Seafile 8.0.x with WebDav and 2FA

fungs · March 8, 2023, 4:05pm

I’m running the latest 8 version of Seafile in the official Docker container. I have enabled both 2FA and webdav. I can use webdav for one user without an issue, for which 2FA is not enabled. For another user with 2FA enabled, the request always returns 401 Access not authorized.

Does anybody know what the official status of webdav, API tokens and 2FA is? It may be correct to disable webdav if it does not implement 2FA correctly. Ideally, I could configure webdav access on a per-library level using API tokens.

monotok · April 21, 2023, 12:31am

https://manual.seafile.com/config/seahub_settings_py/

You need to add these two options to your seahub settings file.

ENABLE_WEBDAV_SECRET = True
WEBDAV_SECRET_MIN_LENGTH = 8

You will then see an option under your account settings that you can set the webdav password. Its better than nothing but not ‘app passwords’.

fungs · April 21, 2023, 8:13am

Thanks @monotok, I tried before with different settings and did it again now. I’m getting closer, because I get the following error (log) when setting the webdav password.

2023-04-21 08:08:24,018 [ERROR] django.request:222 log_response Internal Server Error: /api/v2.1/webdav-secret/
Traceback (most recent call last):
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/rest_framework/views.py", line 505, in dispatch
    response = self.handle_exception(exc)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/rest_framework/views.py", line 465, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/rest_framework/views.py", line 476, in raise_uncaught_exception
    raise exc
  File "/opt/seafile/seafile-server-8.0.8/seahub/thirdpart/rest_framework/views.py", line 502, in dispatch
    response = handler(request, *args, **kwargs)
  File "/opt/seafile/seafile-server-8.0.8/seahub/seahub/api2/endpoints/webdav_secret.py", line 44, in put
    aes = AESPasswordHasher()
  File "/opt/seafile/seafile-server-8.0.8/seahub/seahub/utils/hasher.py", line 39, in __init__
    self.cipher = AES.new(secret.encode('utf-8'), AES.MODE_ECB)
AttributeError: 'NoneType' object has no attribute 'new'

It seems like the the AES module?! isn’t doing what it should.

monotok · April 21, 2023, 5:11pm

It should be that simple. I am running 9.0.15 currently.

However I just checked and my old version is running 8.0.8. That config change is all I did and it worked there.