NO_ERROR while uploading via app about android-client HOT 12 CLOSED

Oh really strange! I haven't seen this yet, so I have no idea from the top of my head. I'm not aware to do anything special. It doesn't use websockets, only a "plain old" http post request.

If you want to try without reverse proxy, you need to install the previous version. For some reason, enabling custom certificates broke it working in cleartext (although this flag is true).

If nothing can be seen in the logs, it might not even reach the server - is there any indication in the reverse proxy logs that the request hits the server at all? If not, this is quite hard to debug then. You would need to checkout the code and attach a debugger. I only have Android 9 and 11 devices here I think.

from android-client.

Thanks for the ideas, i will test and reply on monday.

from android-client.

Well, I tried version 0.5 to bypass the secure Communication restriction for access without reverse Proxy and it throws the same error. Version 0.4 fixed this Problem.

With v0.4 I am able to upload a document to 192.168.xxx.xxx:PORT via HTTP (no reverse Proxy). With Revers Proxy i get the stream connection error.

Therefore It's proven, that i am having some troubles with my reverse Proxy, though i am not sure, what. Same config is working for nextcloud e.x.

Are You Using TCP Streams or something like this?

Update
A POST with CURL via CLI is working. Seems like something in the APP is not compatible

from android-client.

Output from AndroidStudio, while debugging:

E/upload: Error uploading!
    okhttp3.internal.http2.StreamResetException: stream was reset: NO_ERROR
        at okhttp3.internal.http2.Http2Stream.checkOutNotClosed$okhttp(Http2Stream.kt:646)
        at okhttp3.internal.http2.Http2Stream$FramingSink.flush(Http2Stream.kt:576)
        at okio.ForwardingSink.flush(ForwardingSink.kt:32)
        at okhttp3.internal.connection.Exchange$RequestBodySink.flush(Exchange.kt:228)
        at okio.RealBufferedSink.flush(RealBufferedSink.kt:269)
        at org.docspell.docspellshare.http.HttpRequest$1.writeTo(HttpRequest.java:139)
        at okhttp3.MultipartBody.writeOrCountBytes(MultipartBody.kt:157)
        at okhttp3.MultipartBody.writeTo(MultipartBody.kt:93)
        at okhttp3.internal.http.CallServerInterceptor.intercept(CallServerInterceptor.kt:59)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:34)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
        at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
        at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
        at org.docspell.docspellshare.http.HttpRequest.execute(HttpRequest.java:58)
        at org.docspell.docspellshare.http.UploadManager$UploadWorker.run(UploadManager.java:49)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
        at java.lang.Thread.run(Thread.java:919)

from android-client.

Thanks for the stack trace!! That looks strange. Only thing that came to mind is that I'm reading http2 in the stack trace. Maybe the app is trying with http2 and the reverse proxy has problems with that? That would explain when curl is using http1.1…? Just a guess…. It could be that okhttp changed some settings in a newer version.

I'm also using the newest version of the app with an nginx reverse proxy without problems…. I'm not aware that I use anything special in the app. It's just okhttp post request. But I just checked my nginx config and it is configured to support http2.

from android-client.

I tried this fix:
square/okhttp#3955 (comment)
And the error is gone. Though i get another strange bug:

The Reported HTTP Status Code is 403:

Though, i don't even see anything in my nginx access logs from this upload request.
Seems like the Request is being intercepted somewhere...

INFO: AndroidStudio is complaining about not closing the response body in

You should return the Response Object instead, read the code from Response Object in

from android-client.

Well, I found the reason for the 403:
Somehow My OPNSense WAF intercepts the Request. Strange behaviour is, that the IP get's banned immitiately after sending the request, tough i did not enable the WAF for this specific Server.

from android-client.

Ah nice! So we are one step further :) Thanks for pointing at the bug with not closing the response - not well done!

Was almost hitting ENTER on some thoughts to the 403, which are now obsolete - nice find!

from android-client.

And i found the Problem for Block

The Android Client is not sending a correct User-Agent. The default from okhttp3 is not sufficient and will be blocked by OPNSense/PFSense per default.

I've created a UserAgentInterceptor and will create a PR for you to merge.

This Change does also Fix my HTTP/2 Error. Obviously HTTP/2 could not be established since the IP has been banned

from android-client.

Thanks! I'm using OPNSense myself, but not their WAF (have never seen it, is this a plugin?). Do you know what user-agent values are blocked by default? Would it then be ok to set something like "Docspell-Android/$version"?

Regarding the NO_STREAM error: was this due to http2 vs http1? I thought the 403 from the waf was coming once okhttp was set to not use http2?

from android-client.

The NO_STREAM Error was due to the banning.

Last Year I switched from HAProxy to Nginx for its NAXSI availability.
Therefore, the IP got banned at the second, the Request entered the WAF.
Therefore, the Server did not established a HTTP/2 session and OKHTTP3 threw this error.

Switching to HTTP/1.1 "fixed" the error because the Handshake is different and the client received the 403 - Banned Message. -> Upload still not working

Those Agents are on the blocklist (blocking all default agents to prevent possible Bots/Script-Kiddies.
Python-urllib|Nmap|python-requests|libwww-perl|MJ12bot|Jorgee|fasthttp|libwww|Telesphoreo|A6-Indexer|ltx71|okhttp|ZmEu|sqlmap|LMAO/2.0|ltx71|zgrab|Ronin/2.0|Hakai/2.0

With the #57 User Agent Fix, the HTTP/1.1 Downgrade is not neccessary anymore.

I also added the Request.close() call i mentioned above.

from android-client.

Great!! Thank you a lot for the explanation! Saw the PR already - thanks for this as well. I had only one minor nitpicking comment, but it's not a problem at all to merge it as is!

from android-client.