After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 659522 - [CalDAV] Show URI in generic connection error messages
[CalDAV] Show URI in generic connection error messages
Status: RESOLVED FIXED
Product: evolution-data-server
Classification: Platform
Component: Calendar
3.2.x (obsolete)
Other Linux
: Normal normal
: ---
Assigned To: evolution-calendar-maintainers
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2011-09-19 21:31 UTC by Ian B. MacDonald
Modified: 2015-02-23 15:31 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Output when Captcha likely is occuring (12.90 KB, text/plain)
2011-11-09 21:54 UTC, Ian B. MacDonald
Details

Description Ian B. MacDonald 2011-09-19 21:31:40 UTC
I noted a similar bug report for 2.32 https://bugzilla.gnome.org/show_bug.cgi?id=619275 however it is old enough that I didn't want to assume duplication.

Basically on startup I am being prompted for an authentication password for my calendars, and then it tells me that authentication failed when I enter the correct password.

By going into the calendar properties and trying to retrieve the calendar list I was able to determine that there may be a CAPTCHA issue here.

The screenshot of the CAPTCHA message passed to evolution is attached to the downstream bug. 

I don't know how to resolve this, but at least the message for authentication failure should indicate the CAPTCHA issue, as without the additional information from the retrieve calendar dialogue, I would have tried changing passwords, etc. 

https://bugs.launchpad.net/ubuntu/+source/evolution-data-server/+bug/854232
Comment 1 André Klapper 2011-09-20 10:08:37 UTC
"A CAPTCHA must be filled out to log in". is the error message in the screenshot - nothing else worth to see.

Cannot open calendar: Unexpected HTTP status code 7 returned (Connection terminated unexpectedly)

Exact steps to reproduce are welcome.
Comment 2 Matthew Barnes 2011-09-20 13:06:31 UTC
We don't have support for CAPTCHA prompts at the moment.  Gotta go to google.com/calendar and do it.
Comment 3 Ian B. MacDonald 2011-09-20 14:24:05 UTC
Unfortunately I don't know how to trigger Google's CAPTCHA.  It happened right after the EDS update, but I actually had it pop up on my Android phone as well earlier in the day (I have never seen on my phone either).  I have not seen it since on either.   

Apparently Google does it when they see unusual traffic patterns, or suspect DNS redirection or traffic interception which some ISPs do from time to time. Maybe a tweak to my squid proxy could make it reproducible.  

I can't reproduce it today using my work connection.  

I believe the message generated was from Glib, and I assume the detection was legitimate based on the fact that I saw it in a similar timeframe on my phone.  

If that Glib message was passed up consistently then the user would at least know what is going on, even if it is not handled.  I couldn't make it go away with my calendar in browser.. and I couldn't find the specific caldav URL evolution was using to test natively for myself (though I know it shows up in the status bar from time to time).  

I believe the captcha being presented is the one below,

https://www.google.com/accounts/UnlockCaptcha 

I tried failing it a few times, but Google still "trusts" me both in evolution and my browser session.  

It seems it only can be used to make the tokens work, not break them to create a test case.

"Once the user has successfully responded to the challenge, the Google server will trust the computer in use. The application can then resend the original login request to obtain the authentication token."

I found this here:
http://code.google.com/googleapps/faq.html#captchas
Comment 4 Ian B. MacDonald 2011-09-20 14:43:52 UTC
Maybe just catch the CaptchaRequiredException at all auth rejections and pass this info to the user with the clickable unlock URL if a link is allowed in the error message. 

http://code.google.com/apis/gdata/docs/auth/clientlogin.html#HandlingCaptchas
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#Response
Comment 5 Matthew Barnes 2011-09-20 15:32:28 UTC
Yeah, problem is we don't talk to Google Calendar through libgdata.  We use Google's standard-but-apparently-neglected CalDAV interface.
Comment 6 Ian B. MacDonald 2011-09-20 16:55:23 UTC
Is it safe to assume the the calendar retrieval does use gdata and that is why I saw what I think is a libgdata CAPTCHA exception there and not from the alarm-notify connection or client interface?

