Skip to content

Can't view or edit space members after upgrade #11119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jonjacksonma opened this issue Mar 10, 2025 · 5 comments · May be fixed by #11245
Open

Can't view or edit space members after upgrade #11119

jonjacksonma opened this issue Mar 10, 2025 · 5 comments · May be fixed by #11245
Labels
Type:Bug

Comments

@jonjacksonma
Copy link

Describe the bug

The web UI does not display the members associated with a share, instead it shows a progress bar indefinitely. This behaviour started after I upgraded from 5.0.9 to 7.0.1, and is also seen in 7.0.0 and 7.1.0

Steps to reproduce

  1. Login to Web UI as admin, or a user with full permissions on a share
  2. Go to "Spaces -> Click on the three dots menu next to Any Space -> Members"

Expected behavior

Expect to see a list of members of the share and their permissions

Actual behavior

The progress bar displays indefinitely

Setup

The installation is a single owncloud/ocis container, started by docker compose

      OCIS_INSECURE: "false"
      PROXY_TRANSPORT_TLS_KEY: "/etc/ocis/certs/key.pem"
      PROXY_TRANSPORT_TLS_CERT: "/etc/ocis/certs/cert.pem"
      OCIS_URL: "https://my.server.url:9200"
      OCIS_LOG_LEVEL: info

Additional context

This behaviour first appeared after upgrading to 7.0.1
During the upgrade process, I followed the upgrade guide.

Relevant log messages that appear after attempting to display space members, filtered with sort -u | grep error are:

ocis-1  | {"level":"debug","service":"proxy","claims":"marshaling error: json: unsupported type: map[interface {}]interface {}","time":"2025-03-10T19:47:44Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:70","message":"cache hit for userinfo"}
ocis-1  | {"level":"debug","service":"proxy","claims":"marshaling error: json: unsupported type: map[interface {}]interface {}","user":{"id":{"idp":"https://OWNCLOUD.SERVER.URL:1234","opaque_id":"aaa00aa0-0aa0-0a00-0000-aa0aa00a0000","type":1},"username":"EMAIL1","mail":"[email protected]","display_name":"FIRSTNAME1 LASTNAME1","opaque":{"map":{"roles":{"decoder":"json","value":"WyJkN2JlZWVhOC04ZmY0LTQwNmItOGZiNi1hYjJkZDgxZTZiMTEiXQ=="}}},"uid_number":99,"gid_number":99},"time":"2025-03-10T19:47:44Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/account_resolver.go:194","message":"associated claims with user"}
ocis-1  | {"level":"error","service":"sharing","pkg":"rgrpc","traceid":"f34d0e374a60c427070dfbe129e12c54","error":"error: already exists: user bbb11111-bb1b-11b1-1b1b-bbbbb1111111 does not have access to metadata space jsoncs3-public-share-manager-metadata, but it exists","time":"2025-03-10T19:47:44Z","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/publicshareprovider/publicshareprovider.go:455","message":"error listing shares"}
ocis-1  | {"level":"error","service":"storage-system","pkg":"rgrpc","traceid":"2953b1e02bb6233b4610e49148079f4c","error":"error: not found: space jsoncs3-public-share-manager-metadata not found","status":{"code":6,"message":"not found when listing spaces","trace":"2953b1e02bb6233b4610e49148079f4c"},"filters":[{"type":2,"Term":{"Id":{"opaque_id":"jsoncs3-public-share-manager-metadata!jsoncs3-public-share-manager-metadata"}}}],"time":"2025-03-10T19:47:44Z","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/storageprovider/storageprovider.go:580","message":"failed to list storage spaces"}
@mklos-kw
Copy link
Member

I've run the steps with demo users and basic auth - no space members issues.
I see in the logs OIDC auth code path so I tried to reproduce the steps with OIDC users but I'm blocked with my current local setup.

cc @LukasHirt: How does it look like on web side? Perhaps there is a way to at least avoid endless loading

@mklos-kw mklos-kw moved this from Qualification to blocked in Infinite Scale Team Board Mar 19, 2025
@LukasHirt LukasHirt mentioned this issue Mar 20, 2025
Merged
7 tasks
@LukasHirt
Copy link
Contributor

I got a fix for the frontend issue with infinite loader - owncloud/web#12336 I will try to pull this into the next patch release.

@jvillafanez
Copy link
Member

jvillafanez commented Apr 9, 2025
edited
Loading 

ocis-1  | {"level":"debug","service":"proxy","claims":"marshaling error: json: unsupported type: map[interface {}]interface {}","time":"2025-03-10T19:47:44Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/oidc_auth.go:70","message":"cache hit for userinfo"}
ocis-1  | {"level":"debug","service":"proxy","claims":"marshaling error: json: unsupported type: map[interface {}]interface {}","user":{"id":{"idp":"https://OWNCLOUD.SERVER.URL:1234","opaque_id":"aaa00aa0-0aa0-0a00-0000-aa0aa00a0000","type":1},"username":"EMAIL1","mail":"[email protected]","display_name":"FIRSTNAME1 LASTNAME1","opaque":{"map":{"roles":{"decoder":"json","value":"WyJkN2JlZWVhOC04ZmY0LTQwNmItOGZiNi1hYjJkZDgxZTZiMTEiXQ=="}}},"uid_number":99,"gid_number":99},"time":"2025-03-10T19:47:44Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/account_resolver.go:194","message":"associated claims with user"}
ocis-1  | {"level":"error","service":"sharing","pkg":"rgrpc","traceid":"f34d0e374a60c427070dfbe129e12c54","error":"error: already exists: user bbb11111-bb1b-11b1-1b1b-bbbbb1111111 does not have access to metadata space jsoncs3-public-share-manager-metadata, but it exists","time":"2025-03-10T19:47:44Z","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/publicshareprovider/publicshareprovider.go:455","message":"error listing shares"}
ocis-1  | {"level":"error","service":"storage-system","pkg":"rgrpc","traceid":"2953b1e02bb6233b4610e49148079f4c","error":"error: not found: space jsoncs3-public-share-manager-metadata not found","status":{"code":6,"message":"not found when listing spaces","trace":"2953b1e02bb6233b4610e49148079f4c"},"filters":[{"type":2,"Term":{"Id":{"opaque_id":"jsoncs3-public-share-manager-metadata!jsoncs3-public-share-manager-metadata"}}}],"time":"2025-03-10T19:47:44Z","line":"github.com/cs3org/reva/[email protected]/internal/grpc/services/storageprovider/storageprovider.go:580","message":"failed to list storage spaces"}

It seems the error comes from https://github.com/cs3org/reva/blob/v2.27.7/pkg/storage/utils/metadata/cs3.go#L153 . We should reach that point only if listing the storage spaces is correct returning an empty result but the space already exists.

I'm not sure how, but a reasonable explanation is that the service account they're using to access the cs3 storage has changed during the update, and the new account can't see the previously created space.

@jvillafanez
Copy link
Member

Maybe someone can double-check the permissions / grants on the space? The space could have "not-so-standard" grants coming from version 5 which might not be correctly interpreted in version 7. Even if the service account didn't change, the actual grants could be interpreted differently (by mistake) causing the user to lose access

@jonjacksonma
Copy link
Author

I can run tests against my environment if there are diagnostic commands that would help

@mklos-kw mklos-kw linked a pull request Apr 23, 2025 that will close this issue
Draft
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug
Projects
Infinite Scale Team Board
Status: Backlog
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: list shares, handle reva errors more gracefully owncloud/ocis
4 participants
@jvillafanez @LukasHirt @jonjacksonma @mklos-kw