Bug 130618 - WebDAV recent file items don't handle authorization correctly
Summary: WebDAV recent file items don't handle authorization correctly
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: framework (show other bugs)
Version:
(earliest affected)
7.0.0.0.alpha0+
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: WebDAV
  Show dependency treegraph
 
Reported: 2020-02-12 12:55 UTC by Jan-Marek Glogowski
Modified: 2021-11-30 17:54 UTC (History)
6 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan-Marek Glogowski 2020-02-12 12:55:41 UTC 
When fixing the IRI encoding problem of SharePoint 2016 WebDAV responses in https://gerrit.libreoffice.org/c/core/+/88120, Mike Kaganski found (and I verified), that the stored recent file items won't work correctly. Mike remembered he eventually got some IO error from opening the file. For me it is an error form the networking code: "Error reading data from the Internet. Server error message: ." 

Originally we suspected this to be some problem with the URI handling of SharePoint, but I verified - using network package dumps - that SharePoint works fine with URIs, even if it originally sent an IRI in the PROPFIND HTTP 207 response.

When opening the recent file item, LO won't request the user credentials and simply get a "HTTP/1.1 401 Unauthorized" reply for the OPTIONS request. That also happens most times, when I had already opened that file before in the LO session. Using a auth-free Apache WebDAV folder works fine.

Sometimes I even got this error message from the "Remote files" picker, after I entered my credentials but simply waited to long to select and item. My guess is, the session times out and no new one is created, or the new one doesn't have the credentials.

From my current POV, this boils down to general session management and HTTP error code handling. In the end the 401 HTTP reply should be handled correctly by asking for user authentication or using already known credentials for a matching remote service.

FWIW the recent file list entries contain an empty password value tag, but that is also set for passwordless WebDAV access. It probably should not even exist, or it has some other meaning w.r.t. recent file list items.
Comment 1 John Waters 2021-01-21 20:08:38 UTC 
I can reproduce this using WebDAV with a Mailbox.org account (which is basically an OpenXchange instance). In addition, on mac, when opening the "Remote Files" diagram, it will pick the first configured Service and I will have to re-enter the password up to four/five times for each action (each changed folder, opened file, etc).
Comment 2 Jan-Marek Glogowski 2021-01-28 09:00:38 UTC 
(In reply to Armin Beširović from comment #1)
> In addition, on mac, when opening the
> "Remote Files" diagram, it will pick the first configured Service and I will
> have to re-enter the password up to four/five times for each action (each
> changed folder, opened file, etc).

Please open an extra report for this. I didn't see this problem when I wrote my original report on Linux / Windows, so I guess it's a different problem. But feel free to refer here from the "See also" field.
Comment 3 Gabor Kelemen (allotropia) 2021-11-30 17:54:02 UTC 
I can no longer reproduce this in bibisect-linux-7.3 since 

https://cgit.freedesktop.org/libreoffice/core/commit/?id=bdef11f5337ecc87556a92693f6b7b5e200eb29e

configure: default to --with-webdav=curl

Now the master password dialog pops up and LO loads the remote file from the recent documents list.
In the commit before there was just the error message from comment #0