The Online Accounts seems to use something new too initially when setting up accounts using a little browser window that looks OAuth-ish.  I assume that CAPTCHA might be handled there too.

So the e-calendar-factory stuff that is CalDAV that will probably change over in some future major milestone.

I don't think its going to hurt my day to day given I now know the unlock URL which I'll post to the downstream bug.
Comment 7 Ian B. MacDonald 2011-09-21 15:45:26 UTC
This happened to me today again. All of a sudden my account with a password prompt came up. 

Initially I went into "Retrieve Calendars" and it worked (saw the list and re-selected and closed) but immediately the prompt from evolution client came back up.  I canceled the prompt and disabled the calendar and then went back into Properties to try and retrieve calendars again.

Sure enough I received the CAPTCHA required error this time.

I tried in my Chrome browser to hit the CALDAV URL:https://www.google.com/calendar/dav/you@gmail.com/user/

With correct credentials the prompt just kept popping up, with no hint of CAPTCHA required or good/bad password.

Next I tried the following URL:
https://www.google.com/accounts/UnlockCaptcha 

After filling it in correctly, it said "Unlocked" and my next evolution password prompt worked and I successfully created and verified some calendar events. 

I then went back to the CALDAV URL in my browser and successfully authenticated which resulted in a "Method Not Allowed" Error 405 which I assume is just what you get when you are a dumb client. The /events/ gave me a download. 

So it seems CAPTCHA issue is as expected, and can be unlocked with this workaround IF we can help users identify it somehow.
Comment 8 Milan Crha 2011-09-21 20:07:59 UTC
(In reply to comment #1)
> Cannot open calendar: Unexpected HTTP status code 7 returned (Connection
> terminated unexpectedly)

This is bug #659233, the rest can be just because of it. Could you retest with that fix, please?
Comment 9 Ian B. MacDonald 2011-09-22 16:15:59 UTC
Well, I suppose I could the next time I get locked out due to CAPTCHA.  I had a look at the bug, and it applies to a gnutls 3.x issue. So a non-starter there.

Ubuntu 11.10 ships with 2.10.5 (libgnutls26)
Comment 10 Ian B. MacDonald 2011-09-22 16:16:45 UTC
Is the thinking that a bad caldav handshake is causing the CAPTCHA?
Comment 11 Milan Crha 2011-09-23 06:01:30 UTC
Yup, I think (and only think) it's a consequence of "Cannot open calendar: Unexpected HTTP status code 7 returned (Connection terminated unexpectedly)"
Comment 12 Ian B. MacDonald 2011-09-26 02:27:20 UTC
I also believe this to be the case, as I have seen it on my Android phone and HP Touchpad (awaiting Android) as well, only since the 3.1.91 upgrade.  On the Touchpad, the login just fails.. looks like a WebOS bug.. but the CAPTCHA validate URL fixes it too.  

Any way to get more info, like run e-calendar with some extra debug for the CalDav?
Comment 13 Milan Crha 2011-09-27 11:01:40 UTC
Yup, you can run the factory as:
   $ CALDAV_DEBUG=all /usr/libexec/e-calendar-factory
and then run evolution and see what will be shown in the factory's console.
Comment 14 Ian B. MacDonald 2011-11-03 18:05:52 UTC
Okay, I have found this to be somewhat reproducible.  I will try and capture a debug output tomorrow at lunch.

The prompt for calendar passwords occurs when I leave my evolution open and idle for a few hours.  In my case, the passwords for my two active Google calendars are prompted after I unlock my screen (no sleep, plugged in).  These persist until I execute the Unlock/Captcha on each of them.  If I do only one, then only the remaining calendar is prompted for credentials, so this also suggests that the failure is due to a mishandled captcha. 

Finally, if I try and accept a calendar event before I do the capthca, even if there are no prompts (they disappear after entering a password for minutes at a time prior to doing the captcha) I seem to generate a crash.

