Error creating share by PHP or by curl

Server
1

Hello i recently updated from version 10.1.0 to 10.8.0 and after the upgrade the following code which i use from an external server to create shares stopped working.

$credentials = array(
    'user',
    'pwd'
);
 $url = "https://mydomain/owncloud/ocs/v1.php/apps/files_sharing/api/v1/shares";
$post_fields_share = array(
        'path' => 'Documents/mpla.pdf',
        'shareType' => '3',
//            'publicUpload' => 'false',
//            'password' => $password,
        'permissions' => '1',
    );

    $options = array(
        CURLOPT_URL => $url,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => $post_fields_share,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HTTPAUTH => CURLAUTH_ANY,
        CURLOPT_USERPWD => implode(':', $credentials),
//        CURLOPT_TIMEOUT_MS => 20000,
        CURLOPT_SSL_VERIFYPEER => FALSE,
        CURLOPT_SSL_VERIFYHOST => 0,
        CURLOPT_CAINFO => "/nilde_files/HaricaCAR1.pem",
        CURLOPT_CERTINFO => TRUE
    );
    curl_setopt_array($ch2, $options);

    $postResult2 = curl_exec($ch2);
    $result = simplexml_load_string($postResult2);
    $info2 = curl_getinfo($ch2);
    $error_no2 = curl_errno($ch2);

    curl_close($ch2);

It keeps returning 997 unauthorized error.
I must mention that a previous chunk of code which i use to upload the file prior to creating the share keeps working correctly.
Can you please help???
p.s. username and pwd are correct for sure
Specs :
Owncloud : 10.8.0
Ubuntu : 20.04.5 LTS
mysql Ver 8.0.31-0ubuntu0.20.04.1
Apache Server version: Apache/2.4.41 (Ubuntu)
PHP Version 7.4.3

2

Do you need this? For what?

3

If i remove these lines from the curl call i get NULL response.
These lines work fine on the code which uploads the file before sharing attempt.

4

OK. i tried using a console curl call from the server and NOT the php script i mentioned above .
My code is this :

#!/bin/bash

##
## Variable Declaration
##
base_uri=https://fserver.heal-link.gr/owncloud
API_PATH=ocs/v1.php/apps/files_sharing/api/v1/shares

# Create a public link share of a single file with read permissions, named "paris photo"
curl --user username:pwd "$base_uri/$API_PATH" \
     --data 'path=/Documents/mpla.pdf&shareType=3&permissions=1&name=test_doc'

and the response i am getting is this :

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

If i add -k to the curl call to skip the ssl check i get the following response :

<?xml version="1.0"?>
<ocs>
 <meta>
  <status>failure</status>
  <statuscode>996</statuscode>
  <message>CSRF check failed</message>
  <totalitems></totalitems>
  <itemsperpage></itemsperpage>
 </meta>
 <data/>
</ocs>

I am totally confused here…

5

Any reason to not upgrading to the current 10.11? I remember this issue with curl, but haven’t seen it for a long time.

6

Well i actually upgraded through the repo packages here :
# Upgrade ownCloud From Packages
and for some strange reason that was the latest package offered for my distribution.
I just tried apt update and then list --upgradable and still gives me only 10.8.0 as an option:

Get:3 http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10.8.0/Ubuntu_20.04  InRelease [1,533 B]
7

I never upgrade from packages, but I assume this is an outdated repository.

8

Anyway, i found the solution.
Here it is for anybody that might be interested :

  1. delete the CURLOPT_HTTPAUTH => CURLAUTH_ANY from the CURL request (client side)
  2. comment out the throw new CrossSiteRequestForgeryException(); on line 147 of the SecurityMiddleware.php in owncloud core
    in order to supress the CSRF error.
    Might be an error totally related to the owncloud version. Perhaps it’ll gone away when i update to 10.11
1 Like
9

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.