Onlyoffice + Humhub can't create and open documents

dschoty · 27 July 2023 14:42

Do you want to: Ask a how-to question
For feature suggestions, describe the result you would like to achieve in detail:
Can’t create or open files from humhub.
Document Server version: 7.4.0.163
Connector version: 3.0.0
DMS (platform) version: Humhub (Professional) 1.14.2
OS: Docker Image
Browser version:
Attach logs if possible.

Hi
we running humhub 1.14.2 with Onlyoffice Connector 3.0.0 and we can’t create / edit / view documents in Humhub. We see in humhub “Please sign in” and the docker logs shows
{"name":"Forbidden","message":"Invalid JWT signature","code":0,"status":403}"

I can’t find what was wrong.
Thanks for any hint to solve this.

David

Humhub

Connector Settings:

Docker:

docker run -i -t -d -p 443:443 --restart=always --name onlyoffice-document-server \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-e JWT_ENABLED=true \
-e JWT_SECRET=my_jwt_secret \
-e JWT_IN_HEADER=true \
-e JWT_IN_BODY=true \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
onlyoffice/documentserver

/var/log/onlyoffice/documentserver/docservice/out.log

[2023-07-27T12:28:14.453] [ERROR] [localhost] [5bc5cbb8611802ecab52] [2e256de3-c26c-4032-b26d-cdf3cdb2d4541] nodeJS - postData error: url = https://portal.MYDOMAIN.DE/onlyoffice/backend/track?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkiOiI1YmM1Y2JiODYxMTgwMmVjYWI1MiIsInVzZXJHdWlkIjoiMmUyNTZkZTMtYzI2Yy00MDMyLWIyNmQtY2RmM2NkYjJkNDU0In0.9MuBujWoToBFevJF7hHNisn891PNwYJikZg018XUoQ4;data = {"key":"5bc5cbb8611802ecab52","status":4,"actions":[{"type":0,"userid":"2e256de3-c26c-4032-b26d-cdf3cdb2d454"}],"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiI1YmM1Y2JiODYxMTgwMmVjYWI1MiIsInN0YXR1cyI6NCwiYWN0aW9ucyI6W3sidHlwZSI6MCwidXNlcmlkIjoiMmUyNTZkZTMtYzI2Yy00MDMyLWIyNmQtY2RmM2NkYjJkNDU0In1dLCJpYXQiOjE2OTA0NjA4OTQsImV4cCI6MTY5MDQ2MTE5NH0.enG6qb7aVNHY7EpnVL_KPzJ4i_JC9-ntGBSL3HJ1s7o"} Error: Error response: statusCode:403; headers:{"date":"Thu, 27 Jul 2023 12:28:13 GMT","server":"Apache/2.4.52 (Ubuntu)","content-security-policy":"script-src 'self' 'unsafe-inline' *.MYDOMAIN.DE, frame-src 'self' ws: wss: mailto: callto: *.MYDOMAIN.DE:*;","vary":"Authorization","set-cookie":["PHPSESSID=gv3cbeb03ptns2q75su601ue7p; path=/; secure; HttpOnly; SameSite=Lax"],"expires":"Thu, 19 Nov 1981 08:52:00 GMT","cache-control":"no-store, no-cache, must-revalidate","pragma":"no-cache","x-content-security-policy":"default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline';","strict-transport-security":"max-age=31536000","x-xss-protection":"1; mode=block","x-content-type-options":"nosniff","referrer-policy":"no-referrer-when-downgrade","x-permitted-cross-domain-policies":"master-only","x-frame-options":"sameorigin","content-length":"76","keep-alive":"timeout=5, max=100","connection":"Keep-Alive","content-type":"application/json; charset=UTF-8"}; body:
{"name":"Forbidden","message":"Invalid JWT signature","code":0,"status":403}
    at Request._callback (/snapshot/server/build/server/Common/sources/utils.js)
    at Request.callback (/snapshot/server/build/server/Common/node_modules/request/request.js:185:22)
    at Request.emit (events.js:400:28)
    at Request.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1154:10)
    at Request.emit (events.js:400:28)
    at IncomingMessage.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1076:12)
    at Object.onceWrapper (events.js:519:28)
    at IncomingMessage.emit (events.js:412:35)
    at endReadableNT (internal/streams/readable.js:1333:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)

/etc/onlyoffice/documentserver/local.json

{
  "services": {
    "CoAuthoring": {
      "sql": {
        "type": "postgres",
        "dbHost": "localhost",
        "dbPort": "5432",
        "dbName": "onlyoffice",
        "dbUser": "onlyoffice",
        "dbPass": "onlyoffice"
      },
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        },
        "inbox": {
          "header": "Authorization",
          "inBody": true
        },
        "outbox": {
          "header": "Authorization",
          "inBody": true
        }
      },
      "secret": {
        "inbox": {
          "string": "my_jwt_secret"
        },
        "outbox": {
          "string": "my_jwt_secret"
        },
        "session": {
          "string": "my_jwt_secret"
        }
      }
    }
  },
  "rabbitmq": {
    "url": "amqp://guest:guest@localhost"
  },
  "storage": {
    "fs": {
      "secretString": "gBEWGdLIMWWZ5ZKTYkgv"
    }
  }
}

Constantine · 1 August 2023 12:39

Hello @dschoty

Similar issue is described here:

Please insert your JWT Header to the corresponding field of the connector app and try again.
In your case, Header is Authorization as it is shown in local.json.

dschoty · 31 August 2023 09:17

Hello @Constantine,
I’m sorry for replying so late. I’m back from vacation.
I have set the same JWT Header in the Connector and local.json (Docker). But it didn’t work.

Updated Onlyoffice to Version 7.4.1.36 (Docker). But it didn’t work.

Alexandre · 4 September 2023 11:26

Hello @dschoty
If you don’t mind, I will join this thread.
Does the situation reproduce if JWT is disabled on the both sides? Or will there be some kind of new error entry?