This crash is linked below, and will be public once the retrace is complete. I suspect it may be similar to https://bugzilla.gnome.org/show_bug.cgi?id=659491
Comment 15 Ian B. MacDonald 2011-11-03 18:27:34 UTC
One more observation from this current session (I am sure if I restart evolution this will fix itself.

I am able to make the password prompts go away using the captcha.. but they always seem to come back 5-10 minutes later.  And each time the only way to make them dissappear is with the captcha.  Since I have three Google accounts (One personal, one work, one is my wife's), I have to log out of Google, and execute the captcha URL with each Google user.

Even after I close the evolution main interface, evolution remains running and sends me the authentication dialogue until I force-shutdown.
Comment 16 Ian B. MacDonald 2011-11-09 21:54:03 UTC
Created attachment 201102 [details]
Output when Captcha likely is occuring

Well I have a 2Million line debug output from the calendar e-factory when the Authorization fails. It is probably best to share only directly with devs if it will be useful given the personal information. Email me if you would like it. 

The process to trigger the issue seems to be 100% reproducible in my case by just leaving my 3.2.1-0ubuntu1 idle for a few hours. If I use it to do emails (even without accessing the calendar directly) it does not trigger this issue, presumably because certain emails are calendar events and *touch* the factory to keep it alive. 

How to create the problem,

1) Open evolution and leave it open for a few hours without using it until a password prompt appears.  

The transcript of the subsequent events during my session are as follows,

2) Pressed OK, not changing the password, and attempted to close evolution
3) Prompts were re-occurring too quickly, so I tried "Cancel" and then attempted to close evolution
4) It closed, but my e-calendar factory was still going hard (lots of output) and I could see an "Unauthorized" flying by on the console along with some valid data that seemed to be repeating from my one calendar account that had not prompted me
5) I subsequently completed the Captcha for both the accounts that had prompted for passwords, and I think I saw some in-conjunction "CalDAV - finished syncing" events.
6) The communication seemed to be spinning, so eventually I called a --force-shutdown from another unprivileged console. 

Here is my analysis of the factory log, which seems to support my theory of the Captcha event, sucessfull re-authentication to resolve via Web browser, followed by some unexplained spinning of sucessful events prior to eventual shutdown. Also attached is the one message which actually appears to contain the captcha image (if this is useful). 

1) SoupMessage 1 starts for all three of my Google calendars, and ends with 401 Unautorized for all three endinng at timestamp 1320846121
2) SoupMessage 2 starts for all three of my Google calendars, has a 401 for all three, restarts for all three and results in 200 OKs for all three ending at timestamp 1320846123
3) SoupMessage 774 starts at 1320854921, followed by 200 OK, a REPORT events, and then a 302 followed by a restart and a 405 Method Not Allowed at 1320854969
There is an embedded image as seen in the attachment which contains the SoupMessage, so this is indeed the Captcha IMHO. 
There is also a console message e-cal-backend-caldav-WARNING **: Server did not response with 207, but with code 405 (Method Not Allowed) 
4) SoupMessage 769 has a 401 Unauthorized shortly thereafter at timestamp 1320855055
on the console I see: e-cal-backend-caldav-WARNING **: Server did not response with 207, but with code 401 (Unauthorized)
5) Same thing with SoupMessage 770, 773-796, 800-871.
6) SoupMessage 872 is 200 OK at 1320855078 and the has a 401 at 1320855169 and then a 503 Unavailable at 1320855170 followed by a 207 Mutlistatus at 1320855317. 
I think that this is when I did the browser Captcha Unlock
7) SoupMessage 875 has a 401 at 1320855081, restarts and has a 207 Multi-status, two more 401s  and then a 207 Multistatus at 1320855320
8) SoupMessage 796 is 200 OK at 1320855038, goes 401 at 1320855105 and is 200 OK at 1320855106
9) There are no more Unauthorized after 1320855322 and everything is fine (200,207) until the force-shutdown. The factory did appear to be spinning for whatever reason and taking CPU load up at the same time, possibly re-collecting the same information over and over again as the same events appear over and over in the logs from all three calendars until I shut it down.
Comment 17 Vadim Rutkovsky 2013-02-26 16:35:52 UTC
This is reproducible in evolution-3.6.90 and evolution-3.6.4 if user doesn't use gmail and simple adds a calendar both Google or CalDAV
Comment 18 Ian B. MacDonald 2013-03-01 00:22:29 UTC
Interesting, I used to have a Google ID with only a calendar configured as well.  Now I access the same calendar via my main google account and I no longer have this issue.

