list!

Maybe Thunderbird requests also receive this message?!

The sync on the mobile phone (Windows Mobile 10) works without problems!

@nickvergessen
Unfortunately, the comment out solution did not work for me, same problem :confounded:

Does anyone else have an idea?
I suspect the constellation Thunderbird Lightning & SOGo should be quite common.

The problem we fixed with 1.4.3 is only if you login on the very first time. It was a problem during initial server connection.
So if you experince problems with an existing user after the upgrade it is not the same cause.

@nickvergessen thanks for your help. Unfortunately it does not help to comment it out. Not with the carddav- caldav-sync apps neither Thunderbird.

If I open Thunderbird with Lightning already open I see for a split second that the calendars get fetched but then they get greyed out and the check disappears. Even tried it with a new calendar. No luck.

1 Like

@MeCias, @nickvergessen

I can confirm the exact same behavior!
Once activated, the calendar is displayed for one second and then immediately becomes inactive again!

And as mentioned earlier it does not help to comment it out.

It reassures me if I’m not the only one :innocent:

I hope that there is a quick solution… Thanks to all involved!

@georgehrke can hopefully debug this the coming days!

@jospoortvliet

Just one info: The same problem exists with contacts over SOGo Connector 31.0.4 :slight_smile:

DavDroid (Android paid app) works flawlessy, instead Evolution mail client does not, it complains about “Data source ‘mycal’ does not support OAuth 2.0 authentication”…

Hope will be fixed soon.

1 Like

@LukasReschke You implemented the BearerAuthPlugin. Mind looking into this?

Well my hack above removes it and it still doesn’t work, so a bit odd…

People with the problem, can you post the URLs you are connecting to? Something like:
example.tld/remote.php/dav/calendars/…
example.tld/remote.php/caldav/…
example.tld/subfolder/remote.php/dav/calendars/…
example.tld/subfolder/remote.php/caldav/…

@nickvergessen

Here is a sample of the calendar links (anonymized). In my case, four calendars are created.

"https://domain.de/cloud/remote.php/dav/calendars/user/calendarname1"
https://domain.de/cloud/remote.php/dav/calendars/user/calendarname2

And a sample link to the contacts.

https://domain.de/cloud/remote.php/dav/addressbooks/users/user/contacts

Thank you so much for helping :slight_smile:

@nickvergessen

When I open one of the links in Browser, there is no login or similar, but immediately the following message!

Unauthorized

Technical details

Remote-Adresse: xxx.xxx.xxx.xxx
Anfrage-ID: xxx-xxxxxxxxxxxxxxxxxxx

Even with the hack, the same behavior :confounded: