Seafile Pro 7.1.9 is ready!

daniel.pan · December 4, 2020, 2:19am

This is a maintenance release with the following fixed and improvements:

[new] Add pagination when listing group/department members to avoid a group with too many members
[fix] Disable webdav for users that have 2fa enabled
[fix] Fix OnlyOffice JWT broken for public shared links
[fix] Fix database crash will causing clients to unsync libraries
[fix] Fix webdav LOCK issue
[new, OnlyOffice] Pass user id to OnlyOffice
[fix] Fix check_user_quote command for LDAP users
[fix] Fix LIBRARY_TEMPLATES support
[fix] Fix Markdown print in Firefox
[fix] Fix a bug in OAuth
[fix] Remove unused rest_framework files
[fix] Fix a bug in getting file history
[new] Admin can delete pending invitations
[fix] Fix can not save markdown/text file for shared libraries with advanced permission control
[fix, multi-tenancy] Fix organization traffic stats seem to not work correctly
[fix, multi-tenancy] Fix organization admin update user status error
[fix] Fix Affiliation-Role-Mapping not working

upD8R · December 5, 2020, 8:14am

Hi, thanks for the update!

Can you pls eloborate on this?

[fix] Disable webdav for users that have 2fa enabled

Maybe I’m mistaken but this doesn’t read like a fix but a fundamental change - until I’m missing something. I use 2FA and I use Webdav and I’m aware that Webdav does not support 2FA.

What happens if I upgrade?

shoeper · December 5, 2020, 8:24pm

The best would be if WebDAV would be adjusted to use generated app tokens which can be managed (creation with a name and shown once, deletion) by the user through Seahub.

monotok · December 7, 2020, 1:20am

I am in the same situation. I use both webdav and 2fa; it would be pretty annoying if an update suddenly broke webdav for unencrypted libraries.

Like @shoeper mentioned; the best thing to do would be to enable app generated tokens like Nextcloud and others do.

daniel.pan · December 7, 2020, 3:56am

There is already such an option: ENABLE_WEBDAV_SECRET

https://manual.seafile.com/config/seahub_settings_py/

marcusm · December 7, 2020, 11:56am

Hi @daniel.pan

did you update the german translation since the last version?

eruditewriter · December 7, 2020, 7:25pm

I have been using 2FA and on updating using WebDAV is diabled. Adding “ENABLE_WEBDAV_SECRET” and then setting up a WebDAV Password under user settings doesn’t make it possible to use 2FA and WebDAV. Checking the code it just looks to see if 2FA is set for the session and user or globally and then denies the authentication request. I still want to use WebDAV so I edited seafile-server-latest/seahub/thirdpart/wsgidav/dc/domain_controller.py and commented the offending lines 76-79. Of course that exposed another problem - if I’m not using SSO having a WebDAV password means that I can use both the WebDAV password and the user password. It really should be one or the other.

I agree that WebDAV and 2FA are incompatible, but there should be a check for the WebDAV password and only use that if available. Of course the WebDAV password is not equivalent to similar “app passwords” that are made once and are assigned to one app - this password is to overcome SSO and allow webdav so it’s one password for all applications. I won’t debate the wisdom in using it or not or whether 2FA and WebDAV should co-exist. It was easy enough for me to remove the code but having 2FA and the WebDAV password would be best.

daniel.pan · December 8, 2020, 1:49am

We will check the problem.

TomvB · December 8, 2020, 11:55am

Nevermind. Tested on external locations and it is network related.
Seafile is great (as usual).