profile
viewpoint

Ask questionsUnable to Access Group(Private) Pad.

Describe the bug After following the steps in the HTTP API. I am unable to access the newly created private Pad.

To Reproduce Steps to reproduce the behavior:

  1. Create a New Author.
  2. Create a New Group.
  3. Create a New Pad for group.
  4. Create Session for Group and Author
  5. Create Cookie via console = document.cookie="sessionID=s.8db6fe22639b52296c96662b80d12860"

Expected behavior The user should be able to access the Pad.

LOG The below log should explain the Author/Group/Pad/Session ID's that are used and visible.

[2020-09-24 15:35:42.305] [INFO] console - Using skin "colibris" in dir: E:\etherpard\src\static\skins\colibris
[2020-09-24 15:35:42.306] [INFO] console - Session key loaded from: E:\etherpard\SESSIONKEY.txt
[2020-09-24 15:35:42.306] [WARN] console - DirtyDB is used. This is fine for testing but not recommended for production. File location: E:\etherpard\var\dirty.db
[2020-09-24 15:35:43.131] [INFO] APIHandler - Api key file read from: "E:\etherpard\APIKEY.txt"
[2020-09-24 15:35:43.273] [INFO] console - Installed plugins:
[2020-09-24 15:35:43.278] [INFO] console - Report bugs at https://github.com/ether/etherpad-lite/issues
[2020-09-24 15:35:43.279] [WARN] console - Can't get git version for server header
ENOENT: no such file or directory, lstat 'E:\etherpard/.git'
[2020-09-24 15:35:43.280] [WARN] console - Can't get git version for server header
ENOENT: no such file or directory, lstat 'E:\etherpard/.git'
[2020-09-24 15:35:43.280] [INFO] console - Your Etherpad version is 1.8.6 ()
[2020-09-24 15:35:43.373] [INFO] console - You can access your Etherpad instance at http://0.0.0.0:9001/
[2020-09-24 15:35:43.374] [INFO] console - The plugin admin page is at http://0.0.0.0:9001/admin/plugins
[2020-09-24 15:35:43.375] [WARN] console - Etherpad is running in Development mode.  This mode is slower for users and less secure than production mode.  You should set the NODE_ENV environment variable to production by using: export NODE_ENV=production
[2020-09-24 15:35:47.271] [INFO] Minify - Compress CSS file css/pad.css.
[2020-09-24 15:35:47.276] [INFO] Minify - Compress CSS file skins/colibris/pad.css.
[2020-09-24 15:35:47.401] [INFO] Minify - Compress CSS file css/iframe_editor.css.
[2020-09-24 15:35:47.410] [INFO] Minify - Compress CSS file css/iframe_editor.css.
[2020-09-24 15:35:47.669] [INFO] access - [CREATE] Pad "g.65AaH4xwY7FIqPxV": Client VSycLhMGokcqDrtFAAAA with IP "127.0.0.1" created the pad
[2020-09-24 15:35:47.715] [INFO] Minify - Compress CSS file css/pad.css.
[2020-09-24 15:35:47.715] [INFO] Minify - Compress CSS file skins/colibris/pad.css.
[2020-09-24 15:35:47.867] [INFO] Minify - Compress CSS file css/pad.css.
[2020-09-24 15:35:47.868] [INFO] Minify - Compress CSS file skins/colibris/pad.css.
[2020-09-24 15:36:01.928] [INFO] API - REQUEST, v1:createAuthorIfNotExistsFor, {"apikey":"62280500f4dd0f8a79652ca818db41f7a402d4e9801088a25d0046fe99630fe6","name":"Chetan Madaan","authorMapper":"55"}
[2020-09-24 15:36:01.929] [INFO] API - RESPONSE, createAuthorIfNotExistsFor, {"code":0,"message":"ok","data":{"authorID":"a.MZVqoaZsSpbDQtIp"}}
[2020-09-24 15:36:06.219] [INFO] API - REQUEST, v1:createGroupIfNotExistsFor, {"apikey":"62280500f4dd0f8a79652ca818db41f7a402d4e9801088a25d0046fe99630fe6","groupMapper":"1"}
[2020-09-24 15:36:06.220] [INFO] API - RESPONSE, createGroupIfNotExistsFor, {"code":0,"message":"ok","data":{"groupID":"g.65AaH4xwY7FIqPxV"}}
[2020-09-24 15:36:12.568] [INFO] API - REQUEST, v1:createGroupPad, {"apikey":"62280500f4dd0f8a79652ca818db41f7a402d4e9801088a25d0046fe99630fe6","padName":"New Pad","text":"This is the first sentence in the pad","groupID":"g.65AaH4xwY7FIqPxV"}
[2020-09-24 15:36:15.824] [INFO] API - REQUEST, v1:createGroupPad, {"apikey":"62280500f4dd0f8a79652ca818db41f7a402d4e9801088a25d0046fe99630fe6","padName":"New Pad 2","text":"This is the first sentence in the pad","groupID":"g.65AaH4xwY7FIqPxV"}
[2020-09-24 15:36:15.825] [INFO] API - RESPONSE, createGroupPad, {"code":0,"message":"ok","data":{"padID":"g.65AaH4xwY7FIqPxV$New_Pad_2"}}
[2020-09-24 15:36:19.538] [INFO] API - REQUEST, v1:createSession, {"apikey":"62280500f4dd0f8a79652ca818db41f7a402d4e9801088a25d0046fe99630fe6","groupID":"g.65AaH4xwY7FIqPxV","authorID":"a.MZVqoaZsSpbDQtIp","validUntil":"1670974012"}
[2020-09-24 15:36:19.540] [INFO] API - RESPONSE, createSession, {"code":0,"message":"ok","data":{"sessionID":"s.8db6fe22639b52296c96662b80d12860"}}
[2020-09-24 15:36:25.818] [INFO] access - [LEAVE] Pad "g.65AaH4xwY7FIqPxV": Author "a.uMseXjpZznKYTaCW" on client VSycLhMGokcqDrtFAAAA with IP "127.0.0.1" left the pad
[2020-09-24 15:36:25.847] [INFO] Minify - Compress CSS file css/pad.css.
[2020-09-24 15:36:25.847] [INFO] Minify - Compress CSS file skins/colibris/pad.css.
[2020-09-24 15:36:26.180] [WARN] message - Authentication try failed:{"component":"pad","type":"CLIENT_READY","padId":"g.65AaH4xwY7FIqPxV$New_Pad_2","sessionID":"s.6b367440d8b91110497f2d8362870926","password":null,"token":"t.NlKmI5EcyHhfvY5Cqgmp","protocolVersion":2}
[2020-09-24 15:36:45.207] [INFO] Minify - Compress CSS file css/pad.css.
[2020-09-24 15:36:45.214] [INFO] Minify - Compress CSS file skins/colibris/pad.css.
[2020-09-24 15:36:45.553] [WARN] message - Authentication try failed:{"component":"pad","type":"CLIENT_READY","padId":"g.65AaH4xwY7FIqPxV$New_Pad_2","sessionID":"s.8db6fe22639b52296c96662b80d12860","password":null,"token":"t.NlKmI5EcyHhfvY5Cqgmp","protocolVersion":2}

