Issue when sharing resource with a group using the API

romcis · May 24, 2019, 1:30pm

Hi,
I would need help with sharing resource to my group.
I get a list of aros from /share/search-aros.json?api-version=v2. Then I take public key of all items in body except item 0, which is group.
Then I encrypt secret with all this keys. and post it to passbolt with permissions. I run simulation and proper PUT of shared resource. I got responses like this:
Simulation:

{
  "header": {
    "id": "77be293a-e936-47bd-a374-6b0cf5a14e14",
    "status": "success",
    "servertime": 1558704204,
    "title": "app_share_dryRun_success",
    "action": "7df37cb5-cfb9-57c2-a7a5-b65c9f573de0",
    "message": "The operation was successful.",
    "url": "\\/share\\/simulate\\/resource\\/721b4cfb-95a7-4998-a1e1-0ec880202ce6.json?api-version=v2",
    "code": 200
  },
  "body": {
    "changes": {
      "added": [
        {
          "User": {
            "id": "5afa8b42-65e2-4180-b18f-8b796cd5e7f9"
          }
        },
        {
          "User": {
            "id": "5698ff9c-aa6c-4de1-847f-b12a644aab7d"
          }
        },
        {
          "User": {
            "id": "dff78e84-5d44-436a-af1f-de83a9036dcf"
          }
        },
        {
          "User": {
            "id": "bddca801-e920-490c-ac25-c07e0799916b"
          }
        },
        {
          "User": {
            "id": "84944791-f042-4bfd-bb4f-d278bae46545"
          }
        },
        {
          "User": {
            "id": "0ff20a46-d705-454d-baf1-b678ab5f3d13"
          }
        },
        {
          "User": {
            "id": "15a9ae4b-b542-47cd-a7bc-8204b1c78c53"
          }
        },
        {
          "User": {
            "id": "de0b1786-ddbe-452d-9a92-01f64511b364"
          }
        }
      ],
      "removed": []
    }
  }
}

Proper PUT:

{
  "header": {
    "id": "3be164eb-b671-4a4c-9a11-64be3f114fbf",
    "status": "error",
    "servertime": 1558704205,
    "title": "app_share_share_error",
    "action": "f3b4bd12-9d43-5749-a5fe-425c4cfe3ccb",
    "message": "Not Found",
    "url": "\\/share\\/resource\\/721b4cfb-95a7-4998-a1e1-0ec880202ce6.json?api-version=v2",
    "code": 400
  },
  "body": {
    "secrets": {
      "secrets_provided": "The secrets of all the users having access to the resource are required."
    }
  }
}

There is not more users then list i got from aros. What am’I missing?
Just to give more info…this are data I’m sending to passbolt API.

