ICloud 403 error when syncing non-all-day task



  • Hi,

    I am getting a 403 unauthorised error when trying to sync tasks with iCloud using Davdroid.

    This only happens when setting a specific time for events, when editing or creating new tasks on my Android device.

    However, the tasks are synced fine when changing all other attributes, and sync fine when enabling "All Day" option.

    Thanks.


  • developer

    Thanks for your report. Please read Reporting issues and provide all information mentioned there, including detailled steps to reproduce the issue, client and server software details, and verbose logs.



  • This is the log I am getting:

    06-17 09:25:34.777   29137-1897/? I/davdroid.DavSyncAdapter﹕ Performing sync for authority org.dmfs.tasks
    06-17 09:25:34.777   29137-1897/? D/davdroid.DavSyncAdapter﹕ Creating new DavHttpClient
    06-17 09:25:34.778   29137-1897/? D/davdroid.DavSyncAdapter﹕ Server supports VCard version 3.0
    06-17 09:25:34.786   29137-1897/? V/davdroid.URIUtils﹕ Normalized URL https://p02-caldav.icloud.com:443/xxx/calendars/tasks/ -> https://p02-caldav.icloud.com:443/xxx/calendars/tasks/
    06-17 09:25:34.786   29137-1897/? D/davdroid.WebDavResource﹕ Using preemptive authentication (not compatible with Digest auth)
    06-17 09:25:34.797   29137-1897/? I/davdroid.SyncManager﹕ Remotely removing 0 deleted resource(s) (if not changed)
    06-17 09:25:34.805   29137-1897/? I/davdroid.SyncManager﹕ Uploading 0 new resource(s) (if not existing)
    06-17 09:25:34.811   29137-1897/? I/davdroid.SyncManager﹕ Uploading 1 modified resource(s) (if not changed)
    06-17 09:25:34.993   29137-1897/? V/davdroid.URIUtils﹕ Normalized URL xxx.ics -> xxx.ics
    
    
    06-17 09:25:35.644   29137-1897/? E/davdroid.DavSyncAdapter﹕ Hard HTTP error 403
        at.bitfire.davdroid.webdav.HttpException: 403 Forbidden
                at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:430)
                at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:404)
                at at.bitfire.davdroid.webdav.WebDavResource.put(WebDavResource.java:381)
                at at.bitfire.davdroid.resource.RemoteCollection.update(RemoteCollection.java:196)
                at at.bitfire.davdroid.syncadapter.SyncManager.pushDirty(SyncManager.java:169)
                at at.bitfire.davdroid.syncadapter.SyncManager.synchronize(SyncManager.java:50)
                at at.bitfire.davdroid.syncadapter.DavSyncAdapter.onPerformSync(DavSyncAdapter.java:144)
                at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259)
    

    The issue can be replicated by doing the following:
    1.) Create a new task using a particular date and time, and timezone.
    2.) Go to settings > account > force sync (of DavDroid account containing tasks)
    3.) Error pops up and sync fails.

    Error does not occur when a date is not set. For example, creating a new task with all day enabled, or no dates specify means that no error occurs.
    This error also happens when editing or completing already existing tasks from iCloud which have a time.

    Client software:
    Davdroid 0.8.0 and Tasks (Marten Gajda)
    Server: Apple servers (iCloud)


  • developer

    Thanks for the extensive information. Unfortunately, the setprop calls from https://github.com/bitfireAT/davdroid/wiki/How-to-view-the-logs where not done, so traffic was not logged.

    Which time zone? Does it work with other time zones?



  • Here you go:

