401 Unauthorized - WebDav - IOS

[jonwestfall]

Operating system

• Windows
• macOS
• Linux
• Android
  x iOS

Application

• Desktop
  x Mobile
• Terminal

I've got Joplin up and running on my MacBook synchronizing to a QNAP NAS unit over WebDav. Same settings (URL/user/password) on my iPad gives a 401 Unauthorized error when I try to sync. Checking sync settings gives a "Success" message:

and if I change the username/password to be incorrect, I get the same error on the "Configuration" page

Here's the debug output. Any suggestions?

[laurent22]

I believe the app does not work properly with non-standard ports.

[jonwestfall]

Hopefully you can get that working in future updates. In the interim, I'll try to get my QNAP to move WebDav back to 443 instead of the non-standard port.

[jonwestfall]

Just switched the QNAP over to 443 and I'm still getting the same error, so I don't think it's the non-standard port.

[jonwestfall]

Further development: If I add /# to the end of the webdav URL, I get a 403 Error instead of 401. Same issue if I run on port 80 (http) instead of 443 (https).

[laurent22]

Could you post the full error again while using the 443 port?

[jonwestfall]

Here it is: https://www.dropbox.com/s/qvsrwb4jzftgypb/IMG_0442.png?dl=0

[laurent22]

Assuming you've entered the right username and password, I don't see in the log what could be causing this. Do you have by any chance a test account I could use to check what the problem is?

[jonwestfall]

Sure:
WebDAV URL: https://westfall.myqnapcloud.com/joplintest
Username: testuser
Password: test1234

I just verified that this works to connect using Windows 10 off-network. Initially it told me it had succeeded when I had no notebooks and no notes. However once I added a notebook (fresh install of Joplin on my iPhone), it gave the 401 error when synchronizing.

[laurent22]

I can't really get this end point working so I can't say if it's really an issue with the app.

Here are the kind of calls that the app would make, but none of them work even from the terminal:

$ curl -X MKCOL -H "Authorization: Basic dGVzdHVzZXI6dGVzdDEyMzQ=" -H "If-None-Match: JoplinIgnore-81961" https://westfall.myqnapcloud.com/joplintest/.sync

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://westfall.myqnapcloud.com/joplintest/.sync/">here</a>.</p>
<hr>
<address>Apache Server at westfall.myqnapcloud.com Port 443</address>
</body></html>

$ curl -X MKCOL -H "Authorization: Basic dGVzdHVzZXI6dGVzdDEyMzQ=" -H "If-None-Match: JoplinIgnore-81961" https://westfall.myqnapcloud.com/joplintest/.sync/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method MKCOL is not allowed for the URL /joplintest/.sync/.</p>
<hr>
<address>Apache Server at westfall.myqnapcloud.com Port 443</address>
</body></html>

Do you have any example of curl call that would actually work? Is the "joplintest" directory already created by the way (it needs to)?

[jonwestfall]

I'm able to connect using those credentials using Windows 10 (Mapping a network location in Explorer) and MacOS through Finder (e.g., Go Menu -> Connect to Server) and the Transmit app. Each can open the directory and read/write to it.

I can also verify that even though you got a 405 Method Not Allowed, the MKCOL command worked. When I try to run MKCOL for a new directory (e.g., curl -X MKCOL -H "Authorization: Basic dGVzdHVzZXI6dGVzdDEyMzQ=" -H "If-None-Match: JoplinIgnore-81961" https://westfall.myqnapcloud.com/joplintest/.dsync ) I get a 201 Created response.

It seems like the problem comes not in creating directories, but in actually writing files. For example, curl -T -H "Authorization: Basic dGVzdHVzZXI6dGVzdDEyMzQ=" -H "If-None-Match: JoplinIgnore-81961" /Users/jon/test https://westfall.myqnapcloud.com/joplintest/test gives me the 401 Unauthorized error.

However I can take that same file and upload it to the WebDav folder through MacOS Finder.

[laurent22]

Ok this is actually related to #523 - because there's no "/" at the end of the URL in the MKCOL call, the server redirects, but doing so the auth credentials are lost which results in the final 401 Unauthorized error. The loss of credentials is due to this never-fixed React Native bug.

I'm going to add the trailing "/" as @bradmcl suggested and see if the Nextcloud test units work. If they do, I'll make the change as it's probably more correct than not having the trailing "/".

[fmmarzoa]

I have similar problems with Ubuntu 18.04 desktop client version 1.0.104. The server runs Apache 2.0 and the URL is this, and it includes the trailing /:

https://marzoa.com/webdav/joplin/

However, when checking the syncronization configuration in joplin for the same URL I also get an error 401 unauthorized.

If I try with http instead of https, I get a 405 method not allowed error instead.

I can open the webdav repository without problems using both Chrome and Firefox from the same laptop where the joplin desktop app fails.

This is the server log using Firefox to access that resource:

47.62.157.23 - - [30/Jul/2018:15:06:15 +0000] "GET /webdav/joplin/ HTTP/1.1" 401 6799 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"

47.62.157.23 - fmmarzoa_joplin [30/Jul/2018:15:06:23 +0000] "GET /webdav/joplin/ HTTP/1.1" 200 1018 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"

47.62.157.23 - - [30/Jul/2018:15:06:24 +0000] "GET /favicon.ico HTTP/1.1" 200 7717 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"

Between line 1 and 2, Firefox ask for my credentials, then the access is granted.

This is the server log using Joplin desktop client:

47.62.157.23 - - [30/Jul/2018:15:09:28 +0000] "PROPFIND /webdav/joplin// HTTP/1.1" 401 2390 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)"

Just noticed that both Firefox and Chrome use GET instead of PROPFIND, I'm going to research this more. Anyway, it seems like Joplin does not try to authenticate after that error, unlike the aforementioned browsers.

BTW, I have tried also https://marzoa.com/webdav/joplin without the last / with the same results.

Just saw that the AuthType in the apache server is set to Digest. Could this be a problem for joplin?

[pLinnn]

Try this, it worked for me!
https://www.qnap.com/en/how-to/tutorial/article/accessing-your-qnap-nas-remotely-with-webdav
It's not a joplin's bug but a misconfiguration in the qnap.
Greetings!

[dltn]

In case anyone stumbles upon this issue (like me) in the future:

I found out that the issue (using WebDAV on Synology) is that I needed to specify the shared folder in the configuration URL. For example, if I had a "Joplin" Shared Folder, I'd put:

https://YourWebDAVURL:5006/Joplin

but not:

https://YourWebDAVURL:5006/
https://YourWebDAVURL:5006

[sharpevo]

@fmmarzoa It's true, joplin seems to support basic auth, not the digest.

basic

Success! Synchronisation configuration appears to be correct.

digest

Error. Please check that URL, username, password, etc. are correct and that the sync target is accessible. The reported error was:
PROPFIND : Unknown error 2 (401): <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> (Code 401)

the error

[Wed Jun 19 00:25:52.219734 2019] [auth_digest:error] [pid 18:tid 140392471096040] [client 127.0.0.1:43408] AH01781: client used wrong authentication scheme `Basic': /

[laurent22]

Implementing Digest seems quite complex and I'm not sure it makes sense to support it today? The connection should use TSL anyway and in this case it doesn't matter how the username and password are transmitted.