tomboy.osx
tomboy.osx copied to clipboard
tomboy-notes
Does not sync with grauphel
Tomboy OS X does not sync with grauphel:
https://github.com/cweiske/grauphel
When you try, it tells you "The URL entered https://yourdomain.tld/owncloud/index.php/apps/grauphel is not valid for syncing".
Jeremy,
Tomboy OSX currently supports syncing using Rainy Server. Right now there is no provision for any other service for sync.
Rashid Khan http://www.imrashid.com
On Wed, Sep 10, 2014 at 9:57 PM, Jeremy Malcolm [email protected] wrote:
Tomboy OS X does not sync with grauphel:
https://github.com/cweiske/grauphel
When you try, it tells you "The URL entered https://yourdomain.tld/owncloud/index.php/apps/grauphel is not valid for syncing".
— Reply to this email directly or view it on GitHub https://github.com/tomboy-notes/tomboy.osx/issues/39.
@rashoodkhan: grauphel implements the Tomboy REST API that Rainy implements, too - so it should work.
Awesome.
Will look in to grauphel and see how Tomboy can be enhanced to support it.
Rashid Khan http://www.imrashid.com
On Wed, Sep 10, 2014 at 10:37 PM, Christian Weiske <[email protected]
wrote:
@rashoodkhan https://github.com/rashoodkhan: grauphel implements the Tomboy REST API that Rainy implements, too - so it should work.
— Reply to this email directly or view it on GitHub https://github.com/tomboy-notes/tomboy.osx/issues/39#issuecomment-55147824 .
@qirtaiba: Does Tomboy on Linux work with your server? If not it could have to do with the owncloud/ subdirectory. I did not test that yet.
After debugging the issue for a while, I am getting an invalid signature error when trying to get the oauth token. Below is the Response received:
oauth_problem=signature_invalid&debug_sbs=POST&=https://wolke.cweiske.de/index.php/apps/grauphel/oauth/request_token,oauth_callback=http%3A%2F%2Flocalhost%3A9001%2F&oauth_consumer_key=anyone&oauth_nonce=9025122&oauth_signature_method=PLAINTEXT&oauth_timestamp=1412368667&oauth_version=1.0
@Dynalon - Any idea why this is happening?
The root certificate for this domain doesn't seem to be trusted generally, see https://ssl-tools.net/webservers/wolke.cweiske.de
That's a valid point. We probably should allow the user to trust the site manually. This could be a big deal for users hosting their own site.
Created https://trello.com/c/pxvdZlN6/1-support-untrusted-certificates-from-sync-server
Yes, I use a certificate from cacert.org, whose root certificate is not included in most browsers/operating systems.
You can try it without SSL at http://nossl-wolke.cweiske.de/
hi, i searched through the code to find a solution. is anybody else working on this? i'm not familiar with mono so i have to investigate a little bit of time to get into. after debugging the code and output webexception it looks like it is searching for somesthing special but it gets the html code. is the code of the osx project separated from the linux version? (i check the linux code because there it is working on my home workstation)
Yes they are separate. You want this code: https://github.com/tomboy-notes/tomboy.osx
No joy. It doesn't give an error, but it doesn't do anything when I click "Authenticate". I get this in the webserver log:
208.90.213.162 - - [11/Nov/2014:06:49:46 +0800] "GET /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1" 200 356 "-" "-"
208.90.213.162 - - [11/Nov/2014:06:49:47 +0800] "POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1" 401 347 "-" "-"
After that when I choose "Sync Now" I get:
Sync Failed The sync was not successful. Please check the Sync Settings.
And if I try Authenticate again the application crashes.
"GET /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1" 200 356 "-" "-"`
This means that tomboy.osx finally fetched the correct first file, which it did not before.
"POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1" 401 347 "-" "-"`
The HTTP status code 401 is an indication that something is wrong with the OAuth request (401 means unauthorized). Could you install wireshark to see what's happening there? It can will show you the actual HTTP response that's sent back to tomboy.osx from grauphel (try that on a connection without ssl).
See http://fotostore.cweiske.de/screenshots/2014-11-11%20wireshark%20http.png for a small explanation.
I can't install wireshark because the machine is an OpenVZ container and I don't have the right permissions for that sort of low-level network access. But I installed something else called httpry and it returned this, does that help any?
