[Bug]: DAV Request to to missing file returns 401 instead of 404 #33228
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- Nextcloud Server is running on 64bit capable CPU, PHP and OS.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
I used to sync files from Zotero via WebDAV but when I moved to v23 three months ago, the synchronisation failed. The odd thing is that the WebDAV connection first authenticates fine but when it requests a missing file nonextistent.prop, the server returns 401: "current user not logged in". (The 207 with a packed-up 404 is also odd.)
If I understand the server logs correctly, the request to the non-existing file triggers a routing to "/apps/dashboard/", which throws the authentication error.
(3)(+0000002): Starting file sync for My Library
(3)(+0000000): WebDAV file sync is not active -- verifying
(3)(+0000000): Getting WebDAV password
(3)(+0000004): HTTP OPTIONS https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/
(3)(+0000001): {}
(3)(+0000000): CookieBlocker: Ignoring cookies for https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/
(3)(+0000484): HTTP OPTIONS https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/ succeeded with 200
(3)(+0000000):
(3)(+0000001): X-Firefox-Spdy: h2 accept-ranges: bytes allow: OPTIONS, GET, HEAD, DELETE, PROPFIND, PUT, PROPPATCH, COPY, MOVE, REPORT cache-control: no-store, no-cache, must-revalidate content-length: 0 content-security-policy: default-src 'none'; content-type: text/html; charset=UTF-8 date: Wed, 13 Jul 2022 14:29:06 GMT dav: 1, 3, extended-mkcol, access-control, calendarserver-principal-property-search, nc-calendar-search, nc-enable-birthday-calendar expires: Thu, 19 Nov 1981 08:52:00 GMT ms-author-via: DAV pragma: no-cache referrer-policy: strict-origin-when-cross-origin server: nginx strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-download-options: noopen x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: none x-xss-protection: 1; mode=block
(3)(+0000001): HTTP PROPFIND "<propfind xmlns='DAV:'><prop><getcontentlength/></prop></propfind>" to https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/
(3)(+0000001): { "Depth": 0 "Content-Type": "text/xml; charset=utf-8" }
(3)(+0000001): CookieBlocker: Ignoring cookies for https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/
(3)(+0000115): HTTP PROPFIND https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/ succeeded with 207
(3)(+0000001): <?xml version="1.0"?> <d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns"><d:response><d:href>/remote.php/dav/files/eppfel/zotero/</d:href><d:propstat><d:prop><d:getcontentlength/></d:prop><d:status>HTTP/1.1 404 Not Found</d:status></d:propstat></d:response></d:multistatus>
(3)(+0000001): HTTP GET https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/nonexistent.prop
(3)(+0000000): {}
(3)(+0000001): CookieBlocker: Ignoring cookies for https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/nonexistent.prop
(1)(+0000346): HTTP GET https://eppfel:********@epp.cloud/remote.php/dav/files/eppfel/zotero/nonexistent.prop failed with status code 401: {"message":"Current user is not logged in"}
(1)(+0000009): The WebDAV server did not accept the username and password you entered. Please check your file sync settings or contact your WebDAV server administrator.
(2)(+0000000): WebDAV verification failed
Steps to reproduce
Not quite sure, as I have not tested this with another WebDAV client.
- Send a request to a non-existing file via WebDAV
Expected behavior
Looking for the nonexistent.prop should return a 404 and then Zotero would proceed with synchronisation.
The only similar issues which I found, point towards server-side problems:
https://forums.zotero.org/discussion/comment/368887#Comment_368887
https://forums.zotero.org/discussion/93116/webdav-problems-webdav-server-by-powerfolder
Installation method
Manual installation
Operating system
No response
PHP engine version
PHP 7.4
Web server
Other
Database engine version
MySQL
Is this bug present after an update or on a fresh install?
