[Libreoffice-bugs] [Bug 130618] New: WebDAV recent file items don't handle authorization correctly

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Wed Feb 12 12:55:41 UTC 2020 

https://bugs.documentfoundation.org/show_bug.cgi?id=130618

            Bug ID: 130618
           Summary: WebDAV recent file items don't handle authorization
                    correctly
           Product: LibreOffice
           Version: 7.0.0.0.alpha0+ Master
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: framework
          Assignee: libreoffice-bugs at lists.freedesktop.org
          Reporter: glogow at fbihome.de

When fixing the IRI encoding problem of SharePoint 2016 WebDAV responses in
https://gerrit.libreoffice.org/c/core/+/88120, Mike Kaganski found (and I
verified), that the stored recent file items won't work correctly. Mike
remembered he eventually got some IO error from opening the file. For me it is
an error form the networking code: "Error reading data from the Internet.
Server error message: ." 

Originally we suspected this to be some problem with the URI handling of
SharePoint, but I verified - using network package dumps - that SharePoint
works fine with URIs, even if it originally sent an IRI in the PROPFIND HTTP
207 response.

When opening the recent file item, LO won't request the user credentials and
simply get a "HTTP/1.1 401 Unauthorized" reply for the OPTIONS request. That
also happens most times, when I had already opened that file before in the LO
session. Using a auth-free Apache WebDAV folder works fine.

Sometimes I even got this error message from the "Remote files" picker, after I
entered my credentials but simply waited to long to select and item. My guess
is, the session times out and no new one is created, or the new one doesn't
have the credentials.

>From my current POV, this boils down to general session management and HTTP
error code handling. In the end the 401 HTTP reply should be handled correctly
by asking for user authentication or using already known credentials for a
matching remote service.

FWIW the recent file list entries contain an empty password value tag, but that
is also set for passwordless WebDAV access. It probably should not even exist,
or it has some other meaning w.r.t. recent file list items.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20200212/651c113c/attachment.htm>

More information about the Libreoffice-bugs mailing list