ICloud 403 error when syncing non-all-day task
Hi,
I am getting a 403 unauthorised error when trying to sync tasks with iCloud using Davdroid.
This only happens when setting a specific time for events, when editing or creating new tasks on my Android device.
However, the tasks are synced fine when changing all other attributes, and sync fine when enabling “All Day” option.
Thanks.
Thanks for your report. Please read Reporting issues and provide all information mentioned there, including detailled steps to reproduce the issue, client and server software details, and verbose logs.
This is the log I am getting:
06-17 09:25:34.777 29137-1897/? I/davdroid.DavSyncAdapter﹕ Performing sync for authority org.dmfs.tasks
06-17 09:25:34.777 29137-1897/? D/davdroid.DavSyncAdapter﹕ Creating new DavHttpClient
06-17 09:25:34.778 29137-1897/? D/davdroid.DavSyncAdapter﹕ Server supports VCard version 3.0
06-17 09:25:34.786 29137-1897/? V/davdroid.URIUtils﹕ Normalized URL https://p02-caldav.icloud.com:443/xxx/calendars/tasks/ -> https://p02-caldav.icloud.com:443/xxx/calendars/tasks/
06-17 09:25:34.786 29137-1897/? D/davdroid.WebDavResource﹕ Using preemptive authentication (not compatible with Digest auth)
06-17 09:25:34.797 29137-1897/? I/davdroid.SyncManager﹕ Remotely removing 0 deleted resource(s) (if not changed)
06-17 09:25:34.805 29137-1897/? I/davdroid.SyncManager﹕ Uploading 0 new resource(s) (if not existing)
06-17 09:25:34.811 29137-1897/? I/davdroid.SyncManager﹕ Uploading 1 modified resource(s) (if not changed)
06-17 09:25:34.993 29137-1897/? V/davdroid.URIUtils﹕ Normalized URL xxx.ics -> xxx.ics
06-17 09:25:35.644 29137-1897/? E/davdroid.DavSyncAdapter﹕ Hard HTTP error 403
at.bitfire.davdroid.webdav.HttpException: 403 Forbidden
at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:430)
at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:404)
at at.bitfire.davdroid.webdav.WebDavResource.put(WebDavResource.java:381)
at at.bitfire.davdroid.resource.RemoteCollection.update(RemoteCollection.java:196)
at at.bitfire.davdroid.syncadapter.SyncManager.pushDirty(SyncManager.java:169)
at at.bitfire.davdroid.syncadapter.SyncManager.synchronize(SyncManager.java:50)
at at.bitfire.davdroid.syncadapter.DavSyncAdapter.onPerformSync(DavSyncAdapter.java:144)
at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259)
The issue can be replicated by doing the following:
1.) Create a new task using a particular date and time, and timezone.
2.) Go to settings > account > force sync (of DavDroid account containing tasks)
3.) Error pops up and sync fails.
Error does not occur when a date is not set. For example, creating a new task with all day enabled, or no dates specify means that no error occurs.
This error also happens when editing or completing already existing tasks from iCloud which have a time.
Client software:
Davdroid 0.8.0 and Tasks (Marten Gajda)
Server: Apple servers (iCloud)
Thanks for the extensive information. Unfortunately, the setprop calls from https://github.com/bitfireAT/davdroid/wiki/How-to-view-the-logs where not done, so traffic was not logged.
Which time zone? Does it work with other time zones?