    06-17 14:25:07.259  27754-12389/at.bitfire.davdroid:sync I/davdroid.DavSyncAdapter﹕ Performing sync for authority org.dmfs.tasks
    06-17 14:25:07.259  27754-12389/at.bitfire.davdroid:sync D/davdroid.DavSyncAdapter﹕ Creating new DavHttpClient
    06-17 14:25:07.260  27754-12389/at.bitfire.davdroid:sync I/davdroid.DavHttpClient﹕ Wire logging active, disabling HTTP compression
    06-17 14:25:07.262  27754-12389/at.bitfire.davdroid:sync D/davdroid.DavSyncAdapter﹕ Server supports VCard version 3.0
    06-17 14:25:07.297  27754-12389/at.bitfire.davdroid:sync V/davdroid.URIUtils﹕ Normalized URL https://p02-caldav.icloud.com:443/xxx/calendars/tasks/ -> https://p02-caldav.icloud.com:443/xxx/calendars/tasks/
    06-17 14:25:07.297  27754-12389/at.bitfire.davdroid:sync D/davdroid.WebDavResource﹕ Using preemptive authentication (not compatible with Digest auth)
    06-17 14:25:07.307  27754-12389/at.bitfire.davdroid:sync I/davdroid.SyncManager﹕ Remotely removing 0 deleted resource(s) (if not changed)
    06-17 14:25:07.316  27754-12389/at.bitfire.davdroid:sync I/davdroid.SyncManager﹕ Uploading 0 new resource(s) (if not existing)
    06-17 14:25:07.324  27754-12389/at.bitfire.davdroid:sync I/davdroid.SyncManager﹕ Uploading 1 modified resource(s) (if not changed)
    06-17 14:25:07.351  27754-12389/at.bitfire.davdroid:sync V/davdroid.URIUtils﹕ Normalized URL xxx.ics -> xxx.ics
    06-17 14:25:07.384  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ CookieSpec selected: best-match
    06-17 14:25:07.384  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Re-using cached 'basic' auth scheme for https://p02-caldav.icloud.com:443
    06-17 14:25:07.386  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection request: [route: HttpRoute[{s}->https://p02-caldav.icloud.com:443]][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 3]
    06-17 14:25:07.387  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection leased: [id: 9][route: HttpRoute[{s}->https://p02-caldav.icloud.com:443]][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 3]
    06-17 14:25:07.387  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Opening connection HttpRoute[{s}->https://p02-caldav.icloud.com:443]
    06-17 14:25:07.492  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connecting to p02-caldav.icloud.com/17.172.208.29:443
    06-17 14:25:07.492  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connecting socket to p02-caldav.icloud.com/17.172.208.29:443 with timeout 20000
    06-17 14:25:07.812  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
    06-17 14:25:07.812  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
    06-17 14:25:07.812  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Enabling SNI for p02-caldav.icloud.com
    06-17 14:25:07.812  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Starting handshake
    06-17 14:25:07.994  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Secure session established
    06-17 14:25:07.994  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ negotiated protocol: TLSv1.2
    06-17 14:25:07.994  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ negotiated cipher suite: SSL_RSA_WITH_RC4_128_SHA
    06-17 14:25:07.994  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ peer principal: C=US, ST=California, O=Apple Inc., OU=management:idms.group.506364, CN=*.icloud.com
    06-17 14:25:07.995  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ peer alternative names: [*.icloud.com]
    06-17 14:25:07.995  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ issuer principal: C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1
    06-17 14:25:07.996  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection established 192.168.xxx.xxx:60125<->17.172.208.29:443
    06-17 14:25:07.996  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Executing request PUT /xxx/calendars/tasks/xxx.ics HTTP/1.1
    06-17 14:25:07.996  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Target auth state: CHALLENGED
    06-17 14:25:07.996  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Proxy auth state: UNCHALLENGED
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "PUT /xxx/calendars/tasks/xxx.ics HTTP/1.1[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "If-Match: "C=21x@U=dbcxxxxx-299d-433c-xxxx-b03320axxxxx"[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Content-Type: text/calendar[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Content-Length: 436[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Host: p02-caldav.icloud.com:443[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Connection: Keep-Alive[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "User-Agent: DAVdroid/0.8.0[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxx[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "BEGIN:VCALENDAR[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "VERSION:2.0[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "PRODID:-//bitfire web engineering//DAVdroid 0.8.0 (ical4j 1.0.x)//EN[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "BEGIN:VTODO[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DTSTAMP:20150617T122507Z[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "UID:xxxxxxxxxxxxxx[\r][\n]"
    06-17 14:25:08.000  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "CREATED:xxxxxxx0T212010Z[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "LAST-MODIFIED:20150617T121701Z[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "SUMMARY:Accounts WS[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "STATUS:COMPLETED[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DUE;TZID=Europe/Malta:20111111T090000[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DTSTART;TZID=Europe/Malta:20111111T090000[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "COMPLETED:20150617T121701Z[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "PERCENT-COMPLETE:100[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "END:VTODO[\r][\n]"
    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "END:VCALENDAR[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "HTTP/1.1 403 Forbidden[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Content-Length: 137[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Server: iCloudCalendarServer 15CPlus26[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "X-Transaction-Id: e44ebfc6-xxxxxxx[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Date: Wed, 17 Jun 2015 12:25:08 GMT[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "X-Responding-Server: st11p02me-caldav038 8 xxxxxx[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Content-Type: text/xml[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "[\r][\n]"
    06-17 14:25:08.224  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 << "<?xml version='1.0' encoding='UTF-8'?><error xmlns='DAV:'><valid-calendar-object-resource xmlns='urn:ietf:params:xml:ns:caldav'/></error>"
    06-17 14:25:08.225  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection can be kept alive indefinitely
    06-17 14:25:08.225  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Authentication succeeded
    06-17 14:25:08.225  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ http-outgoing-9: Shutdown connection
    06-17 14:25:08.232  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection discarded
    06-17 14:25:08.232  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ http-outgoing-9: Close connection
    06-17 14:25:08.232  27754-12389/at.bitfire.davdroid:sync D/HttpClient﹕ Connection released: [id: 9][route: HttpRoute[{s}->https://p02-caldav.icloud.com:443]][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 3]
    06-17 14:25:08.238  27754-12389/at.bitfire.davdroid:sync E/davdroid.DavSyncAdapter﹕ Hard HTTP error 403
        at.bitfire.davdroid.webdav.HttpException: 403 Forbidden
                at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:430)
                at at.bitfire.davdroid.webdav.WebDavResource.checkResponse(WebDavResource.java:404)
                at at.bitfire.davdroid.webdav.WebDavResource.put(WebDavResource.java:381)
                at at.bitfire.davdroid.resource.RemoteCollection.update(RemoteCollection.java:196)
                at at.bitfire.davdroid.syncadapter.SyncManager.pushDirty(SyncManager.java:169)
                at at.bitfire.davdroid.syncadapter.SyncManager.synchronize(SyncManager.java:50)
                at at.bitfire.davdroid.syncadapter.DavSyncAdapter.onPerformSync(DavSyncAdapter.java:144)
                at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:259)
    06-17 14:25:08.258  27754-12389/at.bitfire.davdroid:sync I/davdroid.DavSyncAdapter﹕ Sync complete for org.dmfs.tasks
    06-17 14:25:08.268  27754-27754/at.bitfire.davdroid:sync D/davdroid.DavSyncAdapter﹕ Closing httpClient
    06-17 14:25:08.270  27754-27882/at.bitfire.davdroid:sync D/HttpClient﹕ Connection manager is shutting down
    06-17 14:25:08.270  27754-27882/at.bitfire.davdroid:sync D/HttpClient﹕ Connection manager shut down
    

