Unable to access files through WebDav

[isasmendiagus]

Describe the bug

Although I can access to the web interface, cannot access files through WebDav.
Tested with Nautilus on Ubuntu 22.04 and cadaver CLI

$ cadaver https://10.44.66.22:9200
WARNING: Untrusted server certificate presented for `127.0.0.1':
Certificate was issued to hostname `127.0.0.1' rather than `10.44.66.22'
This connection could have been intercepted.
Issued to: Acme Corp
Issued by: Acme Corp
Certificate is valid from Sat, 25 Feb 2023 13:12:52 GMT to Sun, 25 Feb 2024 13:12:52 GMT
Do you wish to accept the certificate? (y/n) y
Could not access / (not WebDAV-enabled?):
405 Method Not Allowed
Connection to `10.44.66.22' closed.

I have also tried to access through Nautilus without success

Steps to reproduce

1. Install cadaver WebDav CLI. On Debian based OS apt install cadaver
2. Connect to Ocis Proxy over my LAN (https://10.44.66.22:9200)
3. I got an error 'not WebDAV-enabled?'

Expected behavior

As an end user I expect to be able to access my files through WebDav.
I would like to mount a directory with davfs2 and work as if the remote files were local.

I can see here this is easily done with classic OwnCloud. Is that possible as well for Ocis?

Setup

ocis.env

OCIS_URL=https://10.44.66.22:9200
OCIS_INSECURE=true
OCIS_CONFIG_DIR=/etc/ocis
OCIS_BASE_DATA_PATH=/var/lib/ocis

[micbar]

@isasmendiagus You do not provide a WebDAV path to the client, so it cannot work.

[micbar]

The webdav paths are available under https://10.44.66.22:9200/dav/spaces/<space-id>

To find them out, you need to either know the spaceID beforehand or do an authenticated (OpenIDConnect) request against https://10.44.66.22:9200/graph/v1.0/me/drives/ . This will return a JSON response with a list of all available spaces (drives). Each space has its own webDAV URL.

[johnstonjs]

This is incredibly helpful, thank you! It would be even better to have the webDAV URLs provided in the OCIS web interface.

[micbar]

This is incredibly helpful, thank you! It would be even better to have the webDAV URLs provided in the OCIS web interface.

Good point! I see you opened #5435 too.

I would like to see this in the Web Client too. @kulmann @tbsbdr

[isasmendiagus]

Hello @micbar , thank you for your help!
I will try your solution and update the thread if it solves the issue.

[isasmendiagus]

Hello @micbar, I hope you're doing well. I'm having some trouble using oidc-gen. I'm not able to obtain the token or add the configuration. Have you been able to connect to ocis using it?

Here's the command I'm running and the error message I'm getting:

oidc-gen \
 --client-id=xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 \
 --client-secret=UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh \
 --issuer https://10.44.66.22:9200 \
 --redirect-uri=http://localhost:12345 \
 --scope="openid offline_access profile email" \
 --cp /etc/ssl/certs/ocis.crt \
 ocis-owncloud

Error: Could not get token endpoint from the configuration endpoint. This could be because of a network issue. But it's more likely that your issuer is not correct.

I'm using the client-id of the desktop application.

If you have any insights or suggestions on how to resolve this, please let me know. Thank you for your help.

Best regards,

[micbar]

can you check with curl what https://10.44.66.22:9200/.well-known/openid-configuration returns?

[Princelo]

i have found the webDavUrl from https://localhost:9200/graph/v1.0/me/drives?$top=0&$skip=0, but i still couldn't access it through webdav. it prints unknown error when i access it by webdav client and 401 by web browser

[micbar]

@Princelo What did my proposed curl request return?

[Princelo]

/.well-known/openid-configuration

➜  ~ curl -k https://192.168.10.102:9200/.well-known/openid-configuration
{
  "issuer": "https://192.168.10.102:9200",
  "authorization_endpoint": "https://192.168.10.102:9200/signin/v1/identifier/_/authorize",
  "token_endpoint": "https://192.168.10.102:9200/konnect/v1/token",
  "userinfo_endpoint": "https://192.168.10.102:9200/konnect/v1/userinfo",
  "end_session_endpoint": "https://192.168.10.102:9200/signin/v1/identifier/_/endsession",
  "check_session_iframe": "https://192.168.10.102:9200/konnect/v1/session/check-session.html",
  "jwks_uri": "https://192.168.10.102:9200/konnect/v1/jwks.json",
  "scopes_supported": [
    "openid",
    "offline_access",
    "profile",
    "email",
    "LibgreGraph.UUID",
    "LibreGraph.RawSub"
  ],
  "response_types_supported": [
    "id_token token",
    "id_token",
    "code id_token",
    "code id_token token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "request_object_signing_alg_values_supported": [
    "ES256",
    "ES384",
    "ES512",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "none",
    "EdDSA"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "none"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "RS256"
  ],
  "claims_parameter_supported": true,
  "claims_supported": [
    "iss",
    "sub",
    "aud",
    "exp",
    "iat",
    "name",
    "family_name",
    "given_name",
    "email",
    "email_verified"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": false
}

[micbar]

the issuer in your oidc-gen is also set to https://192.168.10.102:9200 ?