Error 401 on WebDav

[variamus]

Hello,

I haven't found any solutions browing the web/github so I'll take my chance here.
I was using Keeweb for Nextcloud (App) before and it has stopped working since latest updates (Nextcloud or Keeweb for Nextcloud, I don't know).
I'm getting error 401 (authentication) when I'm trying to access my webdav through the app but if I try to connect to the same webdav with same credentials directly from a mobile phone or another device/OS, it works.
It will also work with Keepass software installed on computer.

Where to find logs about this keeweb app ? Any idea on how to resolve this ?

[arnowelzel]

There are no logs since the Keeweb app runs in the browser only. You need to open the web developer tools of your browser and check the JavaScript console for error messages. Also check the access log of your webserver for error messages.

[arnowelzel]

Just a note: HTTP 501 means "no implemented" and has nothing to do with authentication. Also see https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/501

[variamus]

Sorry, I meant error 401. Typo :)

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401

[cbarbaza]

Hello,

I have the same issue with following version :
nextcloud : 20.0.4
keepass app: 0.6.4

I can't see any error on the js console or in nextcloud log... only HTTP 401 response for the request HEAD send when I click on OK button.

any idea ?

thanks

[maurerle]

@cbarbaza which ok button do you mean?

[arnowelzel]

@cbarbaza Please also check the access log of your webserver (not the Nextcloud log, but the log which is written by Apache or NGINX) which hosts Nextcloud. There you should find the exact URL which Keeweb tried to access.

[variamus]

@cbarbaza Please also check the access log of your webserver (not the Nextcloud log, but the log which is written by Apache or NGINX) which hosts Nextcloud. There you should find the exact URL which Keeweb tried to access.

Hello,
In my case, URL is correct:

x.x.x.x - variamus [04/Jan/2021:15:11:56 +0100] "HEAD /remote.php/webdav/directory/directory/file.kdbx HTTP/1.1" 401 763 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66"
x.x.x.x - variamus [04/Jan/2021:15:12:11 +0100] "HEAD /remote.php/dav/directory/directory/file.kdbx HTTP/1.1" 401 763 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66"

As a reminder, it's working with Keepass installed client (Windows 64) and Keepass2Android.

[arnowelzel]

Please also check the "network" tab in your browser web developer console. There you should also see a request token like this:

https://yourserver.example/remote.php/webdav/directory/file.kdbx?requesttoken=......

The requesttoken is, what grants access. This token is requested from Nextcloud in the Keeweb app page controller and given to Keeweb to open a file. Also see https://github.com/jhass/nextcloud-keeweb/blob/master/keeweb/controller/pagecontroller.php#L83-L102

Also disable any adblocker, script blockers etc. for your Nextcloud URL just to make sure these don't interfere with Keeweb.

[variamus]

Please also check the "network" tab in your browser web developer console. There you should also see a request token like this:

https://yourserver.example/remote.php/webdav/directory/file.kdbx?requesttoken=......

The requesttoken is, what grants access. This token is requested from Nextcloud in the Keeweb app page controller and given to Keeweb to open a file. Also see https://github.com/jhass/nextcloud-keeweb/blob/master/keeweb/controller/pagecontroller.php#L83-L102

Also disable any adblocker, script blockers etc. for your Nextcloud URL just to make sure these don't interfere with Keeweb.

Here is what I'm getting, I don't seem to have any requesttoken as you stated.

keeweb?config=config:1 HEAD https://server/remote.php/webdav/directory/directory/file.kdbx 401 (Unauthorized)
_request @ keeweb?config=config:1
_statRequest @ keeweb?config=config:1
stat @ keeweb?config=config:1
applyConfig @ keeweb?config=config:1
r.emit @ keeweb?config=config:1
apply @ keeweb?config=config:1
eventListener @ keeweb?config=config:1
e @ keeweb?config=config:1
keeweb?config=config:1 

[arnowelzel]

Sorry for the delay - I have no idea why the requesttoken is missing in your case. But without a requesttoken the file can not be read.

[giou]

I have the same issue, with the desktop app works fine.