    All timezones result in the same bug.


  • developer

    Is Apple's two-factor authentication disabled?



  • Yes 2 factor authentication is disabled.

    As I said, syncing works fine unless a task contains a populated time field.
    On 17 Jun 2015 2:47 pm, "rfc2822" notifications@github.com wrote:

    Apple two-factor authentication is disabled?


    Reply to this email directly or view it on GitHub
    https://github.com/bitfireAT/davdroid/issues/553#issuecomment-112786172.



  • Any news on this issue?

    On 17 June 2015 at 15:06, Daniel Theuma theumad@gmail.com wrote:

    Yes 2 factor authentication is disabled.

    As I said, syncing works fine unless a task contains a populated time
    field.
    On 17 Jun 2015 2:47 pm, "rfc2822" notifications@github.com wrote:

    Apple two-factor authentication is disabled?


    Reply to this email directly or view it on GitHub
    https://github.com/bitfireAT/davdroid/issues/553#issuecomment-112786172
    .


  • developer

    No, has still to be investigated. I guess that the created iCal file is somehow not acceptable for iCloud. If you have time and experience, you could try to do the PUT request manually with different content and find out which field causes the error.



  • The error is caused by the time field. If a task is created without a time
    field, then the error does not occur. If a task is created with a time
    field, then the error occurs.

    On 13 July 2015 at 14:38, rfc2822 notifications@github.com wrote:

    No, has still to be investigated. I guess that the created iCal file is
    somehow not acceptable for iCloud. If you have time and experience, you
    could try to do the PUT request manually with different content and find
    out which field causes the error.


    Reply to this email directly or view it on GitHub
    https://github.com/bitfireAT/davdroid/issues/553#issuecomment-120913664.



  • Therefore, setting a task as 'All Day' means that synchronisation is fine.
    If instead of 'All Day', specific time is specified, then the error occurs.

    Completing, or editing a task which contains a time field will result in
    the error as well.

    On 13 July 2015 at 16:53, Daniel Theuma theumad@gmail.com wrote:

    The error is caused by the time field. If a task is created without a time
    field, then the error does not occur. If a task is created with a time
    field, then the error occurs.

    On 13 July 2015 at 14:38, rfc2822 notifications@github.com wrote:

    No, has still to be investigated. I guess that the created iCal file is
    somehow not acceptable for iCloud. If you have time and experience, you
    could try to do the PUT request manually with different content and find
    out which field causes the error.


    Reply to this email directly or view it on GitHub
    https://github.com/bitfireAT/davdroid/issues/553#issuecomment-120913664
    .


  • developer

    Can't reproduce the problem here, adding/modifying task on iCloud via DAVdroid works (with time fields set).

    06-17 14:25:08.001  27754-12389/at.bitfire.davdroid:sync D/Wire﹕ http-outgoing-9 >> "DUE;TZID=Europe/Malta:20111111T090000[\r][\n]"
    

    I wonder how you could set the Malta time zone? My Android devices don't show this time zone.

    Can you please try to add a new task with another time zone, for instance Europe/Vienna and see whether it works?



  • Seems to be working now. I don't kniw what happened. Could have been some kind of misconfiguration on Apple's side. Will reopen if problem resurfaces.


  • developer

    Ok, perfect :)


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.