monica
monica copied to clipboard
monicahq
Doesn't work with MacOS Contacts app
I'm creating a new issue, because there was no response on the old, already closed one.
Describe the bug I cannot make it work with MacOS Contacts (It works fine for iOS Contacts app).
Which version are you using:
- Docker version, 2.18.0
Additional context I tried to follow all combinations of settings from the previous thread, but no luck.
I enter details as follows:
login: [email protected]
password: <monicahq generated API token>
server URL: https://crm.domain.tld/dav/addressbooks/[email protected]/contacts
I also tried a number of different paths, like:
- /
- /dav/
- /dav/principals/
- /dav/principals/[email protected] etc.
But nothing works...
Same here.
Contacts app doesn't add account because it's "unable to verify account's name or password".
I've tried both my Monica's account password and an API token.
Manual and advanced account declaration both ends the same way.
Monica's docker container doesn't show any log related to my attempts, nor Apache's access/error.log.
I can see sabre's page when "manually" browsing to http://my_domain/dav/addressbooks/my_user@email/contacts.
What I can add to this is that it worked fine for me on Monica 2.17.0, but suddenly threw up this error on MacOS with version 2.18.0. Was something changed in the CardDAV/CalDAV integration?
@hobbesjaap I tried 2.17.0 (on different tags: alpine, php, apache) and none worked for me.
@hobbesjaap see the release note for 2.18.0: https://github.com/monicahq/monica/releases/tag/v2.18.0
DAV Connection CardDAV or CalDAV client connection now requires an API token as the password. Using login+password directly will not work anymore. Go to /settings/api to generate a new token and use it as the password. See also this documentation about CardDAV client.
Thank you so much for that piece of information! I'd read the release notes before but completely missed that part. I've now set up the CardDAV connection on MacOS and iOS again (had to delete the previous ones) and it's working. I used the CardDav specific URL (not the generic /dav/ one). Created a separate API token for each account and copy-and-pasted directly from the token page on the Monica site. Copying it to a text editor and then into iOS/MacOS did not work. I noticed that regardless of what text editor I used, pasting it introduced hard returns into the token that aren't on the website. This was the case even when using BBEdit (which is usually very, very clean when it comes to copying-and-pasting sensitive text like tokens).
So I'm very happy, Monica is once again syncing its contacts to my devices, thank you!
Trying to import contacts on a new machine, but no luck, no matter which paths I try. It was working well on my old MacBook with the same settings and same Catalina 10.15.7 version of the contacts app. Also no problems on iOS. I don't know if this is a bug with macOS or monica. Any way to debug this? When I use the full CardDAV URL to setup the account, I even see some requests in the logs of my docker container (v2.19.1,apache), but no contacts ever show up:
172.18.0.4 - - [10/Oct/2020:13:14:17 +0000] "OPTIONS /dav/addressbooks/user%40email.tld/contacts HTTP/1.1" 401 1853 "-" "Mac OS X/10.15.7 (19H2) AddressBookCore/1"
172.18.0.4 - [email protected] [10/Oct/2020:13:14:17 +0000] "OPTIONS /dav/addressbooks/user%40email.tld/contacts HTTP/1.1" 200 556 "-" "Mac OS X/10.15.7 (19H2) AddressBookCore/1"
172.18.0.4 - [email protected] [10/Oct/2020:13:14:17 +0000] "PROPFIND /dav/addressbooks/user%40email.tld/contacts HTTP/1.1" 207 1650 "-" "Mac OS X/10.15.7 (19H2) AddressBookCore/1"
I've also tried many other CalDav servers and the only one that currently works for me on MacOS (Big Sur) is NextCloud contacts. Monica still doesn't.
