Error occurred in the document service: Invalid Token #192
Comments
|
I have the same issue as this, using enterprise trial. |
|
Hello @KimTheFirst. I can not reproduce issue. I installed NC (using docker) without SSL on one server (and added |
|
The server on which I tested this no longer exists. I will at some point need to perform the same configuration on a different server, so I will report back here in due course. |
|
Could you please specify if the problem recurs? |
|
I have similar issue, here is how to reproduce Run OO image $ docker run -it -p 80:80 -e JWT_ENABLED=true -e JWT_SECRET="secret" onlyoffice/documentserver-deGenerate token here herder payload secret is Make request $ curl --request POST --header "Content-Type: application/json" --data '{"token": "%token%"}' http://localhost/coauthoring/CommandService.ashx
{"error":6}
|
|
Hi @achempion Also, since Nextcloud is not mentioned in your description, it would be better if you create a new issue in https://github.com/ONLYOFFICE/DocumentServer rather than continuing here. |
|
good points sorry to mistype the command, I meant the {
"c": "version"
}I was able to find this section that I have to use header to send the auth key. What still isn't clear for me though, why do I need to duplicate payload which I already encoded inside the token and send it separately in body? |
|
The way it currently works, the request's body cannot be empty, but it's not necessary to copy the whole payload there, you can simply send a set of curly brackets {} |
|
Hello ! |
Do you want to request a feature or report a bug?
bug
Or maybe I'm being stupid.
What is the current behavior?
It connects without JWT, but this is obviously very insecure. After attempting to enable JWT in nextcloud by applying the configuration methods detailed here: ONLYOFFICE/onlyoffice-owncloud#45
Nextcloud will provide the error message "invalid token" upon every connection attempt. Like so:
"message":"CommandRequest on check error: Error occurred in the document service: Invalid token","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36","version":"13.0.1.1"}
Monitoring the loopback interface on the nginx proxy in front of the ONLYOFFICE docker container, I see this:
POST /coauthoring/CommandService.ashx HTTP/1.0
Connection: close
Host: 127.0.0.1:61209
Content-Length: 15
Content-type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwYXlsb2FkIjoie1wiY1wiOlwidmVyc2lvblwifSJ9.TPCfco_w5xBfxKSm0LuEP82jHVre9fccVLiKAWqUs-U
{"c":"version"}
This seems to indicate that the JWT request is being made and is being passed through by nginx.
Immediately following this, the response from the docker container is this:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Apr 2018 23:03:25 GMT
Content-Type: application/json
Content-Length: 11
Connection: close
X-Powered-By: Express
ETag: W/"b-LRcxe7iSAJH5JBcNMVwY3YCaOwE"
{"error":6}
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
New NC install + new ONLYOFFICE install on two different servers in two different places. On the document server, it has only the onlyoffice docker container connected behind NGINX local proxy. Nginx proxy is configured with SSL certs and forwarding to port 80 on the docker container. Docker is launched with port mapping to map the docker image port 80+443 to some random high ports. iptables is used to block all inbound connections except for port 443 and port 80. The only changes made to the docker container are to default.json as detailed above.
What is the expected behavior?
Works
Did this work in previous versions of DocumentServer?
Never used it before!
DocumentServer version:
5
Operating System:
Ubuntu 16
The text was updated successfully, but these errors were encountered: