end_to_end_encryption
end_to_end_encryption copied to clipboard
nextcloud
stuck with an encrypted folder
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Steps to reproduce
- Create encrypted folder using Win client (latest)
- Add some files to the folder, sync it
- Attempt to disable the encryption by deleting the contents of the folder and disabling encryption
Expected behaviour
no problems when deleting the files inside an encrypted folder
Actual behaviour
Lots of problems- unable to delete contents from any client - windows or Android. Windows will announce "403 forbidden", Android says "server unavailable". Now I am stuck with an encrypted folder with no way of deleting it.
Server configuration
E2E app 1.5.2 NC 19.0.1, all clients latest version. I cant provide server logs
@pilsnerbeer Can you please provide the logs requested in the issue template?
I can't provide any server logs, sorry. I somehow resolved the issue in the following days after posting this but I now plan to stay far away from E2EE..
I can't provide any server logs, sorry.
Well, I'm afraid if you don't provide the necessary information for us to reproduce this issue, then we are also not able to fix it.
I provided the steps which was all that I've done to arrive at this problem. unfortunately, I have no access to the server or its logs. If you are unable to reproduce it using the steps, then perhaps it was only server-related (?).
Would be interesting to see when 403 (forbidden) happens. @pilsnerbeer Can you provide us additional infos via logcat? https://github.com/nextcloud/android/blob/master/README.md#getting-debug-info-via-logcat
this seems to be linked with https://github.com/nextcloud/desktop/issues/2342
From the nextcloud.log of my local docker nextcloud test:
{
"reqId": "0dKNacJPDwAPjg42o4XN",
"level": 4,
"time": "2020-09-25T11:44:42+00:00",
"remoteAddr": "172.17.0.1",
"user": "admin",
"app": "webdav",
"method": "DELETE",
"url": "/remote.php/dav/files/admin/test2",
"message": {
"Exception": "OCA\\DAV\\Connector\\Sabre\\Exception\\Forbidden",
"Message": "Write access to end-to-end encrypted folder requires token -no token sent",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/custom_apps/end_to_end_encryption/lib/Connector/Sabre/LockPlugin.php",
"line": 153,
"function": "verifyTokenOnWriteAccess",
"class": "OCA\\EndToEndEncryption\\Connector\\Sabre\\LockPlugin",
"type": "->",
"args": [
{
"__class__": "OCA\\DAV\\Connector\\Sabre\\Directory"
},
null
]
},
{
"file": "/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "checkLock",
"class": "OCA\\EndToEndEncryption\\Connector\\Sabre\\LockPlugin",
"type": "->",
"args": [
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 458,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
"beforeMethod:DELETE",
[
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 251,
"function": "invokeMethod",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 319,
"function": "start",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/lib/Server.php",
"line": 320,
"function": "exec",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/appinfo/v2/remote.php",
"line": 35,
"function": "exec",
"class": "OCA\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/remote.php",
"line": 167,
"args": [
"/var/www/html/apps/dav/appinfo/v2/remote.php"
],
"function": "require_once"
}
],
"File": "/var/www/html/custom_apps/end_to_end_encryption/lib/Connector/Sabre/LockPlugin.php",
"Line": 169,
"CustomMessage": "--"
},
"userAgent": "Mozilla/5.0 (Linux) mirall/3.0.2git (build 3560) (Nextcloud)",
"version": "19.0.1.1"
}
I have had similar issues using Nextcloud 20 with e2e encryption. On the server I can see this error.
Fatal | webdav | OCA\DAV\Connector\Sabre\Exception\Forbidden: Write access to end-to-end encrypted folder requires token - no token sent
By disabling the e2e plugin I was able to delete the entire e2e encrypted folder when logging in on the nextcloud portal as described as a solution in a comment in the article linked below and then for now on I will have to wait using e2e until the issue has been fixed:
https://www.bitblokes.de/e2ee-bei-nextcloud-weiterhin-unbrauchbar-linux-windows-android/
This happened to me when the desktop client got stuck on syncing and didn't finish it.
The reason OP managed to resolve the issue a few days later is probably because E2EE locks folders for 24 hours.
I couldn't delete the folder from any device but sure enough after 24 hours I had no issues deleting it.
To day I tried to activate the E2EE module and faced the exact same issue. Scenario:
- Create a new empty directory on my linux PC
- INdicate in Nextcloud Desktop client that it shall be encrypted
- Add a new directory inside it with a couple of files
At this point I got stuck in the Sync process (never ends, only one file created encrypted in Nextcloud)
- I tried to delete the encrypted directory on my Linux PC There I get the 403 error with the following log:
{
"reqId": "M1Z8TBnYIC63wrQjPUER",
"level": 4,
"time": "2021-01-11T20:21:29+00:00",
"remoteAddr": "<ip address removed>",
"user": "<user login removed>",
"app": "webdav",
"method": "DELETE",
"url": "/remote.php/dav/files/<user login removed>/Test_enc/1f952f9800f6410d912af1483267d4f2",
"message": {
"Exception": "OCA\\DAV\\Connector\\Sabre\\Exception\\Forbidden",
"Message": "Write access to end-to-end encrypted folder requires token - no token sent",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/custom_apps/end_to_end_encryption/lib/Connector/Sabre/LockPlugin.php",
"line": 153,
"function": "verifyTokenOnWriteAccess",
"class": "OCA\\EndToEndEncryption\\Connector\\Sabre\\LockPlugin",
"type": "->",
"args": [
{
"__class__": "OCA\\DAV\\Connector\\Sabre\\Directory"
},
null
]
},
{
"file": "/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "checkLock",
"class": "OCA\\EndToEndEncryption\\Connector\\Sabre\\LockPlugin",
"type": "->",
"args": [
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 458,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
"beforeMethod:DELETE",
[
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 251,
"function": "invokeMethod",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": [
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 319,
"function": "start",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/lib/Server.php",
"line": 320,
"function": "exec",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/apps/dav/appinfo/v2/remote.php",
"line": 35,
"function": "exec",
"class": "OCA\\DAV\\Server",
"type": "->",
"args": []
},
{
"file": "/var/www/html/remote.php",
"line": 167,
"args": [
"/var/www/html/apps/dav/appinfo/v2/remote.php"
],
"function": "require_once"
}
],
"File": "/var/www/html/custom_apps/end_to_end_encryption/lib/Connector/Sabre/LockPlugin.php",
"Line": 169,
"CustomMessage": "--"
},
"userAgent": "Mozilla/5.0 (Linux) mirall/3.1.1git (build 4317) (Nextcloud)",
"version": "19.0.6.2"
}
I restored the directory and again the sync is stucked. I will see how to remove E2EE so far, and remove this test directory. Too bad as I ma waiting for this functionality which is a must have on such a software.
This was a client side not server-side app matter. And fixed as far as I can see. e.g. nextcloud/desktop#2799
