Kolab Now and SFOS 3.4

pcfe · 13 January 2021 21:02

of course.
Like previously, all test were run with my ‘user@domain’.

correct password;

$ curl -I -L --anyauth --user user@domain https://apps.kolabnow.com/.well-known
Enter host password for user '…':
HTTP/1.1 401 Unauthorized
Date: Wed, 13 Jan 2021 20:53:43 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self';             child-src 'self';             font-src 'self';             form-action 'self' data:;             frame-ancestors 'self';             frame-src 'self';             img-src data: 'self';             media-src 'self';             object-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval';             style-src 'self' 'unsafe-eval' 'unsafe-inline';             default-src 'none';             reflected-xss block;             referrer no-referrer;
WWW-Authenticate: Basic realm="KolabDAV"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/xml; charset=utf-8

HTTP/1.1 404 Not Found
Date: Wed, 13 Jan 2021 20:53:43 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self';             child-src 'self';             font-src 'self';             form-action 'self' data:;             frame-ancestors 'self';             frame-src 'self';             img-src data: 'self';             media-src 'self';             object-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval';             style-src 'self' 'unsafe-eval' 'unsafe-inline';             default-src 'none';             reflected-xss block;             referrer no-referrer;
X-Sabre-Version: 2.1.11
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/xml; charset=utf-8

wrong password;

$ curl -I -L --anyauth --user user@domain https://apps.kolabnow.com/.well-known
Enter host password for user '…':
HTTP/1.1 401 Unauthorized
Date: Wed, 13 Jan 2021 20:53:50 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self';             child-src 'self';             font-src 'self';             form-action 'self' data:;             frame-ancestors 'self';             frame-src 'self';             img-src data: 'self';             media-src 'self';             object-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval';             style-src 'self' 'unsafe-eval' 'unsafe-inline';             default-src 'none';             reflected-xss block;             referrer no-referrer;
WWW-Authenticate: Basic realm="KolabDAV"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/xml; charset=utf-8

HTTP/1.1 401 Unauthorized
Date: Wed, 13 Jan 2021 20:53:50 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self';             child-src 'self';             font-src 'self';             form-action 'self' data:;             frame-ancestors 'self';             frame-src 'self';             img-src data: 'self';             media-src 'self';             object-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval';             style-src 'self' 'unsafe-eval' 'unsafe-inline';             default-src 'none';             reflected-xss block;             referrer no-referrer;
WWW-Authenticate: Basic realm="KolabDAV"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/xml; charset=utf-8

not using any auth;

$ curl -I -L  https://apps.kolabnow.com/.well-known
HTTP/1.1 401 Unauthorized
Date: Wed, 13 Jan 2021 20:54:28 GMT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: connect-src 'self';             child-src 'self';             font-src 'self';             form-action 'self' data:;             frame-ancestors 'self';             frame-src 'self';             img-src data: 'self';             media-src 'self';             object-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval';             style-src 'self' 'unsafe-eval' 'unsafe-inline';             default-src 'none';             reflected-xss block;             referrer no-referrer;
WWW-Authenticate: Basic realm="KolabDAV"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/xml; charset=utf-8

chris.adams · 28 January 2021 00:46

Can you send me an email (to chris dot adams at jolla dot com) so I can send you a package for testing? I have implemented a workaround where the user can select a toggle to skip the initial authentication step if required, to avoid the case where we “guess” the auth path wrongly. This may or may not resolve the issue, as we still perform authenticated requests to determine e.g. the calendar paths for caldav a little bit later - but testing should tell us whether that’s the case or not.

chris.adams · 4 February 2021 07:42

Thanks to those who were able to help with testing the workaround - much appreciated.

I have also created a fix to automatically try an authenticated request to the .well-known endpoint if the request to the server root path fails - however I think some changes were made in that library which means that the patch may not apply cleanly to the 3.4.0 codebase. As such, I don’t have 3.4.0+patch packages for testing, for this fix, unfortunately.

Both the “manual workaround” (toggle switch to allow the user to disable authentication at that stage of the account creation flow) change, and the “try .well-known endpoint” change have missed the deadline for 4.0.1 content, so will be part of 4.1.0.

max.hollmann · 23 February 2021 13:03

Hi, is it possible to get our hands on the 4.1 package, so we could use it with 4.0?

chris.adams · 13 April 2021 06:53

Sorry, somehow I missed this reply. Short answer: you can email me for an experimental build of the packages, but no guarantees that it won’t break your device etc etc.

pcfe · 27 May 2021 17:36

Kvarken 4.1.0’s relnotes mark this as fixed. And it is working as expected on my SFOS 4.1.0 device (an Xperia 10 II)

To have it all in one place (all kudos to the original TJC poster, babba22, for the original instructions)

at Settings / Account / Add account / CalDAV and CardDAV

Username → user@domain (e.g. george@kolabnow.com)
Password → …
Server address → https://apps.kolabnow.com
Authenticate during account creation → OFF
Address book path (optional) → /addressbooks/user@domain
Calendar book path (optional) → /calendars/user@domain

side note: I was kinda expecting a bugbot to update all forum posts listed under Sailfish OS Forum and T.J.C: Issues reported by the community and fixed in this update with a FIXED CURRENTRELEASE 4.1.0 or similar, guess I’m spoiled