Problems with Z-Push auhthorisation after YunoHost Upgrade

My YunoHost server

Hardware: Raspberry Pi at home
YunoHost version: 3.7.0.12
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Microsoft-Server-ActiveSync isn’t working any more

Hi,

after doing an update to the latest version of YunoHost, all my clients stopped syncing. On every device there was a message that I should check my username/password. If I try with a new client I don’t get an error message like “wrong username or wrong password”. I used an Android device for testing and I can step through every configuration step without error. Finally I go to the e-mail inbox screen and it doesn’t stop loading e-mails, but it never gets any.
In Z-Push I get messages like:

192.168.2.132 - - [06/Apr/2020:22:29:21 +0200] “OPTIONS /nextcloud/remote.php/dav/calendars/myname/ HTTP/1.1” 401 569 “-” “ModifiedDAViCalClient”
192.168.2.132 - myname [06/Apr/2020:22:29:31 +0200] “OPTIONS /nextcloud/remote.php/dav/calendars/myname/ HTTP/1.1” 200 0 “-” “ModifiedDAViCalClient”
192.168.2.132 - - [06/Apr/2020:22:29:32 +0200] “OPTIONS /nextcloud/remote.php/dav/addressbooks/users/myname/contacts/ HTTP/1.1” 401 569 “-” “Z-Push CardDAV/0.6.c”
192.168.2.132 - myname [06/Apr/2020:22:29:37 +0200] “OPTIONS /nextcloud/remote.php/dav/addressbooks/users/myname/contacts/ HTTP/1.1” 200 0 “-” “Z-Push CardDAV/0.6.c”
192.168.2.132 - myname [06/Apr/2020:22:29:43 +0200] “PROPFIND /nextcloud/remote.php/dav/addressbooks/users/myname/contacts/ HTTP/1.1” 207 283145 “-” “Z-Push CardDAV/0.6.c”
192.168.2.132 - myname [06/Apr/2020:22:29:48 +0200] “PROPFIND /nextcloud/remote.php/dav/calendars/myname/ HTTP/1.1” 207 5933 “-” “ModifiedDAViCalClient”
192.168.2.149 - myname [06/Apr/2020:22:29:51 +0200] “POST /Microsoft-Server-ActiveSync?Cmd=FolderSync&User=myname&DeviceId=androidc1743255275&DeviceType=samsungSMG901F HTTP/1.1” 499 0 “-” “samsungSMG901F/9-EAS-2.0”
192.168.2.132 - myname [06/Apr/2020:22:29:53 +0200] “PROPFIND /nextcloud/remote.php/dav/principals/users/myname/ HTTP/1.1” 207 586 “-” “ModifiedDAViCalClient”
192.168.2.132 - myname [06/Apr/2020:22:29:58 +0200] “PROPFIND /nextcloud/remote.php/dav/calendars/myname/ HTTP/1.1” 207 3583 “-” “ModifiedDAViCalClient”
192.168.2.132 - myname [06/Apr/2020:22:30:04 +0200] “PROPFIND /nextcloud/remote.php/dav/calendars/myname/cgp/ HTTP/1.1” 207 1589 “-” “ModifiedDAViCalClient”
192.168.2.132 - myname [06/Apr/2020:22:30:09 +0200] “PROPFIND /nextcloud/remote.php/dav/calendars/myname/cgp/ HTTP/1.1” 207 1589 “-” “ModifiedDAViCalClient”
192.168.2.132 - myname [06/Apr/2020:22:30:14 +0200] “PROPFIND /nextcloud/remote.php/dav/calendars/myname/familienfeste/ HTTP/1.1” 207 1608 “-” “ModifiedDAViCalClient”
192.168.2.132 - myname [06/Apr/2020:22:30:19 +0200] “PROPFIND /nextcloud/remote.php/dav/calendars/myname/familienfeste/ HTTP/1.1” 207 1608 “-” “ModifiedDAViCalClient”

I’m not sure what is happening here but I believe that something has changed with athorisation.
Does anybody know how to fix this?

Best regards, Stefan

In the permission interface can you check that the app is allowed to “Visitors” (in this context, your devices are visitors, as they probably do not go through Yunohost’s portal first)

Hello Aleks,

thank you very much for your help. I already set Z-Push permissions to allowed for visitors. Unfortunately this didn’t change anything.
I remember having some problems, getting Z-Push to work some months ago.
When I use one of the devices that isn’t working any more and open the browser and enter https://yunohost.local/Microsoft-Server-ActiveSync it opens and offers a PopUp to enter username and password. If I enter the username and password that I use for the Exchange Mail account then I can access the site “Z-Push - Open Source ActiveSync / Version GIT / GET not supportet”

Seems to me that my user is allowed to enter? I’m not sure what has changed …

Best regards,

Stefan

Ok, I learned a little bit more about the new settings, because I tried to run ulogger the first time after the upgrade and it failed to work, too.
I found out that calling https://yunohost.local/ulogger led to YunoHost portal for login. So is it right, that the settings that are written in /etc/ssowat/conf.json.persistent aren’t valid any more? I have some entries for unprotected_urls in there (e.g. ulogger).

Instead I had to allow “Visitors” for the app ulogger like Aleks suggested above. That is leading to new unprotected_url entries in /etc/ssowat/conf.json.

Now to Z-Push: My old conf.json.persistent has no entries for Z-Push and is not changed since December 2019. So I would guess it might not be the correct way for my problem to allow visitors for Z-Push.
Additional: The Exchange client has no information that the link is https://yunohost.local/Microsoft-Server-ActiveSync. Instead I only enter the server https://yunohost.local. So this might work all alone?

I remember being in /var/www/z-push/config.php at the time I made it run the first time. Unfortunately this file has changed about a week before the update problem. So I’m not sure if it really crashed with the main update or if it stopped working before. I remember there was an update of z-push at this time. Unfortunately I don’t know if there’s a backup of config.php somewhere. But maybe I have to look in the config file, to solve the problem.

Best regards,

Stefan

Half way done - I could create an Exchange account on my Android device. I’m not absolutely sure, what made the difference. Here my settings:

  • No rights permitted for Visitors to access Z-Push in the YunoHost permission interface
  • In /var/www/z-push/config.php I set ‘USE_FULLEMAIL_FOR_LOGIN’ to false

The Exchange account settings are:

  • username: myname@yunohost.local (I would have expected that it is only myname)
  • password: mypassword
  • no client certificate
  • server: yunohost.local
  • Port: 443
  • security: SSL/TLS (accept all certs)

So this is the proof it is working. But it takes very long to access mails. Just went into settings without changings anything to write my settings into this post. When skipping back to the inbox I have the state as before: Loading several minutes, and not knowing if I’m still connected…

My other devices (not Android) still show errors - the usernames used here are: myname

It’s a little bit strange …

Hi,

I don’t know if there’s somebody left reading this topic :slight_smile:

I uninstalled Z-Push and re-installed it again. In the top bar came a warning saying:

/!\ Packagers! This app is still using the skipped/protected/unprotected_uris/regex settings which are now obsolete and deprecated… Instead, you should use the new helpers ‘ynh_permission_{create,urls,update,delete}’ and the ‘visitors’ group to initialize the public/private access. Check out the documentation at the bottom of yunohost.org/groups_and_permissions to learn how to use the new permission mechanism.

I tried to understand https://yunohost.org/#migrating-away-from-the-legacy-permission-management

Does this mean that it can’t work until it is packed the way that is described here?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.