I suspect that that Comment 17 identifies the specific conditions that caused the issue in the original report.
Comment 19 Milan Crha 2013-04-30 12:16:18 UTC
(In reply to comment #17)
> This is reproducible in evolution-3.6.90 and evolution-3.6.4 if user doesn't
> use gmail and simple adds a calendar both Google or CalDAV

Could you provide more detailed steps, please? I do not understand all of the above. Also, could you test with 3.8.1? Even I guess it'll be mostly the same.
Comment 20 Vadim Rutkovsky 2013-05-03 14:16:38 UTC
>Could you provide more detailed steps, please?

1. Disable/remove any GMail email account
2. Setup any other email account
3. Go to Calendar, File - New - Calendar
4. Select Type = 'Google' and specify google credentials
5. Select new google calendar

Result: HTTP 405 error message appears

Reproduced in evolution-3.8.1-1
Comment 21 Milan Crha 2013-05-07 10:31:40 UTC
(In reply to comment #20)
> Result: HTTP 405 error message appears
> 
> Reproduced in evolution-3.8.1-1

Nice, I see it too. The reason is that evolution tries to OPTIONS a www.google.com/ , not the calendar URL. I suppose it's new and unrelated to this CAPTCHA issue, even I agree it's similar. Could you open a new bug report for this, please?
Comment 22 Milan Crha 2013-05-07 11:36:08 UTC
(In reply to comment #21)
> (In reply to comment #20)
> > Result: HTTP 405 error message appears
> > 
> > Reproduced in evolution-3.8.1-1
> 
> Nice, I see it too. The reason is that evolution tries to OPTIONS a
> www.google.com/ , not the calendar URL. I suppose it's new and unrelated to
> this CAPTCHA issue, even I agree it's similar. Could you open a new bug report
> for this, please?

It seems I'm quicker :) (checked on IRC as well).

Created commit 0ccccea in evo master (3.9.2+)
Created commit 9d0632e in evo gnome-3-8 (3.8.2+)

From the commit log:

   Newly configured Google calendar cannot be opened

   Unless the button to choose a calendar was clicked, because
   the calendar path is not filled, thus the server claims
   "HTTP 405 error", which means an OPTIONS request cannot be done
   on the path, which was just root of www.google.com, instead
   of a calendar path. (This was reported as part of bug #659522.)

-------------------------------------------------------------------------

Let's keep this bug opened for the CAPTCHA issue, though I'm not sure how much we can do with it, because the backend returns whatever error code and description the server gave.
Comment 23 Milan Crha 2013-05-07 11:40:44 UTC
Hmm, I guess the Google server just redirects any requests to a /googlecalendar/unavailable.html page, but the CalDAV calendar doesn't notice it (is there any way to recognize this state in general?) and tries to do whatever it is doing, which yields to the 405 error.
Comment 24 Vadim Rutkovsky 2013-05-07 11:56:39 UTC
Issue in comment #20 fixed, thanks
Comment 25 Milan Crha 2015-02-23 15:31:19 UTC
I still do not know how this could happen, but I agree that a URI in the generic connection error message would help to identify the issue, instead of just claiming "Unexpected HTTP status code 405 returned (Method Not Allowed)". That may give the missing hint in cases when the server redirects the page to some odd address, like the CAPTCHA is. I tested this with my server and it returns the URI in the error message too now.

Created commit f7e7724 in eds master (3.15.91+)