Nextcloud cannot open documents as an non-Admin user

iamthefij

This is curious. I'm seeing an authentication error in my logs for CODE showing the following:

Jul 12 13:34:53 172.18.0.1 - - [12/Jul/2023:20:34:53 +0000] "POST /browser/10deb70/cool.html?WOPISrc=https%3A%2F%2Fcloud.example.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F66920_ocwnxxigt9qg&title=Test%20Doc.odt&lang=en&closebutton=1&revisionhistory=1 HTTP/1.1" 200 11028 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0"
Jul 12 13:34:54 wsd-00013-00418 2023-07-12 20:34:54.998823 +0000 [ docbroker_029 ] ERR WOPI::GetFile [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg/contents?access_token=&access_token_ttl=1689230090000] failed with Status Code: Forbidden| wsd/Storage.cpp:1161
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:54.999183 +0000 [ docbroker_029 ] ERR Cannot download document from WOPI storage uri [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg/contents?access_token=&access_token_ttl=1689230090000]. Error: WOPI::GetFile [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg/contents?access_token=&access_token_ttl=1689230090000] failed: []| wsd/Storage.cpp:1100
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:55.002027 +0000 [ docbroker_029 ] ERR loading document exception: WOPI::GetFile [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg/contents?access_token=&access_token_ttl=1689230090000] failed: []| wsd/DocumentBroker.cpp:2559
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:55.002229 +0000 [ docbroker_029 ] ERR Failed to add session to [%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F66920_ocwnxxigt9qg] with URI [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg?access_token=<token>&access_token_ttl=1689230090000]: WOPI::GetFile [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg/contents?access_token=&access_token_ttl=1689230090000] failed: []| wsd/DocumentBroker.cpp:2521
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:55.002568 +0000 [ docbroker_029 ] ERR Storage error while starting session on %2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F66920_ocwnxxigt9qg for socket #26. Terminating connection. Error: WOPI::GetFile [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/66920_ocwnxxigt9qg/contents?access_token=&access_token_ttl=1689230090000] failed: []| wsd/COOLWSD.cpp:5019
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:55.003162 +0000 [ docbroker_029 ] ERR #26: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1427
Jul 12 13:34:55 172.18.0.1 - - [12/Jul/2023:20:34:55 +0000] "GET /cool/https%3A%2F%2Fcloud.example.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F66920_ocwnxxigt9qg%3Faccess_token%3D<token>%26access_token_ttl%3D1689230090000/ws?WOPISrc=https%3A%2F%2Fcloud.example.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F66920_ocwnxxigt9qg&compat=/ws HTTP/1.1" 101 111 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0"
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:55.011816 +0000 [ docbroker_029 ] ERR #35: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1121
Jul 12 13:34:55 wsd-00013-00418 2023-07-12 20:34:55.011948 +0000 [ docbroker_029 ] WRN #35: Unassociated Kit (411) disconnected unexpectedly| wsd/COOLWSD.cpp:3465

However when I authenticate as my admin user, everything works fine. I thought maybe it was realted to LDAP, so I created another non-LDAP user, but that user also did not work. I've checked my Nextcloud settings and I have no group restrictions for view or edit. I even tested by adding some and instead of seeing this error, it instead downloads the file.

nebulon

This sounds a bit like a nextcloud bug to me. Especially if the file is downloaded indicates that the collabora nextcloud plugin is not coming to action.

iamthefij

So there are some logs on the Nextcloud side too. It shows returning a 403, not authorized. It seems like the token it's retrieving is invalid or something. I didn't find anything too promising when searching Nextcloud forum either. I'll keep poking.