Closed Bug 1791183 Opened 3 years ago Closed 3 years ago

CardDAV Google Contacts no longer syncing - we don't handel sync error HTTP 400 for an expired sync token sent by Thunderbird to server

Categories

(MailNews Core :: Address Book, defect)

Product:
MailNews Core
Component:
Address Book
Version:
Thunderbird 102
Type:
defect

Tracking

(thunderbird_esr102+ fixed)

Status:
RESOLVED FIXED
Milestone:
106 Branch
Tracking Flags:
Tracking Status
thunderbird_esr102 + fixed

People

(Reporter: garret, Assigned: darktrojan)

References

Details

Attachments

(1 file)

Bug 1791183 - If a CardDAV server gives a 400 response, do a complete sync. r=mkmelin
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-esr102+
Details | Review

Steps to reproduce:

I'm using Thunderbird 102.2.2 (64-bit) on Windows 10. I had native Google Contact support installed and syncing fine. (I also set this up on my family's computers.) Then recently I noticed Google Contacts are no longer syncing. I noticed it after upgrading to the v100 series, but I don't know if that's related.

Actual results:

I go into the Google Contacts I have configured. I right-click and select "Synchronize". (They are set up to synchronize every 30 minutes anyway, supposedly.) But nothing happens. No indication of activity. No success message. No error message. And most importantly, new contacts I have added in Google Contacts online and on my phone are not added.

Expected results:

New contacts I have added to Google Contacts should be added to my address book.

This is especially frustrating after all the years of the third-party Google connector for contacts and calendar, which would sometimes stop working, then break with new versions of the plugin API, then be abandoned. I thought "finally, now it's integrated into Thunderbird and will just work". And it seemed to. But now it seems we're going back into that cycle that the plugins went into.

Is there at least some debug option that would should be what Thunderbird is doing when I select "Synchronize"? Right now it shows nothing! No feedback whatsoever.

Severity: -- → S3
Component: Untriaged → Address Book

You can open Tools | Developer Toolbox. Then go to the network tab. There you can see all the requests and responses.

Garret, What is the URL to the addon you are using?

Flags: needinfo?(garret)

I'm not using an add-on! This is the native Google Contact support of Thunderbird. I added my Google Contacts like this, and it was working fine:

  1. Open Thunderbird Address Book.
  2. Use File > New > CardDAV Address Book...
  3. Enter Google username and https://www.googleapis.com/.well-known/carddav.
  4. Do OAuth stuff.

I mentioned the third-party Google connector to make a comparison to the situation we had for years when we had to use a third-party plugin. It would stop working; break with API changes; get abandoned; etc. I had hoped that the native Thunderbird support would be more stable.

Flags: needinfo?(garret)

You can open Tools | Developer Toolbox. Then go to the network tab. There you can see all the requests and responses.

That is helpful; thanks.

When I try to synchronize my contacts, I get an HTTP 400 response, with this response body:

<?xml version="1.0" encoding="UTF-8"?>
<d:error xmlns:d="DAV:">
 <d:valid-sync-token/>
</d:error>

So now there are two bugs: 1) my Google Contacts are not syncing 2) Thunderbird does not detect synchronization error and does not inform me of it. (Apparently it has been silently failing for who-know-how-long.)

Please don't tell me "remove your contacts and add it back". This needs to be fixed correctly. Thunderbird needs to detect a 400 response. In the least it needs to say, "user, there was an error". But if there is some token that needs to be refreshed, it needs to restart the whole OAuth sequence or whatever.

CardDAV. Excellent. Now that we have accurate terminology agreed upon it is possible to compare and test. And thanks for the error console info.
I added a CardDAV address book on both Mac+TB105.0b4 and Windows+TB102.2.2 and 102.3.0 - I had no trouble.
So the failure is perhaps server side - we can do anything about that - and the bug is that you aren't being told the sync fails.

In Settings > Privacy > Saved passwords delete the carddav oauth token for that address book. Are you able to successfully reauthenticate?

Flags: needinfo?(garret)
Summary: Thunderbird Google Contacts no longer syncing. → CardDAV Google Contacts no longer syncing - sync error HTTP 400 is not reported to user

CardDAV. Excellent. Now that we have accurate terminology agreed upon it is possible to compare and test.

Sorry for not being specific. I didn't realize Thunderbird had any different native support for Google Contacts than CardDAV.

I added a CardDAV address book on both Mac+TB105.0b4 and Windows+TB102.2.2 and 102.3.0 - I had no trouble.

I also had no trouble adding a CardDAV address book. The issue is not with adding an address book. The problem is likely how Thunderbird reacts to a token expiring; recognizing the error; and renewing the token appropriately. (This is just a guess, but based on the evidence.)

So the failure is perhaps server side …

For a few decades I have been under the impression that HTTP 4XX errors indicate client errors.

In Settings > Privacy > Saved passwords delete the carddav oauth token for that address book.

No! That's papering over the issue. Then we won't be able to reproduce the current error.

The foremost problem right now (the new one we just found) is that Thunderbird is not correctly responding to a 400 error from CardDAV indicating a problem with a sync token. It's silently discarding the error. In no scenario is this the correct approach. This is a bug.

So the first order of business is to get Thunderbird to recognize a 4XX HTTP response code and take the appropriate measure. At the least that would involved notifying the user. A more sophisticated approach would be to Do The Right Thing.