Here you go:
06-17 14:25:07.259 27754-12389/at.bitfire.davdroid:sync I/davdroid.DavSyncAdapter﹕ Performing sync for authority org.dmfs.tasks
06-17 14:25:07.259 27754-12389/at.bitfire.davdroid:sync D/davdroid.DavSyncAdapter﹕ Creating new DavHttpClient
06-17 14:25:07.260 27754-12389/at.bitfire.davdroid:sync I/davdroid.DavHttpClient﹕ Wire logging active, disabling HTTP compression
06-17 14:25:07.262 27754-12389/at.bitfire.davdroid:sync D/davdroid.DavSyncAdapter﹕ Server supports VCard version 3.0
06-17 14:25:07.297 27754-12389/at.bitfire.davdroid:sync V/davdroid.URIUtils﹕ Normalized URL https://p02-caldav.icloud.com:443/xxx/calendars/tasks/ -> https://p02-caldav.icloud.com:443/xxx/calendars/tasks/
06-17 14:25:07.297 27754-12389/at.bitfire.davdroid:sync D/davdroid.WebDavResource﹕ Using preemptive authentication (not compatible with Digest auth)
06-17 14:25:07.307 27754-12389/at.bitfire.davdroid:sync I/davdroid.SyncManager﹕ Remotely removing 0 deleted resource(s) (if not changed)
06-17 14:25:07.316 27754-12389/at.bitfire.davdroid:sync I/davdroid.SyncManager﹕ Uploading 0 new resource(s) (if not existing)
06-17 14:25:07.324 27754-12389/at.bitfire.davdroid:sync I/davdroid.SyncManager﹕ Uploading 1 modified resource(s) (if not changed)
06-17 14:25:07.351 27754-12389/at.bitfire.davdroid:sync V/davdroid.URIUtils﹕ Normalized URL xxx.ics -> xxx.ics
06-17 14:25:07.384 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ CookieSpec selected: best-match
06-17 14:25:07.384 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Re-using cached 'basic' auth scheme for https://p02-caldav.icloud.com:443
06-17 14:25:07.386 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection request: [route: HttpRoute[{s}->https://p02-caldav.icloud.com:443]][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 3]
06-17 14:25:07.387 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection leased: [id: 9][route: HttpRoute[{s}->https://p02-caldav.icloud.com:443]][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 3]
06-17 14:25:07.387 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Opening connection HttpRoute[{s}->https://p02-caldav.icloud.com:443]
06-17 14:25:07.492 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connecting to p02-caldav.icloud.com/17.172.208.29:443
06-17 14:25:07.492 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connecting socket to p02-caldav.icloud.com/17.172.208.29:443 with timeout 20000
06-17 14:25:07.812 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
06-17 14:25:07.812 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
06-17 14:25:07.812 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Enabling SNI for p02-caldav.icloud.com
06-17 14:25:07.812 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Starting handshake
06-17 14:25:07.994 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Secure session established
06-17 14:25:07.994 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ negotiated protocol: TLSv1.2
06-17 14:25:07.994 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ negotiated cipher suite: SSL_RSA_WITH_RC4_128_SHA
06-17 14:25:07.994 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ peer principal: C=US, ST=California, O=Apple Inc., OU=management:idms.group.506364, CN=*.icloud.com
06-17 14:25:07.995 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ peer alternative names: [*.icloud.com]
06-17 14:25:07.995 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ issuer principal: C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1
06-17 14:25:07.996 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection established 192.168.xxx.xxx:60125<->17.172.208.29:443
06-17 14:25:07.996 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Executing request PUT /xxx/calendars/tasks/xxx.ics HTTP/1.1
06-17 14:25:07.996 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Target auth state: CHALLENGED
06-17 14:25:07.996 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Proxy auth state: UNCHALLENGED
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "PUT /xxx/calendars/tasks/xxx.ics HTTP/1.1[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "If-Match: "C=21x@U=dbcxxxxx-299d-433c-xxxx-b03320axxxxx"[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Content-Type: text/calendar[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Content-Length: 436[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Host: p02-caldav.icloud.com:443[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Connection: Keep-Alive[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "User-Agent: DAVdroid/0.8.0[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxx[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "BEGIN:VCALENDAR[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "VERSION:2.0[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "PRODID:-//bitfire web engineering//DAVdroid 0.8.0 (ical4j 1.0.x)//EN[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "BEGIN:VTODO[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DTSTAMP:20150617T122507Z[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "UID:xxxxxxxxxxxxxx[\r][\n]"
06-17 14:25:08.000 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "CREATED:xxxxxxx0T212010Z[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "LAST-MODIFIED:20150617T121701Z[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "SUMMARY:Accounts WS[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "STATUS:COMPLETED[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DUE;TZID=Europe/Malta:20111111T090000[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DTSTART;TZID=Europe/Malta:20111111T090000[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "COMPLETED:20150617T121701Z[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "PERCENT-COMPLETE:100[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "END:VTODO[\r][\n]"