2014-11-12 04:46:58.884 208.90.213.162 85.234.150.215 > GET www.malcolm.id.au /owncloud/index.php/apps/grauphel/api/1.0/ HTTP/1.1 - -
2014-11-12 04:46:59.007 85.234.150.215 208.90.213.162 < - - - HTTP/1.1 200 OK
2014-11-12 04:46:59.435 208.90.213.162 85.234.150.215 > POST www.malcolm.id.au /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1 - -
2014-11-12 04:46:59.564 85.234.150.215 208.90.213.162 < - - - HTTP/1.1 401 Unauthorized
OK, got it now (I misunderstood that I should install Wireshark on the server, but I now understand that you meant on the client):
HTTP/1.1 401 Unauthorized
Date: Tue, 11 Nov 2014 21:08:22 GMT
Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
X-Powered-By: PHP/5.4.4-14+deb7u11
Set-Cookie: oc1e0d67c158=ti1iauuree9geoclsfdt7481u1; path=/owncloud; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: Sameorigin
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *
X-Robots-Tag: none
Content-Length: 346
Content-Type: text/html; charset=utf-8
oauth_problem=signature_invalid&debug_sbs=POST&http%3A%2F%2Fwww.malcolm.id.au%2Fowncloud%2Findex.php%2Fapps%2Fgrauphel%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%253A9001%252F%26oauth_consumer_key%3Danyone%26oauth_nonce%3D6815528%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1415740104%26oauth_version%3D1.0
Yes. I had captured the error by logging on the tomboy app itself. Does this seem an issue with tomboy-library service or the API service which grauphel provides?
Since grauphel works fine with Tomboy, Tomdroid and Conboy, I suppose it's a problem with tomboy.osx or the library.
@qirtaiba or @rashoodkhan: Could you please also paste the Authorization header that is sent with the POST request?
Since PLAINTEXT is used, the oauth_signature in the authorization header should only be
oauth_signature="anyone%26"
POST /owncloud/index.php/apps/grauphel/oauth/request_token HTTP/1.1
Authorization: OAuth realm="Snowy",oauth_callback="http%3A%2F%2Flocalhost%3A9001%2F",oauth_consumer_key="anyone",oauth_nonce="8150851",oauth_signature="anyone%2526",oauth_signature_method="PLAINTEXT",oauth_timestamp="1415908783",oauth_version="1.0"
Content-Type: application/json; charset=utf-8
Content-Length: 0
Host: www.malcolm.id.au
Ha, there we have it!
oauth_signature="anyone%2526"
This is double encoded. It happens because OAuthConnection.cs#221 encodes the signature, and OAuthBase.cs#211 also urlencodes the signature. This double-encoding breaks it.
RFC 5849 section 2.1. Temporary Credentials has an example how it should look, and it looks single encoded:
For example, the client makes the following HTTPS request:
POST /request_temp_credentials HTTP/1.1
Host: server.example.com
Authorization: OAuth realm="Example",
oauth_consumer_key="jd83jd92dhsh93js",
oauth_signature_method="PLAINTEXT",
oauth_callback="http%3A%2F%2Fclient.example.net%2Fcb%3Fx%3D1",
oauth_signature="ja893SD9%26"
@rashoodkhan or @Dynalon: Can you remove the double encoding?
@qirtaiba - could you try grauphel from git, branch tomboyosxfix? I've added a workaround for this bug.
Well, from the grauphel side it now seems to work, thanks! But although getting further, it still didn't ultimately help. It says "The authentication with the server has been successful. You can sync with the web server now", but then when you try to sync the application immediately crashes.
Can I borrow someone's Rainy login to see if it crashes in the same way with a different server?
In case it helps here is some HTTP debugging after clicking "Sync":
Request:
GET /owncloud/index.php/apps/grauphel//api/1.0 HTTP/1.1
Accept: application/json
Authorization: OAuth realm="Snowy",oauth_consumer_key="anyone",oauth_nonce="454019",oauth_signature_method="PLAINTEXT",oauth_timestamp="1416858300",oauth_version="1.0"
Host: www.malcolm.id.au
Accept-Encoding: gzip, deflate
Response:
HTTP/1.1 200 OK
Date: Mon, 24 Nov 2014 19:44:31 GMT
Server: Apache/2.2.22 (Debian) Embperl/2.5.0_3 DAV/2 PHP/5.4.4-14+deb7u11 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 mod_perl/2.0.7 Perl/v5.14.2
X-Powered-By: PHP/5.4.4-14+deb7u11
Set-Cookie: oc1e0d67c158=dh5rv64dte59jr341tmndqnj90; path=/owncloud; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: Sameorigin
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *
X-Robots-Tag: none
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
followed by the HTML of an ownCloud login page.
Timo has generated a lot of public usernames and password - http://dynalon.github.io/Rainy/#!PUBLIC_SERVER.md
The problem here is the double slash: GET /owncloud/index.php/apps/grauphel//api/1.0, which is caused by the comment
@qirtaiba - try adding a slash at the end of the sync url. and which is ultimately bug #41.
Problem is now that either API detection does not work at all ("is not valid for syncing"), or syncing fails (double slash). If tomboy.osx would fix bug #41, it would work. But I don't have much hope since @rashoodkhan and friends already did not find the time to fix the trivial double encoding bug here :-/