Exposed leeway setting in the JWT library #729
Conversation
If the system clock of the document server is even a second slower than the nextcloud server, the JWT token will be rejected as being "not yet valid". This can be seen in the logs (Nextcloud -> Settings -> Administration -> Logging). The error message shown to the user when this happens is more generic: "Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)" This error message has been reported on the bug tracker several times, but it is not clear when the connection failure was due to imperfectly synchronized clocks and when it was due to network connectivity, DNS issues, the JWT not being sent, the secret being wrong, or some other issue. Here are the tickets that may be fixed by this: ONLYOFFICE#345 ONLYOFFICE#548 ONLYOFFICE#315 ONLYOFFICE#290 ONLYOFFICE#127 There's also one on the owncloud fork that may be fixed by this as well: ONLYOFFICE/onlyoffice-owncloud#278
|
|
|
Is there anything I can do to help get this merged into the default branch? |
|
I've pulled in the changes from the default branch so this can be merged cleanly |
|
@LinneyS is this change something that can be upstreamed into the official repo? |
|
In case the onlyoffice-nextcloud app is still maintained, please accept this merge request. However, since it's been several months and this pull request hasn't been merged or commented on, I have to conclude that onlyoffic-nextcloud is now unmaintained. This will be my last follow up unless I get a notification about activity from github.com. |
|
Thank you very much for your suggestion |
|
It was decided not to move the parameter to the admin settings page yet. Enough in the server configuration file. |
|
How can the leeway value be set without the configuration option being exposed in the admin settings page? Is the only option to do direct SQL UPDATE statements on the production server? |
|
You can set it in |
If the system clock of the document server is even a second slower than the nextcloud server, the JWT token will be rejected as being "not yet valid". This can be seen in the logs (Nextcloud -> Settings -> Administration -> Logging).
The error message shown to the user when this happens is more generic:
"Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)"
This error message has been reported on the bug tracker several times, but it is not clear when the connection failure was due to imperfectly synchronized clocks and when it was due to network connectivity, DNS issues, the JWT not being sent, the secret being wrong, or some other issue.
Here are the tickets that may be fixed by this:
#345 #548 #315 #290 #127
There's also one on the owncloud fork that may be fixed by this as well: ONLYOFFICE/onlyoffice-owncloud#278