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "END:VCALENDAR[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "HTTP/1.1 403 Forbidden[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Content-Length: 137[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Server: iCloudCalendarServer 15CPlus26[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "X-Transaction-Id: e44ebfc6-xxxxxxx[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Date: Wed, 17 Jun 2015 12:25:08 GMT[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "X-Responding-Server: st11p02me-caldav038 8 xxxxxx[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Content-Type: text/xml[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "[\r][\n]"
06-17 14:25:08.224 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "<?xml version='1.0' encoding='UTF-8'?><error xmlns='DAV:'><valid-calendar-object-resource xmlns='urn:ietf:params:xml:ns:caldav'/></error>"
06-17 14:25:08.225 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection can be kept alive indefinitely
06-17 14:25:08.225 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Authentication succeeded
06-17 14:25:08.225 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ http-outgoing-9: Shutdown connection
06-17 14:25:08.232 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection discarded
06-17 14:25:08.232 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ http-outgoing-9: Close connection
06-17 14:25:08.232 27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection released: [id: 9][route: HttpRoute[{s}->https://p02-caldav.icloud.com:443]][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 3]
06-17 14:25:08.238 27754-12389/at.bitfire.davdroid:sync E/davdroid.DavSyncAdapter﹕ Hard HTTP error 403
at.bitfire.davdroid.webdav.HttpException: 403 Forbidden
at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:430)
at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:404)
at at.bitfire.davdroid.webdav.WebDavResource.put(WebDavResource.java:381)
at at.bitfire.davdroid.resource.RemoteCollection.update(RemoteCollection.java:196)
at at.bitfire.davdroid.syncadapter.SyncManager.pushDirty(SyncManager.java:169)
at at.bitfire.davdroid.syncadapter.SyncManager.synchronize(SyncManager.java:50)
at at.bitfire.davdroid.syncadapter.DavSyncAdapter.onPerformSync(DavSyncAdapter.java:144)
at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259)
06-17 14:25:08.258 27754-12389/at.bitfire.davdroid:sync I/davdroid.DavSyncAdapter﹕ Sync complete for org.dmfs.tasks
06-17 14:25:08.268 27754-27754/at.bitfire.davdroid:sync D/davdroid.DavSyncAdapter﹕ Closing httpClient
06-17 14:25:08.270 27754-27882/at.bitfire.davdroid:sync D/HttpClient﹕ Connection manager is shutting down
06-17 14:25:08.270 27754-27882/at.bitfire.davdroid:sync D/HttpClient﹕ Connection manager shut down
All timezones result in the same bug.
Is Apple’s two-factor authentication disabled?
Yes 2 factor authentication is disabled.
As I said, syncing works fine unless a task contains a populated time field.
On 17 Jun 2015 2:47 pm, “rfc2822” notifications@github.com wrote:
Apple two-factor authentication is disabled?
—
Reply to this email directly or view it on GitHub
https://github.com/bitfireAT/davdroid/issues/553#issuecomment-112786172.
Any news on this issue?
On 17 June 2015 at 15:06, Daniel Theuma theumad@gmail.com wrote:
Yes 2 factor authentication is disabled.
As I said, syncing works fine unless a task contains a populated time
field.
On 17 Jun 2015 2:47 pm, “rfc2822” notifications@github.com wrote:Apple two-factor authentication is disabled?
—
Reply to this email directly or view it on GitHub
https://github.com/bitfireAT/davdroid/issues/553#issuecomment-112786172
.
No, has still to be investigated. I guess that the created iCal file is somehow not acceptable for iCloud. If you have time and experience, you could try to do the PUT request manually with different content and find out which field causes the error.
The error is caused by the time field. If a task is created without a time
field, then the error does not occur. If a task is created with a time
field, then the error occurs.
On 13 July 2015 at 14:38, rfc2822 notifications@github.com wrote:
No, has still to be investigated. I guess that the created iCal file is
somehow not acceptable for iCloud. If you have time and experience, you
could try to do the PUT request manually with different content and find
out which field causes the error.—
Reply to this email directly or view it on GitHub
https://github.com/bitfireAT/davdroid/issues/553#issuecomment-120913664.
Therefore, setting a task as ‘All Day’ means that synchronisation is fine.
If instead of ‘All Day’, specific time is specified, then the error occurs.
Completing, or editing a task which contains a time field will result in
the error as well.
On 13 July 2015 at 16:53, Daniel Theuma theumad@gmail.com wrote:
The error is caused by the time field. If a task is created without a time
field, then the error does not occur. If a task is created with a time
field, then the error occurs.On 13 July 2015 at 14:38, rfc2822 notifications@github.com wrote:
No, has still to be investigated. I guess that the created iCal file is
somehow not acceptable for iCloud. If you have time and experience, you
could try to do the PUT request manually with different content and find
out which field causes the error.—
Reply to this email directly or view it on GitHub
https://github.com/bitfireAT/davdroid/issues/553#issuecomment-120913664
.
Can’t reproduce the problem here, adding/modifying task on iCloud via DAVdroid works (with time fields set).
06-17 14:25:08.001 27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DUE;TZID=Europe/Malta:20111111T090000[\r][\n]"
I wonder how you could set the Malta time zone? My Android devices don’t show this time zone.
Can you please try to add a new task with another time zone, for instance Europe/Vienna and see whether it works?
Seems to be working now. I don’t kniw what happened. Could have been some kind of misconfiguration on Apple’s side. Will reopen if problem resurfaces.
Ok, perfect 