Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iCloud sync issue 403: Forbidden in write (but not read) #1145

Open
GosuJunk opened this issue Oct 17, 2024 · 3 comments
Open

iCloud sync issue 403: Forbidden in write (but not read) #1145

GosuJunk opened this issue Oct 17, 2024 · 3 comments

Comments

@GosuJunk
Copy link

Hello, I am facing an error when writing back to icloud, and I have not been able to find any relevant information online. Has anyone already faced the error ? I saw a relatively similar issue here, although it's a different config (sync from cloud to cloud), whereas I currently only sync from cloud to local. I expect this to be working but I can't figure whats wrong, any help is appreciated !

  • Your vdirsyncer version: vdirsyncer, version 0.19.0
  • Server: icloud.com
  • Python version: Python 3.11.4
  • Operating system: Ubuntu 23.04 (GNU/Linux 6.2.0-39-generic x86_64)
  • config file:
[general]
status_path=".vdirsyncer/status/"

[pair contacts_icloud_to_local]
a = "icloud_local"
b = "icloud"
conflict_resolution = "b wins"
collections = ["card"]

[storage icloud_local]
type = "filesystem"
path = ".contacts/icloud/"
fileext = ".vcf"

[storage icloud]
type = "carddav"
url = "https://p141-contacts.icloud.com:443/**_USER_ID**/carddavhome/card/"
username = "USERNAME"
password = "APP-SPECIFIC-PASSWORD"
auth_cert =["/SSL/cert.pem","/SSL/privkey.pem"]
verify_fingerprint = "C8:43:A7:DE:B0:82:E1:DF:4C:0A:16:39:02:EA:E1:58:30:2F:11:2A:D8:B6:31:59:F3:16:98:28:97:D7:EA:7A"

Steps to reproduce the issue:

  1. vdirsyncer discover : all good, 'card' collection is created locally
  2. vdirsyncer sync: all good, all remote items are copied locally
  3. edit a single vcf eg. modify the FN string and save
  4. vdirsyncer sync: fail with 403: Forbidden error

Output of vdirsyncer -vdebug sync:

Copying (updating) item FFBB2ED1-2CC5-4A73-BD35-2000E824FB88 to icloud/card
debug: ====================
debug: PUT https://p141-contacts.icloud.com:443/****/carddavhome/card/RkZCQjJFRDEtMkNDNS00QTczLUJEMzUtMjAwMEU4MjRGQjg4.vcf
debug: {'User-Agent': 'vdirsyncer/0.19.0', 'Content-Type': 'text/vcard', 'If-Match': '"k5fpp21v"'}
debug: b'BEGIN:VCARD\r\nVERSION:3.0\r\nPRODID:-//Apple Inc.//Mac OS X 10.9.2//EN\r\nN:****;****;;Mr.;\r\nFN:***********\r\nORG:********** Pte Ltd;********* \r\nTITLE:*********\r\nEMAIL;type=INTERNET;type=WORK;type=pref:**********@philips.com\r\nitem1.EMAIL;type=INTERNET:false\r\nitem1.X-ABLabel:_$!<Other>!$_\r\nTEL;type=WORK;type=VOICE;type=pref:+65 ********\r\nTEL;type=CELL;type=VOICE:+65 ********\r\nADR;type=WORK;type=pref:;;*********\\, *********\\, Level 3;\r\n *********;;*********;*********\r\nNOTE:*********\r\nREV:2014-04-02T10:50:50Z\r\nUID:FFBB2ED1-2CC5-4A73-BD35-2000E824FB88\r\nEND:VCARD\r\n'
debug: Sending request...
debug: 403
debug: <CIMultiDictProxy('Server': 'AppleHttpServer/b866cf47a603', 'Date': 'Wed, 16 Oct 2024 14:12:26 GMT', 'Content-Type': 'text/plain; charset=UTF-8', 'Content-Length': '21', 'Connection': 'keep-alive', 'X-Responding-Instance': 'carddav:3:p151-carddav-5499ff885b-r7l96:8080:2427B558:6e2c334fa8cd', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains;', 'x-apple-user-partition': '151', 'Via': 'xrail:icloud-xrail-group151-ext-68955c955c-lr88k:8301:24R498:grp151,631194250daa17e24277dea86cf30319:b88c8fab56f3bd4edbd3ec381b8406a1:sgsin8', 'X-Apple-Request-UUID': 'f6395069-bc30-4b25-886f-28601a53f5c1', 'Access-Control-Expose-Headers': 'X-Apple-Request-UUID,Via', 'X-Apple-Edge-Response-Time': '338')>
debug: <StreamReader 21 bytes eof>
error: Unknown error occurred for contacts_icloud_to_local/card: 403, message='Forbidden', url=URL('https://p141-contacts.icloud.com:443/****/carddavhome/card/RkZCQjJFRDEtMkNDNS00QTczLUJEMzUtMjAwMEU4MjRGQjg4.vcf')
error: Use `-vdebug` to see the full traceback.
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/cli/utils.py", line 70, in handle_cli_error
debug:     raise e
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/sync/__init__.py", line 158, in sync
debug:     await action.run(a_info, b_info, conflict_resolution, partial_sync)
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/sync/__init__.py", line 181, in run
debug:     await self._run_impl(a, b)
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/sync/__init__.py", line 233, in _run_impl
debug:     meta.etag = await self.dest.storage.update(meta.href, self.item, meta.etag)
debug:                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/storage/base.py", line 22, in inner
debug:     return await f(self, *args, **kwargs)
debug:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/storage/base.py", line 22, in inner
debug:     return await f(self, *args, **kwargs)
debug:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/storage/dav.py", line 595, in update
debug:     href, etag = await self._put(self._normalize_href(href), item, etag)
debug:                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/storage/dav.py", line 568, in _put
debug:     response = await self.session.request(
debug:                ^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/storage/dav.py", line 416, in request
debug:     return await http.request(method, url, session=session, **more)
debug:            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
debug:   File "/usr/lib/python3/dist-packages/vdirsyncer/http.py", line 153, in request
debug:     response.raise_for_status()
debug:   File "/usr/lib/python3/dist-packages/aiohttp/client_reqrep.py", line 1005, in raise_for_status
debug:     raise ClientResponseError(
@GosuJunk
Copy link
Author

GosuJunk commented Nov 8, 2024

Just in case anyone else would get here: it seems most 403 cases are related to an improper data within the VCF file, although there does not seem to be any specification of what is expected. In my particular case iCloud expects a 'N' name component even if it does not contain any data, so adding 'N:;;;;' to the vcf files resolved the issue.

@WhyNotHugo
Copy link
Member

Can you run this in debug mode? In particular, I'd like to see if the response sent from the server has any body clarifying which validation failed.

@GosuJunk
Copy link
Author

Yes the full -vdebug trace is in my original post, including the 403 response, but there is not much info we can extract from it...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WhyNotHugo @GosuJunk