XHRHEADhttps://subdomain.domain.com/remote.php/webdav/Keepass/file.kdbx
[HTTP/1.1 401 Unauthorized 78ms]

	
HEAD
	https://subdomain.domain.com/remote.php/webdav/Keepass/file.kdbx
Status401
Unauthorized
VersionHTTP/1.1
Transferred634 B (0 B size)
Referrer Policyno-referrer

    	
    Cache-Control
    	no-store, no-cache, must-revalidate
    Connection
    	Keep-Alive
    Content-Security-Policy
    	default-src 'none';
    Content-Type
    	application/xml; charset=utf-8
    Date
    	Fri, 05 Mar 2021 12:37:28 GMT
    Expires
    	Thu, 19 Nov 1981 08:52:00 GMT
    Keep-Alive
    	timeout=5, max=100
    Pragma
    	no-cache
    Referrer-Policy
    	no-referrer
    Server
    	Apache/2.4.41 (Ubuntu)
    Strict-Transport-Security
    	max-age=15552000; includeSubDomains
    X-Content-Type-Options
    	nosniff
    X-Download-Options
    	noopen
    X-Frame-Options
    	SAMEORIGIN
    X-Permitted-Cross-Domain-Policies
    	none
    X-Robots-Tag
    	none
    X-XSS-Protection
    	1; mode=block
    	
    Accept
    	*/*
    Accept-Encoding
    	gzip, deflate, br
    Accept-Language
    	en-US,en;q=0.5
    Authorization
    	Basic ***
    Cache-Control
    	no-cache
    Connection
    	keep-alive
    Cookie
    	***
    DNT
    	1
    Host
    	subdomain.domain.com
    Sec-GPC
    	1
    User-Agent
    	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0

[arnowelzel]

I'm sorry - I have no idea what is wrong here. For me Keeweb works fine with NC 20 and NC 21 hosted on a server with Apache 2.4 and PHP-FPM 7.4.

Please check if it works without any adblocker, scriptblocker etc. active.

[giou]

Nextcloud 20 PHP 7.4.3 Apache/2.4.41 using SSL from certbot tried using restoring Firefox in Windows with no change

[arnowelzel]

Well - seems your Nextcloud does not generate access tokens for the app. But I don't know why. This does not happen here - neither on my production server nor on the development setup.

[nordy1145]

I was getting the same error when trying to add a webdav file from KeeWeb on my NC instance. I ended up just clicking on the .kdbx file within my list of files and KeeWeb opened it up just fine.

[arnowelzel]

I was getting the same error when trying to add a webdav file from KeeWeb on my NC instance. I ended up just clicking on the .kdbx file within my list of files and KeeWeb opened it up just fine.

JFTR: This is the intended way to use Keeweb in Nextcloud. Using WebDAV by entering the Nextcloud URL and user/password is not supported. The option is just there because it can not easily be removed - WebDAV is required as a protocol to use Keeweb in Nextcloud.

If the bug report is about to use Keeweb to open a file using WebDAV and not by clicking a file within the Nextcloud file list, then I'll close this issue as this can never be fixed. The correct fix for this would be to remove the wole UI which allows to open files in Keeweb itself - since this does not work anyway.

[nevaforget]

Same problem over here. It's working via any client but this plugin.

I think the plugin is using a wrong protocol. it requests http instead of https which causes a cors.

Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf http://some.domain/remote.php/webdav/xyz.kdbx?requesttoken=verylongrequesttocken blockiert ("connect-src").

where can I tell the plugin the right protocol to force https?

Thanks in advance

[juanro49]

I had the same problem, in the nextcloud docker I ran the following command ./occ files:scan --all and once finished, I tried again and it didn't give the 401 error and worked fine

[Baratux]

For me, the solution was to use a device password (see Settings/Security) for webdav access.

[arnowelzel]

Same problem over here. It's working via any client but this plugin.

I think the plugin is using a wrong protocol. it requests http instead of https which causes a cors.

Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf http://some.domain/remote.php/webdav/xyz.kdbx?requesttoken=verylongrequesttocken blockiert ("connect-src").

where can I tell the plugin the right protocol to force https?

Thanks in advance

HTTP is not supported by Keeweb. Nextcloud must use HTTPS.

[pc-erwin]

Hello
I had the same problem. Clearing the browser cache cleared the error.

[YourSandwich]

Same issue for me on firefox, librewolf and brave.

[YourSandwich]

HEAD https://nextcloud..../pat/file.kdbx 401 (Unauthorized)

But in the Network Tab, I actually can see the kdbx file and download it.

[Zehelein]

I have the same problem. As it was unmaintained I removed the plugin and installed it again. Thank you all for the new version btw :-) I can open the file just fine - click on the kdbx opens the app and it can load and save. But after some time (hours/few days) it looses the authentication and won't sync anymore. Any ideas what to set/do?