ocis: ListAccount is forbidden randomly

Sometimes the request to list the account gives a forbidden response after the user tries to list their own account

Note this issue only occurs randomly, not every time

❯ curl https://localhost:9200/ocs/v1.php/cloud/users/einstein -u einstein:relativity -k | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   296  100   296    0     0   4417      0 --:--:-- --:--:-- --:--:--  4417
<?xml version="1.0" encoding="UTF-8"?>
<ocs>
  <meta>
    <status>error</status>
    <statuscode>996</statuscode>
    <message>{"id":"com.owncloud.api.accounts","code":403,"detail":"no permission for ListAccounts","status":"Forbidden"}</message>
  </meta>
</ocs>

This issue gets fixed after restarting the server

❯ curl https://localhost:9200/ocs/v1.php/cloud/users/einstein -u einstein:relativity -k | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   538  100   538    0     0   1368      0 --:--:-- --:--:-- --:--:--  1365
<?xml version="1.0" encoding="UTF-8"?>
<ocs>
  <meta>
    <status>ok</status>
    <statuscode>100</statuscode>
    <message>OK</message>
  </meta>
  <data>
    <enabled>true</enabled>
    <id>4c510ada-c86b-4815-8820-42cdf82c3d51</id>
    <display-name>Albert Einstein</display-name>
    <displayname>Albert Einstein</displayname>
    <email>einstein@example.org</email>
    <quota>
      <free>2840756224000</free>
      <used>5059416668</used>
      <total>2845815640668</total>
      <relative>0.18</relative>
      <definition>default</definition>
    </quota>
    <uidnumber>20000</uidnumber>
    <gidnumber>30000</gidnumber>
  </data>
</ocs>

Server logs when failing

2020-11-09T13:41:32+05:45 WRN basic auth enabled, use only for testing or development service=proxy
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=de4e04e8664044e753bee810fc080393
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=36 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=291798 traceid=de4e04e8664044e753bee810fc080393 uri=/data/index.cs3/unique.github.com.owncloud.ocis.accounts.pkg.proto.v0.Account.OnPremisesSamAccountName/einstein url=/data/index.cs3/unique.github.com.owncloud.ocis.accounts.pkg.proto.v0.Account.OnPremisesSamAccountName/einstein
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=67f8e54f88924577399187af3c9395f0
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=584 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=245901 traceid=67f8e54f88924577399187af3c9395f0 uri=/data/accounts/4c510ada-c86b-4815-8820-42cdf82c3d51 url=/data/accounts/4c510ada-c86b-4815-8820-42cdf82c3d51
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=feb094445c9ecf0ad92fa9d0333a9a7b
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=584 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=177808 traceid=feb094445c9ecf0ad92fa9d0333a9a7b uri=/data/accounts/4c510ada-c86b-4815-8820-42cdf82c3d51 url=/data/accounts/4c510ada-c86b-4815-8820-42cdf82c3d51
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=4107ad4b69f385429b7001bd60b0bdf2
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=326 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=134727 traceid=4107ad4b69f385429b7001bd60b0bdf2 uri=/data/groups/509a9dcd-bb37-4f4f-a01a-19dca27d9cfa url=/data/groups/509a9dcd-bb37-4f4f-a01a-19dca27d9cfa
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=da7a9eaf3b178a1c7ad61e699322f175
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=198 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=130543 traceid=da7a9eaf3b178a1c7ad61e699322f175 uri=/data/groups/6040aa17-9c64-4fef-9bd0-77234d71bad0 url=/data/groups/6040aa17-9c64-4fef-9bd0-77234d71bad0
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=e3e779806cc68141507c2e6217ccc1cf
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=196 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=116235 traceid=e3e779806cc68141507c2e6217ccc1cf uri=/data/groups/dd58e5ec-842e-498b-8800-61f2ec6f911f url=/data/groups/dd58e5ec-842e-498b-8800-61f2ec6f911f
2020-11-09T13:41:32+05:45 INF access token is already provided pkg=rhttp service=storage traceid=c73f3a4da9404d323ec053e074343a19
2020-11-09T13:41:32+05:45 INF http end="09/Nov/2020:13:41:32 +0545" host=127.0.0.1 method=GET pkg=rhttp proto=HTTP/1.1 service=storage size=290 start="09/Nov/2020:13:41:32 +0545" status=200 time_ns=96626 traceid=c73f3a4da9404d323ec053e074343a19 uri=/data/groups/262982c1-2362-4afa-bfdf-8cbfef64a06e url=/data/groups/262982c1-2362-4afa-bfdf-8cbfef64a06e
2020-11-09T13:41:32+05:45 INF unary code=OK end="09/Nov/2020:13:41:32 +0545" from=tcp://127.0.0.1:51340 pkg=rgrpc service=storage start="09/Nov/2020:13:41:32 +0545" time_ns=92323 traceid=78ee20a0d00932bd65162c4b26f35a5f uri=/cs3.storage.registry.v1beta1.RegistryAPI/GetStorageProvider user-agent=grpc-go/1.26.0
2020-11-09T13:41:32+05:45 INF unary code=OK end="09/Nov/2020:13:41:32 +0545" from=tcp://127.0.0.1:35158 pkg=rgrpc service=storage start="09/Nov/2020:13:41:32 +0545" time_ns=532972 traceid=78ee20a0d00932bd65162c4b26f35a5f uri=/cs3.storage.provider.v1beta1.ProviderAPI/CreateHome user-agent=grpc-go/1.26.0
2020-11-09T13:41:32+05:45 INF unary code=OK end="09/Nov/2020:13:41:32 +0545" from=tcp://127.0.0.1:51322 pkg=rgrpc service=storage start="09/Nov/2020:13:41:32 +0545" time_ns=1760565 traceid=78ee20a0d00932bd65162c4b26f35a5f uri=/cs3.gateway.v1beta1.GatewayAPI/CreateHome user-agent=grpc-go/1.26.0
2020-11-09T13:41:32+05:45 ERR could not get account for user error="{\"id\":\"com.owncloud.api.accounts\",\"code\":403,\"detail\":\"no permission for ListAccounts\",\"status\":\"Forbidden\"}" service=ocs userid=einstein

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (15 by maintainers)

Most upvoted comments

@butonic @refs I ran git bisect and I think I found the commit that actually broke it https://github.com/owncloud/ocis/commit/8e39d8b873e41900c4d85e430fdb9018fbcaa434

hope this helps

+1
dpakach on Nov 10, 2020
Read more comments on GitHub
← ocis: Infinite loop when trying to login
ocis: Login missing, theme.json and openid-configuration net::ERR_CONNECTION_REFUSED →