https://gramps.malakan.co.uk for both the sync addon and browser

image405×163 9.08 KB

Please check if this works (don’t post the token here…)

curl -X POST https://gramps.malakan.co.uk/api/token/ \
     -H "Content-Type: application/json" \
     -d '{"username": "desktop", "password": "YOUR_PASSWORD"}'

Also, please make sure the user desktop is actually a tree owner, not just editor. That could also explain the error.

desktop was not a owner but error still occurs with the owner account.

As for the curl and with the owner account details, I get json back with an access_token and refresh_token.

Which error do you get in sync addon using the owner account and triple checking that the password is correct?

The same error as before, after tripple checking username and password:

Server authorization error: insufficient permissions.

I also tried resetting the password but I get the same error.

Ok, here is a combination of things that I think are simply impossible:

1. You see log entries like grampsweb | [2024-12-05 09:29:25 +0000] [14] [DEBUG] GET /api/metadata/ when using Gramps Web
2. You do not see log entries when connecting with the sync addon
3. The sync addon responds with Server authorization error: insufficient permissions.

The reason I think this is impossible is that 3. is only possible if the server responds with 403, as shown by the code snippet above. But if the server responds, you must see the request.

The only other explanation is that you have some weird authenticating proxy or something in between, that you didn’t mention here.

I don’t understand it myself, thank you so much for spending your time in helping me with this!

I don’t have an authenticating proxy that I’m aware of.

So my setup in full, as it may help shine a light on the issue:

1. I have a domain via cloudflare, I have A records pointing to me.
2. My home router is set to forward http/https/ssh requests to the server itself
3. The server (old laptop) is running docker-compose and setup with let’s encrypt following this guide.
4. I have nginx reverse proxy setup inline with the guide and is the only proxy I have.

Would my docker-compose.yml and nginx.conf help to diagnose here?

When you did the curl, did you see a log entry
grampsweb | [...] [14] [DEBUG] GET /api/token/?

I see this

“POST /api/token/ HTTP/2.0” 200 813 “-” “curl/8.5.0”

Great. And when you use sync, this does not show up? Sorry for asking the same thing again and again, just can’t wrap my head around this

In my nginx.conf file I have

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

in both the http block and the server block.

I see the POST log in access.log each time I do the curl command, nothing appears in access.log or error.log when attempting to use sync.

I don’t know if this is relevant to the situation but might be something:

curl -w ‘%{http_code}’ https://gramps.malakan.co.uk

results in

curl: (35) schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.
‘000’

but removing https:// from the url and adding in the -ssh flag I get a different response

curl -w ‘%{http_code}’ -ssl gramps.malakan.co.uk

results in

301 Moved Permanently

301 Moved Permanently

---

nginx ':301'

so if i curl with https:// it seems I’m get blocked by the certificate?

Hey again, I’m still trying to get the sync addon working.

I’ve changed from nginx to Caddy in an attempt to resolve this issue.

I have repeated the curl command you previously gave me works

curl -X POST https://gramps.malakan.co.uk/api/token/ \
     -H "Content-Type: application/json" \
     -d '{"username": "desktop", "password": "YOUR_PASSWORD"}'

I can see 404 errors and 403 errors in the logs but still nothing when trying with the sync addon.

Not sure what I’m doing wrong and am at my wits end.

Hi,

last week, version 1.2 of the Sync Addon was released which adds a lot of debug logging. Can you please use that one? Also please use Web API 2.7.0 if possible.

Note that the latest version of the addon can now always be obtained from the official addon repository via the Gramps addon manager rather than from the separate development repository.

The documentation has also been expanded significantly:
https://www.grampsweb.org/administration/sync/

Thank you, will look into it!

How do I choose to use Web API 2.7? I don’t see anything specifying a version in the docker-compose setup

After restarting my server just now the, the Web API is only 2.6.0. Full system information:

Gramps 5.2.3
Gramps Web API 2.6.0
Gramps Web Frontend 24.12.0
Gramps QL 0.3.0
Sifts 1.0.0
locale: en
multi-tree: false
task queue: true
OCR: true
chat: false

Edit: The one thing I see with a specified version number is the grampsweb_redis

grampsweb_redis:
    image: docker.io/library/redis:7.2.4-alpine

Does this need to be updated?

Hi,

docker compose pull grampsweb && docker compose up -d should do the trick…

Ah of course. My mistake, I thought that by using latest for the image in the docker-compose file that it would always pull the latest image.

I am now on API 2.7.0, thank you!

Using latest grampsweb with Gramps 5.2.3 and Sync 1.2.1 on Windows, I get the log output below. The user Malakan is the administrator.

setup debugging grampswebsync
2025-01-13 10:08:55.322: DEBUG: grampswebsync.py: line 103: Initializing Gramps Web Sync addon.
2025-01-13 10:08:56.586: DEBUG: grampswebsync.py: line 79: Retrieving password for user Malakan
2025-01-13 10:08:56.586: WARNING: grampswebsync.py: line 83: Keyring is not installed, cannot retrieve password.
2025-01-13 10:08:58.093: DEBUG: grampswebsync.py: line 222: Moving to next page from page 0.
2025-01-13 10:08:58.094: DEBUG: grampswebsync.py: line 222: Moving to next page from page 1.
2025-01-13 10:09:03.199: DEBUG: grampswebsync.py: line 222: Moving to next page from page 1.
2025-01-13 10:09:05.499: DEBUG: grampswebsync.py: line 222: Moving to next page from page 1.
2025-01-13 10:09:06.039: DEBUG: grampswebsync.py: line 222: Moving to next page from page 1.
2025-01-13 10:09:11.018: DEBUG: grampswebsync.py: line 222: Moving to next page from page 1.
2025-01-13 10:09:11.020: DEBUG: webapihandler.py: line 162: Fetching an access token from the server
2025-01-13 10:09:11.459: DEBUG: webapihandler.py: line 162: Fetching an access token from the server
2025-01-13 10:09:11.902: ERROR: grampswebsync.py: line 425: Server authorization error: insufficient permissions.

It appears to be trying to fetch the access token twice. I assume this is the curl command you gave me to try previously?

curl -X POST https://gramps.malakan.co.uk/api/token/ \
     -H "Content-Type: application/json" \
     -d '{"username": "Malakan", "password": "YOUR_PASSWORD"}'

I ran this again and returned JSON format with access_token and refresh_token keys and values.