{  
   "permissions":[  
      {  
         "is_new":"true",
         "aro":"Group",
         "aro_foreign_key":"1bc2d0da-287d-44e7-9bc9-d35ced1ec2d6",
         "aco":"Resource",
         "aco_foreign_key":"721b4cfb-95a7-4998-a1e1-0ec880202ce6",
         "type":"7"
      }
   ],
   "secrets":[  
      {  
         "user_id":"5698ff9c-aa6c-4de1-847f-b12a644aab7d",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA5Yn1GZO6R5PAQf+MjxsUxOaIBRjqYvEG7m\/o7f+97XZlBFUC6Ui21\/UCP6E\n9dU5MTQQ\/VCddaCgI9yIAKq4u5sLoWrlxphJq1Hi1QvVGj+dBaZb4FuRgUAbpdA2\n9jOtmgeAQnC1K6F1ehoBpQjGaeN16W\/GR1CgkE\/WuICvM1HT281PCn9ygU3mSB\/D\nOx5raJvLjGlkqFXhrEdCtYSUAgjQmkRFMkklZhO3W9OQYfs\/vQGoFjioScGbOSd7\nS5FFwceJn4XmnVfG8eKe6ODxnR1oqqrnBBrsbWaFdn7V4OdpNkQoWDYjJ401PB1g\n3Tw+b4txsqHhXcx7Sqxn6K8iaU01t1oldywTlNzBwtJHAc9qqULn8GC8SC\/X3cVz\nsc2GzO6TAaf6q4pfp+TgSBRSPWJ42sTZ2c0WMkFaLqX7PdUALCSUUN77vj\/OkI6m\ngSspcKAYDIc=\n=WyvL\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"0ff20a46-d705-454d-baf1-b678ab5f3d13",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA8t3MA0H3vOSAQgA1DgvL1ccqo8Yq8vla5kQ3RK5ttjDE6AIsVhWTQdAbaFI\nbpRs2oWKUVH1ZYEedjfVf4PeVIvaLrHxFmaRpNwnD2vQvKviPpFkfFgp3pskEEVd\nAP2oCZPd50LMJhX40ZzgWeLEOb8+4R4rfzCRsrTNBOnj1U4FiT\/LqjYsFDLw8KwP\nPB+RDhwIG+iVHaNzWU1sqdT4bxrssMa6tvbmGTbbO94h6vRpKIfUQGswslw6oRmf\nm7YOlddXiy7TiPBcj0HgTs9wdaoeHzMHiILqlPTTxXLFfjOhSknYIlK4v9naOo\/I\nqwiagw5ag6rmXZ+28PS9OrEyVniOIHYVT+t9hczP4NJHAUR5cBAiHC3bq4kLzmNC\nBKylwV\/A+QvGMl2gy6P2zuCqeengx6kSlkhJvbLNRDknrFRvUzXgYbcNne86Py9Q\n9bLBqYEnEXM=\n=rG5u\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"bddca801-e920-490c-ac25-c07e0799916b",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQGMA5DEzLJi6tx8AQv\/XFsv4Nl\/9aca+AVuiZDNO+P\/73UY6P7cooci2RZ3nLqa\neEaY+7sZaZzG7\/WrYY2GCjDyLVF7eiZr9rFgYlOm\/GzLaSYZJLnweOpskvozrxeX\nfvqgULMx83HiLMwIo9SSOrDsp4TtpQBdNpvdDFwFCRQkklcIOZnLH20\/AnuyAP\/x\nIT0\/QAHBPX1A5c+zBlGvcyuN1FCfrrWLMLt3M8RPxjEjG1jrkFO2hNX7jyM3WJek\nAo1iYW22+FFICTzjOn\/qXXUUCsSvMoRa1ko3yMvq4b5ienD0GiabM8JaDzK28UBp\nxn4xqkzHWLN6JlNbYBwnkVVfnxOvQmbDHSHCFwBwJ3F2Kk2RQtNF4F5Og6ORZnx5\nxnBgc0iTy\/6uYFAfR4J\/QHStLsYK8iqnOaXVZP8ZMAS3GdUeZ\/PR1v8vtNQbvNRR\nlTUhJiwTW1jAsMO20Kf+LhxPaXHVjCUIY8EHppySOUBEsGi70Dc0b9xsyxvfHtw4\n4RN4cvHfX60\/oWE3R7q70kcBeED6EFBdImktKg34DOShIvOx2WFKfCq7eAgwr9GN\nOL2En7PaEoanylsRgT+k2AW2Tk\/33O8U8HFOy50CSCPhixddx+y\/AA==\n=Kuzc\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"dff78e84-5d44-436a-af1f-de83a9036dcf",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA52wi32z2rfIAQf\/SO8qXaVFt5rTOPVJhYFdU7iHsbDf2GCM2ijE1JBnCGSW\nNSfh5g83+7wsrMje5ttrLsNB\/2tuYDsfQOenD+4h2EdZcxxvoCnPBU4scY\/ZqwrQ\nIq+686g8tqrO7+lUPdCDZkcaN1WhIhr40Bxz57y0QfQ7k93sqHdb9mjM+P9k1LWo\n++AXIGAS7wD2Zabfd6ZUSGQIzyu2xKAj4GExbUCfRq3ln21zPP3CMPmX87pwslIG\nuL2WqlZI3v5TTU1hzzh0nCyqmfQwmQcAm+t1dQKIeSfNRBjbNQl4Hzx6fZXcTpTw\nZ9txVu5nHpBGiMenLxl7dUkrLi047ckZqE\/drHOKVdJHASw4FgnDePqHTnK+FuRz\nS\/yPv8tAg+zrwXo6rkINmTuV47kjhbSLR8bTm2urd9wjSQZzFU5CS\/TozC7D1YW5\nfuiAql0eun4=\n=Ly90\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"53ebbb87-7c77-4aaf-bc2d-363fd181cb2e",