Updated to a major version (ex. 22.2.3 to 23.0.1)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"epp.cloud",
"eppcloud.uber.space"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "23.0.6.1",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true,
"loglevel": 0,
"filelocking.enabled": "true",
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0
},
"forcessl": true,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"updater.release.channel": "stable",
"debug": false,
"appstore.experimental.enabled": true,
"theme": "",
"log_rotate_size": 104857600,
"overwrite.cli.url": "https:\/\/epp.cloud\/",
"htaccess.RewriteBase": "\/",
"htaccess.IgnoreFrontController": true,
"mail_smtpsecure": "ssl",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"twofactor_enforced": "false",
"twofactor_enforced_groups": [
"admin"
],
"twofactor_enforced_excluded_groups": [
"Familie",
"test"
],
"preview_max_x": "2048",
"preview_max_y": "2048",
"jpeg_quality": "60",
"mysql.utf8mb4": true,
"encryption.key_storage_migrated": false,
"default_phone_region": "DE",
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
}List of activated Apps
Enabled:
- accessibility: 1.9.0
- activity: 2.15.0
- admin_audit: 1.13.0
- bruteforcesettings: 2.4.0
- calendar: 3.4.2
- circles: 23.1.2
- cloud_federation_api: 1.6.0
- comments: 1.13.0
- contacts: 4.1.1
- contactsinteraction: 1.4.0
- dashboard: 7.3.0
- dav: 1.21.0
- federatedfilesharing: 1.13.0
- federation: 1.13.0
- files: 1.18.0
- files_external: 1.15.0
- files_pdfviewer: 2.4.0
- files_rightclick: 1.2.0
- files_sharing: 1.15.0
- files_trashbin: 1.13.0
- files_versions: 1.16.0
- files_videoplayer: 1.12.0
- firstrunwizard: 2.12.0
- logreader: 2.8.0
- lookup_server_connector: 1.11.0
- nextcloud_announcements: 1.12.0
- notifications: 2.11.1
- oauth2: 1.11.0
- password_policy: 1.13.0
- photos: 1.5.0
- privacy: 1.7.0
- provisioning_api: 1.13.0
- recommendations: 1.2.0
- serverinfo: 1.13.0
- settings: 1.5.0
- sharebymail: 1.13.0
- spreed: 13.0.7
- support: 1.6.0
- survey_client: 1.11.0
- tasks: 0.14.4
- text: 3.4.1
- theming: 1.14.0
- twofactor_backupcodes: 1.12.0
- twofactor_totp: 6.4.0
- twofactor_webauthn: 0.3.1
- updatenotification: 1.13.0
- user_status: 1.3.1
- viewer: 1.7.0
- weather_status: 1.3.0
- workflowengine: 2.5.0
Disabled:
- encryption: 2.8.1
- files_markdown: 2.3.6
- mail: 1.13.6
- news: 18.1.0
- notes: 4.4.0
- polls: 3.7.0
- systemtags: 1.0.2
- twofactor_u2f: 6.3.1
- user_ldapNextcloud Signing status
No errors have been found.Nextcloud Logs
{
"reqId": "Ys7dIG92-bXco7vISv7CwAAAABA",
"level": 0,
"time": "2022-07-13T14:56:32+00:00",
"remoteAddr": "2001:708:150:10::a04f",
"user": "--",
"app": "no app in context",
"method": "GET",
"url": "/apps/dashboard/",
"message": "Current user is not logged in",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Firefox/60.0",
"version": "23.0.6.1",
"exception":
{
"Exception": "OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException",
"Message": "Current user is not logged in",
"Code": 401,
"Trace":
[
{
"file": "/var/www/virtual/eppcloud/html/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php",
"line": 97,
"function": "beforeController",
"class": "OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware",
"type": "->",
"args":
[
{
"__class__": "OCA\\Dashboard\\Controller\\DashboardController"
},
"index"
]
},
{
"file": "/var/www/virtual/eppcloud/html/lib/private/AppFramework/Http/Dispatcher.php",
"line": 118,
"function": "beforeController",
"class": "OC\\AppFramework\\Middleware\\MiddlewareDispatcher",
"type": "->",
"args":
[
{
"__class__": "OCA\\Dashboard\\Controller\\DashboardController"
},
"index"
]
},
{
"file": "/var/www/virtual/eppcloud/html/lib/private/AppFramework/App.php",