macOS does a PROPFIND on /dav/addressbooks/user/contacts with the content
<?xml version="1.0" encoding="UTF-8"?>
<A:propfind xmlns:A="DAV:">
<A:prop>
<B:addressbook-home-set xmlns:B="urn:ietf:params:xml:ns:carddav"/>
<B:directory-gateway xmlns:B="urn:ietf:params:xml:ns:carddav"/>
<A:displayname/>
<C:email-address-set xmlns:C="http://calendarserver.org/ns/"/>
<A:principal-collection-set/>
<A:principal-URL/>
<A:resource-id/>
<A:supported-report-set/>
</A:prop>
</A:propfind>
But the reply looks like an empty set:
DAV response
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:card="urn:ietf:params:xml:ns:carddav" xmlns:cal="urn:ietf:params:xml:ns:caldav" xmlns:cs="http://calendarserver.org/ns/">
<d:response>
<d:href>/dav/addressbooks/user/contacts/</d:href>
<d:propstat>
<d:prop>
<d:displayname>Contacts</d:displayname>
<d:principal-collection-set>
<d:href>/dav/principals/</d:href>
</d:principal-collection-set>
<d:supported-report-set>
<d:supported-report>
<d:report>
<card:addressbook-multiget />
</d:report>
</d:supported-report>
<d:supported-report>
<d:report>
<card:addressbook-query />
</d:report>
</d:supported-report>
<d:supported-report>
<d:report>
<d:sync-collection />
</d:report>
</d:supported-report>
<d:supported-report>
<d:report>
<d:expand-property />
</d:report>
</d:supported-report>
<d:supported-report>
<d:report>
<d:principal-match />
</d:report>
</d:supported-report>
<d:supported-report>
<d:report>
<d:principal-property-search />
</d:report>
</d:supported-report>
<d:supported-report>
<d:report>
<d:principal-search-property-set />
</d:report>
</d:supported-report>
</d:supported-report-set>
</d:prop>
<d:status>HTTP/1.1 200 OK</d:status>
</d:propstat>
</d:response>
</d:multistatus>
This could be because macOS passes a Depth: 0 whereas another client such as Thunderbolt TbSync passes Depth: 1.
For now I found a viable workaround for my use case. Since I use traefik in front of monica, I added a path rewrite middleware replacing ^/principals/(.*) with /dav/principals/myuser%40mydomain.tld/$1. This naive approach only works for a single user account, but that's alright for my self-hosted setup.
Updated to 2.19.1 today (via the Docker image) and still I don't see my contacts in macOS. I would be willing to sponsor a bounty to fix macOS support. Maybe it's as simple as figuring out the right path, but so far no one has posted a working configuration.
I tried the rewrite rule also but it did not appear to help.
I've got this problem (on macOS 11.2.3) as well. Using the latest Monica 2.20.0 release.
closing as there doesn't seem to be any interest to fix this (and I have moved on from monica long time ago).
@tborychowski Please re-open — the point of the issue is for the contributors to Monica to be aware that the issue applies, and the community to discuss potential solutions. Closing the issue should be if the bug is no longer applicable, not simply because you have lost interest. If you do not want to follow updates, please use the Unsubscribe button under Notifications on the right hand side of the GitHub interface (after you have re-opened the issue, please). Thanks.
The discussion here is useful because I, and others, have tried to diagnose what the issue is and have logged our attempted workarounds.
Still a problem with macOS 11.3 and Monica 2.21.0.
$50 to whoever lets me use Monica with the Contacts app on macOS:
https://www.bountysource.com/issues/93373457-doesn-t-work-with-macos-contacts-app
Not a fortune, but maybe enough to actually get this looked at for a moment?
Still a problem with macOS 11.3 and Monica 2.21.0.
$50 to whoever lets me use Monica with the Contacts app on macOS:
https://www.bountysource.com/issues/93373457-doesn-t-work-with-macos-contacts-app
Not a fortune, but maybe enough to actually get this looked at for a moment?
Props to you and good luck. I've had this same exact issue since Big Sur since the GM, and it's never worked on my M1 Mac. I've resorted to a NextCloud instance for literally just contacts...
Dropped by the say that, at-least in my case, the issue was fixed by adding in a proper redirect for .well-known/carddav.
This redirect already exists in nginx, but when I inspected the traffic it was redirecting from my SSL version https://mydomain.com/.well-known/carddav to a non-ssl /dav http://mydomain.com/.well-known/dav. I'm taking a guess that macOS isn't following more than 1 redirect here and just stops. Once I added another redirect at my service router (this is where SSL is terminated for me) then it started working. I assume there should be a good way to tell nginx that it's using SSL though and fix this directly through configuration.
@nathanpalmer That's a good find and I think is plausible. (Rather than "not following more than 1 redirect," I think it's more likely it's refusing to follow an insecure redirect that downgrades from HTTPS to HTTP.)
I tried a few things to get this to work, including: handling the 301 redirect from /.well-known/dav to /dav within nginx, rather than Monica; an internal rewrite to /dav (in case the authentication header isn't sent again after the redirect); and a proxy-redirect directive to change all redirects coming from Monica to be HTTPS. None of these fixed it.
When you added your CardDAV account in the Accounts preference pane, what do you use as the "Server Path" field?
Could you post anything else that's notable about your nginx config?
@nathanpalmer That's a good find and I think is plausible. (Rather than "not following more than 1 redirect," I think it's more likely it's refusing to follow an insecure redirect that downgrades from HTTPS to HTTP.)
Very possible that it was the downgrade. Either way it stopped doing anything. I activated Proxyman to review the requests so I could see what the Contact app was sending. For some reason it attempts unauthenticated first, then also uses port :8443 and port :8843 as well.
When you added your CardDAV account in the Accounts preference pane, what do you use as the "Server Path" field?
I used this path: /dav/addressbooks/[email protected]/contacts
Could you post anything else that's notable about your nginx config?
My nginx_app.conf hasn't changed from the default. Looks like it has this.
location / {
# try to serve file directly, fallback to rewrite
try_files $uri @rewriteapp;
}
location @rewriteapp {
# Redirect .well-known urls (https://en.wikipedia.org/wiki/List_of_/.well-known/_services_offered_by_webservers)
rewrite .well-known/carddav /dav/ permanent;
rewrite .well-known/caldav /dav/ permanent;
rewrite .well-known/security.txt$ /security.txt permanent;
# Old carddav url
rewrite carddav/(.*) /dav/$1 permanent;
# rewrite all to app.php
rewrite ^(.*)$ /index.php/$1 last;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
try_files @heroku-fcgi @heroku-fcgi;
internal;
While this worked for me at first, it kept running into password issues and was never consistent. I just moved my contacts off of Monica since integration with the Contacts app is critical for me.
@asbiin Is there a member of the team with expertise with the CardDAV integration who could take a look at this? There is a $50 bounty (which I'll contribute another $100 to, but the site is glitching now). The community could help provide access to macOS for testing.
I checked with the sabre/dav team and they assured me it does work with macOS so maybe it's just a Monica configuration issue that will be evident by looking at traffic traces?
@rgov I've recently accessed to a mac mini, so I'll be able to work on that, thank you work the reminder!
I'm having similar challenges as documented above. Running Monica 3.2.0 from docker. MacOS 11.5.2. Thank you!
I have two Macs, one Intel and one M1, both running macOS 11.6. I put the exact same info into both of them (even using iCloud Keychain to add the accounts to each other Mac) and it works on my M1 and not on my Intel. I have a redirection in Traefik from ^/.well-known/ca(l|rd)dav to /dav/ and am using the following settings in the Contacts app.
Server Address: monica.example.com Server Path: /principals/user/[email protected]/ Port: 443 SSL: Checked
These settings worked for me as well. I noticed in testing beforehand that the /.well-known/carddav path just redirected to /dav rather than the full URL. Maybe macOS contacts doesn't keep track of the hostname like a browser would and instead expects a full URL to be in a 301 response?
For me it was an issue with the .well-known redirect as well.
My setup is pretty much the simple fpm example and I have a reverse proxy in front that terminates SSL.
When requesting https://<fqdn>/.well-known/carddav, the location header pointed to http://<fqdn>/dav (note the http scheme).
To resolve this, I changed the redirect in nginx.conf#L78 from the example to https instead of $scheme. Now the well-known endpoint properly redirects to https://<fqdn>/dav.
With the resolved redirect, I added the CardDAV account in macOS System Preferences > Internet Accounts > Add Other Account... > CardDAV account. I set the Account Type to Manual, entered my account email in User Name, used a personal access token for the Password, and used just the FQDN (for example monica.mydomain.tld) for the Server Address.
I was also able to get things working (on both macOS & iOS) by using this redirect in my nginx config:
location ~ /\.well-known/(?:carddav|caldav) {
return 301 https://$host/dav;
}
But it'd be nice if it worked out of the box without any redirect fiddling - bug bounty still stands!
For anyone using Traefik, I figured it out and wanted to post back for anyone else banging their head against the wall with Traefik and a docker instance of monica. The problem was that I wasn't properly escaping the special characters as needed in the regex lines in my docker-compose file.
Docker-compose for my monica container with the relevant lines included:
labels:
- "traefik.enable=true"
- "traefik.http.routers.monica.entrypoints=https"
- "traefik.http.routers.monica.rule=Host(`monica.mydomain.com`)"
- "traefik.http.routers.monica.tls.certresolver=lets-encr"
- "traefik.http.middlewares.monica-mw.replacepathregex.regex=^/\\.well-known/(?:carddav|caldav)"
- "traefik.http.middlewares.monica-mw.replacepathregex.replacement=/dav/"
- "traefik.http.routers.monica.middlewares=monica-mw@docker"
Then from internet accounts in Mac OS, I selected ":
- Add an account,
- Add Other Account,
- CardDAV account
- Account type: manual
- user name: {email address of your user from monica}
- Password: {Personal access token from API page of your monica installation}
- server address: yourdomain.monica.com (no http or https in front of it, just the domain.tld)
Hopefully this saves someone else some time!
If relevant, these are the systems/versions involved:
MacOS Monterey 12.1 Traefik 2.3.5 Monica 3.6.1 self-hosted
@myrison This worked! Thank you so much for this.
Good teamwork on this one as it was your initial lines of code that set me on the right path. Glad it worked for you too.