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMAxpM4shU\/bd2AQf7BKH11eo5q9Y9XMasvXQWqy\/1AwdPU5eneLSDQmQIufaV\ntduVS55QtIXzIntxovBmlzDfYS0Bvk5ufczJ1RYp0VBf4u\/eUtnrhwuakxWVUVpP\nZG7o+EwF6hbTUYq1Vij8p6CLPyjyfOkgpvb++sgYllDcwc9R0JvZoH7zBo0teTGT\njQcv8GDYm7K3iexKHbqxlGffsKdmq4sgQiZyp2GdKwTpZDXviHzewfyRYBSxwS2s\n7QVWNPAsJmuqubz\/gRdm8zAZ7IMuSLVVVuMbRAZAz3MDU2k7mvcJrJkCh60a+I9H\ntncO2ZKns0KzHwDJmfK8jGUl0jiT6xtzJ0IHA3XgttJHAa6K1BhDd9c58\/NKZIWk\n9F+HZBLtFp\/6zA2CFNg492OoyD+zzEoVpjsd9NzBLVKkOsNJHf3zc8PskxUpLBJT\nq5zbMqOttoU=\n=pCNj\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"5afa8b42-65e2-4180-b18f-8b796cd5e7f9",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA29DzIEMNQ4eAQf9EKYESMjfJ3d6GvvhVmThgKSTdh5viERC1yChc7B354yI\nctpWDmMmcMEFRQJq0CeRacrBSvW5p2FdWB1TQTYQPLWpSSSV8PvbfN8nbK9Vl9pt\ndlOyk8Mu54hzKhvGwvURKJ81vEc7LdqDmgoNvLdgl\/OZZXrbGAB3Txx9kWNlN2mk\n93rq9dLMOocdWVQJi8\/Ix5QUzFJxQUYGqZb2QPltVAVz0TiZ+mVhE7x3KgG9mRJl\n6TnefCmG0uCVGCQA+WS3voDWr8KX2aDUulfBok8nqNog6eJv+ZwRoR78Og4lBL4H\nZ3F9FtjRDeZ9bG2o7u9rzc1xghBd1v0fypMFHfuqMtJHAWeVmQtcI7hHlqGZ4K7M\nJ5yjGlMIG0jEJ+bm\/s6mKYqk7MaR99h2dC6gh7xLrkP9QGl2SQZb4kLWVYmfC08J\nmYUn+ayckMk=\n=81qa\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"84944791-f042-4bfd-bb4f-d278bae46545",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA92Pb6QkUCqSAQgApYkgaJe1v7f97XjJwj7YxwWvnBeLfdBXaFlDOrKnHCiV\nUKvZ2tTLHdCgtsS77\/raEXPw8frMt2BuhfAshlDjhXOWkj8fRd7\/Utty\/2+1uwUk\neL8GnuKOy0uzbOaisc7mHZFJMifLgKzUequug\/PquZxgrlAXdlJMwVJRFj\/Hbczf\nB4qHlhplW2ce\/TLdSPrwk4Xo+UWFUcgLKHiZoDjckh0rNmS5VOsqWSFIat1EYhxI\n6UV\/3AHvWVTWdg6A5eciJX3QQd8+U0\/XWNRHSgwRgMHqp32RL4vGPTC4+dCYavQT\nOlzEnyNeXZXbay6FcXCCgWZYMA\/Q8gWJ1PpHd3m3JNJHATH+ywZ8rw4NeH9SVLPd\nRo5Yh764x674FPO7sPY4Q5pYkbaw0WCcedyO8rPoALQ6tD597IoIvR9D\/MFfXWXc\naO\/3OsWQ8aM=\n=WqQU\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"15a9ae4b-b542-47cd-a7bc-8204b1c78c53",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA4++0lDAs2BpAQf\/YbBDT9j6ccYfpD942FVNyU9G8V3eCBCXXS4h5d6IhgPH\ngl4DFTU5gBrguLtvbUz7XDfygeMaQV1b+2H34RlcYYoKQu76k1hTMwFRV91BoRoE\nDdLksEdJlJhyZmFNqxfVz3B\/BbVMGdUnbIFQzYvuNmD0K6fsFQAZvtLawKp+zkHM\nbV7bmrGja\/EfW0+W7JK8XplWWFhLCzxAAnM6xplLi+dYIxNfZwesH9hsGdtciHAp\ntm0TbLWH8dVPZGXSZVGQDdgoTEMNr2FKrgA7fbaAhvcpSVYuuzrbmpbROizQLPZh\nBUCRtUWerMWtmBq5aAQmOPDvvT4I1HLlOGWevS+I9tJHAZkFP4uV84S89tR76H\/i\n3yG1Au8iKFdkwIvEXHv92GID0ZeBhgaYNMC+cWYlwc3LqdBcGBQQ2AIT7MlvQNPS\nhncrb+2ripM=\n=JH4E\n-----END PGP MESSAGE-----\n"
      },
      {  
         "user_id":"de0b1786-ddbe-452d-9a92-01f64511b364",
         "data":"-----BEGIN PGP MESSAGE-----\n\nhQEMA9hIHhztINcRAQf\/dEQY68Rs3WXiRhOj2HygGrnkgsyzfikExcoA+Jlbl1hu\nSmJJjU1BSgQ23u99gejUe\/tWLnxkx4fKzUpVBr2vYI+Jj+Jan1aqPuYhQV+h0\/et\nkTJYruj5uIWrA6wc\/dqrLOYcTV\/qVJ11U0jM\/81v\/2+eUb8UkhZY5sjXaqODGw+Q\nvouDddqOmf51yMPfzr4+ZI+sVUutF2oNih9OLTjnxloqg\/RhCkGBWW0YDFo4xmtZ\nyanAUVZ8NW\/UnpUzhZaZk8V4IiuCaZ7EqxplWclpxbb9vPGXo6gEc1MKA1lrH1+N\nHRebjXgMzYe02BSUGSf6WZktcgC496Tj3gxTodRc3tJHAcW5GZog4Opx3Jg1g\/eR\nySKt3C5YOIfRFhHM2d6NSTDYp2BohDFIGksD4KRYpz6Z9Wp8q96JIL565bCOMHsb\nKyJc\/xSgjrs=\n=RpZQ\n-----END PGP MESSAGE-----\n"
      }
   ]
}