For example, with just a few seconds of research, you'll find RFC 6578: Collection Synchronization for Web Distributed Authoring and Versioning (WebDAV):

(DAV:valid-sync-token): The DAV:sync-token element value MUST be a
valid token previously returned by the server for the collection
targeted by the request-URI. Servers might need to invalidate
tokens previously returned to clients. Doing so will cause the
clients to fall back to doing full synchronization using the
report, though that will not require clients to download resources
that are already cached and have not changed. Even so, servers
MUST limit themselves to invalidating tokens only when absolutely
necessary. …

So it's exactly like I said: Thunderbird needs to be detecting this case, which is apparently saying that the current token Thunderbird has is not valid, and it needs to "fall back to doing full synchronization" (whatever that means) or invalidate the token.

I'm guessing (I'll need to read the RFC more thoroughly) that this is not an OAuth token, but some sort of synchronization token. I'm guessing it means Thunderbird simply needs to do a "full sync" instead of some delta sync based upon a previous synchronization token. Again I'm sure it's all in the RFC.

Just to stress, the fact that Thunderbird is ignoring a client error 4XX code is a big problem in itself. The team needs to read the RFC and determine the correct action to take. Ignoring the error as it does now is not the correct action.

Flags: needinfo?(garret)

I made modest attempts to produce failure conditions.

  • I changed the carddav token's username, but that only forced google to prompt with oauth dialog.
  • I disabled network on the laptop - no UI popped up for the sync failure, but in error console I see
    carddav.sync: Sync with server failed. CardDAVDirectory.jsm:598:11
    syncWithServer resource:///modules/CardDAVDirectory.jsm:598
    synchronizeSelected chrome://messenger/content/addressbook/aboutAddressBook.js:659
    <anonymous> chrome://messenger/content/addressbook/aboutAddressBook.js:104
    10:00:14.851 NS_ERROR_UNKNOWN_HOST: Connection failure CardDAVUtils.jsm:205

(In reply to Garret Wilson from comment #7)

CardDAV. Excellent. Now that we have accurate terminology agreed upon it is possible to compare and test.

Sorry for not being specific. I didn't realize Thunderbird had any different native support for Google Contacts than CardDAV.

I added a CardDAV address book on both Mac+TB105.0b4 and Windows+TB102.2.2 and 102.3.0 - I had no trouble.

I also had no trouble adding a CardDAV address book. The issue is not with adding an address book. The problem is likely how Thunderbird reacts to a token expiring; recognizing the error; and renewing the token appropriately. (This is just a guess, but based on the evidence.)

So the failure is perhaps server side …

For a few decades I have been under the impression that HTTP 4XX errors indicate client errors.

In Settings > Privacy > Saved passwords delete the carddav oauth token for that address book.

No! That's papering over the issue. Then we won't be able to reproduce the current error.

Did I indicate it was a solution or fix? I merely asked you to try it, so we can see if the failure is token related.

Just to stress, the fact that Thunderbird is ignoring a client error 4XX code is a big problem in itself.

Do you understand that this is already acknolwedged in comment 6?

Thanks for researching this - it is a big help.

Oddly enough, I had intended to look at this this week for completely different reasons. Google tends to expire sync tokens after a certain period of time without use (fair enough) but Thunderbird has never handled this well.

Assignee: nobody → geoff
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Product: Thunderbird → MailNews Core
status-thunderbird_esr102: --- → affected
Keywords: checkin-needed-tb
Target Milestone: --- → 106 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/88e393713eba
If a CardDAV server gives a 400 response, do a complete sync. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Look, I'll be happy to get my contacts updated, and I appreciate someone is looking into this. But simply doing a complete refresh just because the response code is 400 without checking the WebDAV response information in the body of the response is a sloppy way to achieve this, and is prone to all sorts of problems. The 400 error code could result from large number of conditions.

For example, if there were some other bug in the code that resulted in a bad request. Or maybe the Google user didn't exist anymore, and they return a 400 for that as well (I don't know what they return for that; this is just an example). Then you'd be trying to resync when you should be responding to some other error condition.

In all this WebDAV business, you should be parsing the XML response and taking appropriate action. As I said I'll be glad if I get my new contacts, but from someone who actually implemented a full WebDAV client from scratch around 20 years ago, I know there is more to it than just doing a bit of regex and guessing at HTTP response codes.

Comment on attachment 9295202 [details]
Bug 1791183 - If a CardDAV server gives a 400 response, do a complete sync. r=mkmelin

[Approval Request Comment]
Regression caused by (bug #): never worked
User impact if declined: Google CardDAV address books with expired token never sync
Testing completed (on c-c, etc.): in 106.0b1
Risk to taking this patch (and alternatives if risky): low

Attachment #9295202 - Flags: approval-comm-esr102?

Comment on attachment 9295202 [details]
Bug 1791183 - If a CardDAV server gives a 400 response, do a complete sync. r=mkmelin

[Triage Comment]
approved for esr102

Attachment #9295202 - Flags: approval-comm-esr102? → approval-comm-esr102+
Summary: CardDAV Google Contacts no longer syncing - sync error HTTP 400 is not reported to user → CardDAV Google Contacts no longer syncing - we don't handel sync error HTTP 400 for an expired sync token sent by Thunderbird to server
See Also: → 1912673
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: