collectives
collectives copied to clipboard
Published
20 hours ago •
nextcloud
nextcloud
Can't share public link with "edit" permissions
Describe the bug In NC 27.1.10 - Collectives app 2.11.0, we experienced an issue when we wanted to share a public link with "edit" permissions. We cant select "edit" option, see the short-mp4 screen capture attached. We did an ugprade of 27.1.9 along with apps updates. We did not experience that behaviour in previous version.
Many thanks for your time and effort
To Reproduce Got to Colectives app create a sample page Create Share link Select "edit" permissions, you can't
Expected behavior A clear and concise description of what you expected to happen.
Screenshots short-mp4 attached
https://github.com/nextcloud/collectives/assets/8579969/74ca8e5c-5839-441a-9586-48f87b55ac65
Server details:
- Collectives app version: 2.11.0
- Nextcloud version: 27.1.10
- PHP Version: 8.2.19
- Database: 10.5.23
Client details:
- OS: Debian
- Browser: Firefox
- Browser version: 115.10
- Device: desktop
Logs
Browser log
Failed to update share link
Object { stack: "r@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3397799\nr@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3404626\nC@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3391496\nEventHandlerNonNull*6672/_</<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3391651\n6672/_<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3390548\nc@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3402982\n_request@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3396976\nrequest@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3395510\n5411/</t/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3397456\n6524/a/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:3409000\nxu.actions/a<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4688573\nUPDATE_SHARE@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4688630\nx/</<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4391276\nC.prototype.dispatch@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4393040\nC/this.dispatch@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4388497\nP</</n[a]@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4395667\nonUpdate@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4499995\nselectOption@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4497799\nclick@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4502897\ncn@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1672919\nn@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1665712\n144/Pr/i._wrapper@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1705834\nEventListener.handleEvent*Pr@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1705860\nTt@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1665999\nIr@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1706241\n_@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1715114\nh@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1714420\nf@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1714871\nh@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1714405\n144/C/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1717142\nC@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1717326\n144/C/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1716851\nC@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1717326\n144/C/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1716851\nC@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1717326\n144/C/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1716851\nC@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1717326\n144/C/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1716851\nC@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1717326\n144/Di@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1718462\n144/e.prototype._update@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1694924\na@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1725922\n144/e.prototype.get@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1676455\n144/e.prototype.run@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1677188\nna@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1679165\n144/yn/<@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1674001\n_n@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1673400\npromise callback*pn@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1673490\nyn@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1674064\naa@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1679661\n144/e.prototype.update@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1677124\n144/e.prototype.notify@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1658492\nset@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1660336\n144/Da/ka.set@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1688193\ntoggleDropdown@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:4497869\ncn@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1672919\nn@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1665712\n144/Pr/i._wrapper@https://mydomain.com/custom_apps/collectives/js/collectives-main.js?v=8cddc339-15:2:1705834\n", message: "Request failed with status code 500", name: "AxiosError", code: "ERR_BAD_RESPONSE", config: {…}, request: XMLHttpRequest, response: {…} }
SharingEntryLink.vue:543
onUpdate SharingEntryLink.vue:543
selectOption SharingEntryLink.vue:410
click SharingEntryLink.vue:1
VueJS 35
toggleDropdown SharingEntryLink.vue:416
VueJS 3
Confirmed same issue here:
Nextcloud Hub 8 (29.0.1) Collectives 2.10.1
Not sure if it's related, but I got this error in the log:
Debug no app in context
Exception dirty table reads: SELECT `co`.`id` as `folder_id`, `fileid`, `storage`, `path`, `fc`.`name` as `name`, `mimetype`, `mimepart`, `size`, `mtime`, `storage_mtime`, `etag`, `encrypted`, `parent`, `fc`.`permissions` as `permissions` FROM `*PREFIX*collectives` `co` LEFT JOIN `*PREFIX*filecache` `fc` ON (`fc`.`name` = (CAST(`co`.`id` AS TEXT) || CAST('' AS TEXT))) AND (`parent` = :dcValue1) WHERE `co`.`id` = :dcValue2
https://github.com/nextcloud/collectives/assets/150431/19f41268-7282-454d-b8cb-2e352078e067
@xmarti6 and @pjrobertson could you try to upgrade to Nextcloud 28 and see if that fixes the issue for you?
Thanks @mejo- for the follow up. I am running Nextcloud 29 with collectives 2.10.1, here is more debug info from the command sudo -u www-data php occ config:list system
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED SENSITIVE VALUE***",
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"debug": false,
"dbtype": "pgsql",
"version": "29.0.1.1",
"overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
"defaultapp": "files",
"simpleSignUpLink.shown": false,
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"upgrade.disable-web": "true",
"log_type": "file",
"logfile": "\/var\/log\/nextcloud\/nextcloud.log",
"loglevel": "2",
"log.condition": {
"apps": [
"admin_audit"
]
},
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"log_rotate_size": "0",
"trashbin_retention_obligation": "auto, 60",
"versions_retention_obligation": "auto, 180",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0.2,
"dbindex": 0,
"password": "***REMOVED SENSITIVE VALUE***"
},
"memcache.local": "\\OC\\Memcache\\Redis",
"filelocking.enabled": "true",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"logtimezone": "Asia\/Shanghai",
"htaccess.RewriteBase": "\/",
"enabledPreviewProviders": {
"1": "OC\\Preview\\MarkDown",
"2": "OC\\Preview\\MP3",
"3": "OC\\Preview\\TXT",
"4": "OC\\Preview\\OpenDocument",
"5": "OC\\Preview\\Movie",
"6": "OC\\Preview\\Krita",
"7": "OC\\Preview\\Photoshop",
"8": "OC\\Preview\\SVG",
"9": "OC\\Preview\\TIFF",
"10": "OC\\Preview\\Imaginary"
},
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_concurrency_new": "2",
"preview_concurrency_all": "8",
"preview_max_memory": "256",
"jpeg_quality": "80",
"maintenance": false,
"maintenance_window_start": 1,
"skeletondirectory": "",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"default_phone_region": "us",
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"onlyoffice": "",
"profiler": false,
"allow_local_remote_servers": "true"
}
}
@pjrobertson please upgrade to latest collectives version (2.12.0) and see if the problem still exists for you.
Issue persists for me also. Im on Nextcloud 29.0.3 and Collectives 2.13.0.
@rumexcrisp could you provide a detailed description of what you do to reproduce the issue?
Please open your browsers developer tools and check:
- if there's an error printed to the console
- if the network tab shows a request that failed (red/purple) color
Please provide a screenshot of any error you see.
OK, I think that helped.
I checked and there is a 500 error in Firefox Developer tools. I copied the 'CURL' equivalent code:
curl 'https://XXXXX/apps/collectives/_api/47/_pages/3305405/share/CbZx6MwMPLW8WzT' -X PUT -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Encoding: gzip, deflate, br, zstd' -H 'Content-Type: application/json' -H 'X-Requested-With: XMLHttpRequest, XMLHttpRequest' -H 'requesttoken: XXXXX' -H 'Origin: https://XXXXX.com' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-origin' -H 'Connection: keep-alive' -H 'Cookie: SNIP' -H 'Priority: u=0' -H 'TE: trailers' --data-raw '{"editable":true,"password":""}'
and the response:
"Internal Server Error"
Checking the server logs, I see this. This seems to indicate some kind of problem with the password strength?
{"reqId":"xxxxx","level":3,"time":"2024-08-05T17:30:09+08:00","remoteAddr":"x.x.x.x","user":"xxxxx","app":"collectives","method":"PUT","url":"/apps/collectives/_api/47/_pages/xxxxx/share/xxxxx","message":"Collectives App Error: Password needs to be at least 8 characters long. Password needs to contain at least one numeric character.","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0","version":"29.0.4.1","exception":{"Exception":"Exception","Message":"Password needs to be at least 8 characters long. Password needs to contain at least one numeric character.","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/Share20/Manager.php","line":1079,"function":"verifyPassword","class":"OC\\Share20\\Manager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Share20/Manager.php","line":949,"function":"updateSharePasswordIfNeeded","class":"OC\\Share20\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/collectives/lib/Service/CollectiveShareService.php","line":244,"function":"updateShare","class":"OC\\Share20\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/collectives/lib/Controller/ShareController.php","line":103,"function":"updateShare","class":"OCA\\Collectives\\Service\\CollectiveShareService","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/collectives/lib/Controller/ErrorHelper.php","line":23,"function":"OCA\\Collectives\\Controller\\{closure}","class":"OCA\\Collectives\\Controller\\ShareController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/collectives/lib/Controller/ShareController.php","line":36,"function":"handleErrorResponse","class":"OCA\\Collectives\\Controller\\ShareController","type":"->"},{"file":"/var/www/nextcloud/apps/collectives/lib/Controller/ShareController.php","line":107,"function":"prepareResponse","class":"OCA\\Collectives\\Controller\\ShareController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":232,"function":"updatePageShare","class":"OCA\\Collectives\\Controller\\ShareController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":138,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":184,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":338,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1050,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/index.php","line":49,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/lib/private/Share20/Manager.php","Line":147,"message":"Collectives App Error: Password needs to be at least 8 characters long. Password needs to contain at least one numeric character.","exception":{},"CustomMessage":"Collectives App Error: Password needs to be at least 8 characters long. Password needs to contain at least one numeric character."}}
Here's my security settings in Administration Settings > Security:
@pjrobertson did you upgrade Collectives to latest 2.13.0 release already? This release ships a related fix that makes sure the password policy API is used to automatically generate passwords if enabled.
Yes, it is 2.13.0:
user@server:/$ grep "version" /var/www/nextcloud/apps/collectives/appinfo/info.xml
<?xml version="1.0"?>
<version>2.13.0</version>
<nextcloud min-version="27" max-version="30" />
<versions>
</versions>
Edit: if I disable 'Enforce numeric characters' and change the 'Minimum password length' to 0 in 'password policy' then it works.