remy · May 28, 2019, 2:21pm

Hello,

It seems to me your request is correctly formatted, but I would expect you are missing some users (some group members or people with direct permissions?). It’s hard to tell without having a full view at your data.

Otherwise maybe there is an issue with the v2 endpoint. Currently the extension is using the v1 API so there might be an issue with the v2 endpoint. Can you try the same request with api-version=v1 ?

One easy thing you can do is log in as this user and perform a share using the extension and have a look at the request that is sent to see what you are missing. To do that in chrome you can go to chrome://extensions/ locate the passbolt extension and click on inspect: index.html. That will show you the requests that are sent by the extension.

romcis · May 28, 2019, 2:50pm

Thanks @remy for you reply. I tried v1 without success.
Second idea about looking at request: my chrome extension doesn’t share passwords.

remy · May 28, 2019, 2:51pm

What do you mean? It doesn’t work?

romcis · May 28, 2019, 2:52pm

There is not this option, if i share passwords is done over website and there is no API request visible.

remy · May 28, 2019, 2:54pm

Yes you need to look in the webextension debug panel as indicated above to see the request. (look at the screenshots)

romcis · May 28, 2019, 2:58pm

I cannot do a share in my extension, but now I can see that in your screenshot there is resource_id in secrets array as well. I didn’t have in mine. Will try this

EDIT: adding resource ID didn’t helped. And during sharing pass on website I don’t see any PUT request to compare.

romcis · May 29, 2019, 10:25am

@remy Would it be possible to update how should look request body in https://help.passbolt.com/api/resources/share ? Second permission which is there doesn’t make sense to me and there is nothing about adding secrets array

remy · May 29, 2019, 10:45am

@romcis yes we will schedule this in the next two weeks.

romcis · May 29, 2019, 11:22am

So looks that I need to wait till new docs? I tried many variations of request and no luck.
As per search-aros -> there should be all users I can share and as we are all in one group this should be list of all users.
In request I specify group and then in secrets there are encrypted passwords of group members.

remy · May 31, 2019, 11:08am

Just to rule out some database integrity issue can you check that your database is in good shape by running:

./bin/cake passbolt cleanup --dry-run

romcis · June 3, 2019, 7:27am

I only found one orphan comment:

---------------------------------------------------------------
1 orphan records found in table Comments (soft deleted resources)
1 issues detected, please run the same command without --dry-run to fix them.

And as expected, after cleaning this one issue there is no change on sharing issue.

cedric · June 4, 2019, 4:58am

Hello @romcis,

I was checking to your simulate result and your PUT request and it looks like you don’t have the same number of secret than requested.

8 secrets are requested to be encrypted in the simulate, and 9 are provided.
Did you notice ? It could be the problem here.

Regards,
Cedric

romcis · June 4, 2019, 8:12am

But as you see from response on PUT there is not enough secrets provided.
9th secret provided is mine secret.

EDIT: I tried to removed my secrets to share it just with new users and it works. So now I can confirm that this issue is solved.

Passbolt team, would be great to change response message in this case

abhinav · June 4, 2019, 9:04am

Hey @romcis,

We’re sorry that you’re having trouble using the API. I can confirm the endpoint works for both V1 and V2 type payloads so please be assured that it’s an issue with incompatible request payload and we can resolve this.

I am not sure if you are already aware but you are required to pass secrets for each user in the group. So if your group identified with uuid 1bc2d0da-287d-44e7-9bc9-d35ced1ec2d6 has 7 users, that’s the exact number of secrets you are supposed to send, no more no less. To check this, you can make a GET request to /gorups/1bc2d0da-287d-44e7-9bc9-d35ced1ec2d6.json?api-version=v2 and count the number of items under group_users.

romcis · June 4, 2019, 9:27am

@abhinav issue was that I was sending encrypted secrets for each profile in group, involving mine, and i got response from API that I have to share it with all members of group. So i was confused.

I removed my secret from array of secrets and shared resource just with all except me. This works
I don’t know why I didn’t tried it earlier.

EDIT: just to add info, i shared based on list of aros from /share/search-aros.json?api-version=v2 as you advise in documentation.

abhinav · June 4, 2019, 9:32am

@romcis I am glad, it worked for you.

We are in the process of updating our API documentation, making it simpler and adding example code snippets etc.

system · June 9, 2019, 9:50am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.