You can see the last WARN has the correct session ID set but for some reason the Pad is still not visible.

Desktop (please complete the following information):

  • Windows
  • Eitherpad 1.8.6
  • Chrome

Any directions/help would be appreciated.

ether/etherpad-lite

Answer questions alyberty

I also observed this behavior after an upgrade to 1.8.6 (from something old). Any group pad results in "You do not have permission to access this pad". I also tried to disable the access restrictions to the pad (via setPublicStatus), which at least changes the behavior. After this, the pad is stuck at "Loading..." I also found these errors in the logs when trying to load the "public" group pad:

[ERROR]  console - (node:16329) UnhandledPromiseRejectionWarning: ReferenceError: sesionAuthorID is not defined
    at Object.exports.checkAccess (/[...]/src/node/db/SecurityManager.js:129:56)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async Socket.<anonymous> (/srv/www/htdocs/pad.fs.tum.de/src/node/handler/SocketIORouter.js:101:34)

[WARN] console - handleClientReady(): client submitted no author name. Using "Anonymous". See: issue #3612

I used this to set up the group etc.:

#!/bin/bash
host="https://[...]"
apikey="[...]"
apiversion="1"

authorName="tester"
validUntil=$(($(date +%s) + 10000))
padName="Test"
echo "validUntil ${validUntil}"

groupID=$(curl -s "${host}/api/${apiversion}/createGroup?apikey=${apikey}" | jq -r '.data.groupID')
authorID=$(curl -s "${host}/api/${apiversion}/createAuthorIfNotExistsFor?apikey=${apikey}&name=${authorName}" | jq -r '.data.authorID')
sessionID=$(curl -s "${host}/api/${apiversion}/createSession?apikey=${apikey}&groupID=${groupID}&authorID=${authorID}&validUntil=${validUntil}" | jq -r '.data.sessionID')

echo "Group   ID: ${groupID}"
echo "Author  ID: ${authorID}"
echo "Session ID: ${sessionID}"

padID="${groupID}\$${padName}" 
echo ${padID}

sessionInfo=$(curl -s "${host}/api/${apiversion}/getSessionInfo?apikey=${apikey}&sessionID=${sessionID}")
echo "SessionInfo: ${sessionInfo}" 
groupPad=$(curl -s "${host}/api/${apiversion}/createGroupPad?apikey=${apikey}&groupID=${groupID}&padName=${padName}" | jq -r '.message')
echo "Group  Pad: ${groupPad}"
padInfo=$(curl -s "${host}/api/${apiversion}/getPublicStatus?apikey=${apikey}&padID=${padID}")
echo "Pad Info: ${padInfo}"

#setPublic
padPublic=$(curl -s "${host}/api/${apiversion}/setPublicStatus?apikey=${apikey}&padID=${padID}&publicStatus=True")
echo "Pad public ${padPublic}"

I couldn't find an easy way with curl to check if the pad would load, so I tested this manually. I also tried setting the username with "userName=tester" as get parameter, but it didn't change anything. Also tried different api versions, but it didn't change anything.

I'm running on debian buster being an apache2 proxy (set up according to: https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy), node v13.13.0 and mariadb. I also tried running the cleanRun, but to no avail.

To get back to a working state (allow all) I tried to debug the SecurityManager.js. It seems that sessionAuthorID is undefined when I try to access the pad.

useful!
source:https://uonfu.com/
Github User Rank List