"line": 157,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->",
"args":
[
{
"__class__": "OCA\\Dashboard\\Controller\\DashboardController"
},
"index"
]
},
{
"file": "/var/www/virtual/eppcloud/html/lib/private/Route/Router.php",
"line": 302,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::",
"args":
[
"OCA\\Dashboard\\Controller\\DashboardController",
"index",
{
"__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer"
},
[
"dashboard.dashboard.index"
]
]
},
{
"file": "/var/www/virtual/eppcloud/html/lib/base.php",
"line": 1008,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->",
"args":
[
"/apps/dashboard/"
]
},
{
"file": "/var/www/virtual/eppcloud/html/index.php",
"line": 36,
"function": "handleRequest",
"class": "OC",
"type": "::",
"args":
[]
}
],
"File": "/var/www/virtual/eppcloud/html/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php",
"Line": 153,
"CustomMessage": "Current user is not logged in"
},
"id": "62cedd21a2e92"
}
{
"reqId": "Ys7dICjfu0tPDPEo7t0YJAAAAQY",
"level": 0,
"time": "2022-07-13T14:56:32+00:00",
"remoteAddr": "2001:708:150:10::a04f",
"user": "eppfel",
"app": "webdav",
"method": "GET",
"url": "/remote.php/dav/files/eppfel/zotero/nonexistent.prop",
"message": "File with name /zotero/nonexistent.prop could not be located",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Firefox/60.0",
"version": "23.0.6.1",
"exception":
{
"Exception": "Sabre\\DAV\\Exception\\NotFound",
"Message": "File with name /zotero/nonexistent.prop could not be located",
"Code": 0,
"Trace":
[
{
"file": "/var/www/virtual/eppcloud/html/3rdparty/sabre/dav/lib/DAV/Tree.php",
"line": 78,
"function": "getChild",
"class": "OCA\\DAV\\Connector\\Sabre\\Directory",
"type": "->",
"args":
[
"nonexistent.prop"
]
},
{
"file": "/var/www/virtual/eppcloud/html/3rdparty/sabre/dav/lib/DAV/CorePlugin.php",
"line": 76,
"function": "getNodeForPath",
"class": "Sabre\\DAV\\Tree",
"type": "->",
"args":
[
"files/eppfel/zotero/nonexistent.prop"
]
},
{
"file": "/var/www/virtual/eppcloud/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
"line": 89,
"function": "httpGet",
"class": "Sabre\\DAV\\CorePlugin",
"type": "->",
"args":
[
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/virtual/eppcloud/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 472,
"function": "emit",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args":
[
"method:GET",
[
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
]
},
{
"file": "/var/www/virtual/eppcloud/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 253,
"function": "invokeMethod",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args":
[
{
"__class__": "Sabre\\HTTP\\Request"
},
{
"__class__": "Sabre\\HTTP\\Response"
}
]
},
{
"file": "/var/www/virtual/eppcloud/html/3rdparty/sabre/dav/lib/DAV/Server.php",
"line": 321,
"function": "start",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args":
[]
},
{
"file": "/var/www/virtual/eppcloud/html/apps/dav/lib/Server.php",
"line": 339,
"function": "exec",
"class": "Sabre\\DAV\\Server",
"type": "->",
"args":
[]
},
{
"file": "/var/www/virtual/eppcloud/html/apps/dav/appinfo/v2/remote.php",
"line": 35,
"function": "exec",
"class": "OCA\\DAV\\Server",
"type": "->",
"args":
[]
},
{
"file": "/var/www/virtual/eppcloud/html/remote.php",
"line": 166,
"args":
[
"/var/www/virtual/eppcloud/html/apps/dav/appinfo/v2/remote.php"
],
"function": "require_once"
}
],
"File": "/var/www/virtual/eppcloud/html/apps/dav/lib/Connector/Sabre/Directory.php",
"Line": 233,
"CustomMessage": "--"
},
"id": "62cedd21a2f74"
}Additional info
The webserver is nginx with proxy pass to apache https://manual.uberspace.de/background-http-stack/