Can't add my /e/ account 504 error?

sonik75 · October 24, 2021, 9:51am

I’m trying to connect my /e/ account during initial setup (and later on through account management) but it gives me an error that it can’t login. Looking at the debug info I see some 504 errors. I tried to use the manual server https://ecloud.global. too.
My login details are correct. I use them to login on the website.

— BEGIN DEBUG INFO —

LOGS:
2021-10-24 11:49:51 437 [foundation.e.accountmanager.ui.setup.DavResourceFinder] Finding initial carddav service configuration
2021-10-24 11:49:51 437 [foundation.e.accountmanager.ui.setup.DavResourceFinder] Checking user-given URL: https://ecloud.global/
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient] → PROPFIND https://ecloud.global/
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient] Content-Type: application/xml; charset=utf-8
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient] Content-Length: 290
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient] Depth: 0
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient]
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient] <?xml version='1.0' encoding='UTF-8' ?><CARD:addressbook-description /><CARD:addressbook-home-set />
2021-10-24 11:49:51 437 [foundation.e.accountmanager.HttpClient] → END PROPFIND (290-byte body)
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] ← 405 Method Not Allowed https://ecloud.global/ (636ms)
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] server: nginx
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] date: Sun, 24 Oct 2021 09:49:52 GMT
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] content-type: text/html; charset=UTF-8
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] transfer-encoding: chunked
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] expires: Thu, 19 Nov 1981 08:52:00 GMT
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] cache-control: no-store, no-cache, must-revalidate
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] pragma: no-cache
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] set-cookie: oc_sessionPassphrase=sKQxyMF8YaU0raN1PcXdSiRguNZl607etQQIYoMkkU0lnYrFKrxTvk4%2Ffu0AN6DKmFtAPnWoYg%2FlvRdtih9%2FAHebPbaI2mQZQimhaqFjmTQbaCHw1CaAX7pBjXK93F5e; path=/; secure; HttpOnly; SameSite=Lax
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] set-cookie: ocvebajunw79=2f7df1a91ca3d8c3966fcacc7e4b9a42; path=/; secure; HttpOnly; SameSite=Lax
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] content-security-policy: default-src ‘self’; script-src ‘self’ ‘nonce-VWtWKzIzTTNGNExBMXc2MHVpZ3JaV0NHcXJzNmVlWnQ3cS9jbStGM1Y0bz06RUMwMW93RmplZXkwb1cvLzBYc1lWUUsyaGUxcUxxRXNvdUNGK3JrOUg3dz0=’; style-src ‘self’ ‘unsafe-inline’; frame-src *; img-src * data: blob:; font-src ‘self’ data:; media-src *; connect-src *; object-src ‘none’; base-uri ‘self’;
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] x-content-type-options: nosniff
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] referrer-policy: no-referrer
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] x-frame-options: SAMEORIGIN
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] x-robots-tag: none
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] x-download-options: noopen
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] x-permitted-cross-domain-policies: none
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] set-cookie: SRV=nc03; path=/
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient]
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient]
2021-10-24 11:49:52 437 [foundation.e.accountmanager.HttpClient] ← END HTTP (0-byte body)
2021-10-24 11:49:52 437 [foundation.e.accountmanager.ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed
EXCEPTION foundation.e.dav4jvm.exception.HttpException: HTTP 405 Method Not Allowed
at foundation.e.dav4jvm.DavResource.checkStatus(DavResource.kt:423)
at foundation.e.dav4jvm.DavResource.checkStatus(DavResource.kt:397)
at foundation.e.dav4jvm.DavResource.processMultiStatus(DavResource.kt:491)
at foundation.e.dav4jvm.DavResource.propfind(DavResource.kt:384)
at foundation.e.accountmanager.ui.setup.DavResourceFinder.checkUserGivenURL(DavResourceFinder.kt:181)
at foundation.e.accountmanager.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:115)
at foundation.e.accountmanager.ui.setup.DavResourceFinder.findInitialConfiguration(DavResourceFinder.kt:73)
at foundation.e.accountmanager.ui.setup.DetectConfigurationFragment$DetectConfigurationModel$detectConfiguration$2.invoke(DetectConfigurationFragment.kt:83)
at foundation.e.accountmanager.ui.setup.DetectConfigurationFragment$DetectConfigurationModel$detectConfiguration$2.invoke(DetectConfigurationFragment.kt:62)
at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:30)

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services phone

tcecyk · October 24, 2021, 5:39pm

tl;dr: I think you didn’t append the @e.email part to the login? while this works with the web login, the accountmanager currently needs it.

(being nitpicky - it’s a 405, not 504, difference is: 405 speaks to the (webdav) method propfind, 504 crops up when proxies hand back timeouts)

I looked into this and saw the exception is thrown in the normal code flow, even if successful in the end (if you want to read along, see checkUserGivenURL() in DavResourceFinder.kt)

After it runs into the exception, only then in getCurrentUserPrincipal the .well-known/card|caldav paths are used. Those redirect to Nextcloud remote.php/dav Endpoints, where the webdav methods are finally allowed and things work out.

There’s also code to query the emailaddress in the initial config, but not sure why this fails. Upstream has some refactoring there, maybe a bugfix.

sonik75 · October 25, 2021, 1:10pm

Solved: It was due to 2FA enabled security that I got the 405 error.
thnx for being nitpicky ) and your insights/explenation. It helped me learning something new.

I don’t know if web/cal dav and 2FA can go hand in hand?

tcecyk · October 25, 2021, 1:38pm

I don’t know if web/cal dav and 2FA can go hand in hand?

apparently if you set up app tokens as described in

https://doc.e.foundation/support-topics/two-factor-authentication