"Write access to end-to-end encrypted folder requires token" out of nowhere (E2EE file deletion impossible with "403 Forbidden") #583
Description
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Steps to reproduce
- Use E2EE
- Delete single files
Expected behaviour
Files are deleted on the server
Actual behaviour
Client complains about "403 Forbidden ..." and server logs errors
Server configuration
Operating system: Raspberry Pi OS
Web server: nginx
Database: MariaDB
PHP version: 8.2
Nextcloud version: 27.1.7.2
Updated from an older Nextcloud/ownCloud or fresh install: Updated
Where did you install Nextcloud from: archive, bare metal
Signing status:
Signing status
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
List of activated apps:
App list
End-to-End-Encryption app: 1.13.1
Nextcloud configuration:
Config report
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder
or
Insert your config.php content here.
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
Are you using external storage, if yes which one: local
Are you using encryption: no (only what's needed for E2EE so server-side encryption is likely used)
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: irrelevant
Operating system: irrelevant, multiple clients
Logs
Web server error log
Web server error log
Insert your webserver log here
Nextcloud log (data/nextcloud.log)
Nextcloud log
[webdav] Fehler: OCA\DAV\Connector\Sabre\Exception\Forbidden: Write access to end-to-end encrypted folder requires token - no token sent at <<closure>>
0. /var/www/nextcloud/apps/end_to_end_encryption/lib/Connector/Sabre/LockPlugin.php line 143
OCA\EndToEndEncryption\Connector\Sabre\LockPlugin->verifyTokenOnWriteAccess()
1. /var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php line 89
OCA\EndToEndEncryption\Connector\Sabre\LockPlugin->checkLock()
2. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 456
Sabre\DAV\Server->emit()
3. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 253
Sabre\DAV\Server->invokeMethod()
4. /var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php line 321
Sabre\DAV\Server->start()
5. /var/www/nextcloud/apps/dav/lib/Server.php line 368
Sabre\DAV\Server->exec()
6. /var/www/nextcloud/apps/dav/appinfo/v2/remote.php line 35
OCA\DAV\Server->exec()
7. /var/www/nextcloud/remote.php line 172
require_once("/var/www/nextcl ... p")
DELETE /remote.php/dav/files/username/encrypted_folder/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
from xxx.xxx.xxx.xxx by username at 2024-03-05T00:35:32+01:00
Browser log
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...
Seen this before here:
- https://help.nextcloud.com/t/end-to-end-encryption-delete-problem/181912/3
- stuck with an encrypted folder #197
Happens for Windows desktop as well as Android desktop. iOS can not be tested as E2EE is just completely broken there currently (nextcloud/ios#2809, which is a follow-up of nextcloud/desktop#5918 (comment), which is a follow-up of nextcloud/desktop#5564 ...).
I will try to reset E2EE using /settings/user/security (once again) now... but this needs to stop. E2EE is so annoying unreliable and breaks on a regular occasion, rendering it the most unreliable part of Nextcloud by far.