Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty Encryption Key Error in Docspell Addon Authentication #2868

Open
tiborrr opened this issue Nov 25, 2024 · 0 comments
Open

Empty Encryption Key Error in Docspell Addon Authentication #2868

tiborrr opened this issue Nov 25, 2024 · 0 comments

Comments

@tiborrr
Copy link
Contributor

tiborrr commented Nov 25, 2024
edited
Loading

With a little bit help from some AI I have managed to found the cause of this bug:

Description

When running Docspell with multiple JOEX nodes, authentication failures occur because the REST server node is missing from the node table in the database. This causes JOEX nodes to attempt token signing with an empty server secret, resulting in the following error:

java.lang.IllegalArgumentException: Empty key
 at javax.crypto.spec.SecretKeySpec.<init>(SecretKeySpec.java:107)
 at docspell.common.util.SignUtil$.getMac(SignUtil.scala:21)
 at docspell.common.util.SignUtil$.signString(SignUtil.scala:26)
...

Current Behavior

  1. REST server starts with a configured docspell.server.auth.server-secret
  2. At some point, the REST server node entry disappears from the node table
  3. JOEX nodes can't find the REST server secret and default to an empty key
  4. Authentication operations fail due to empty key in crypto operations

Database State

The node table only contains JOEX entries, missing the REST server:

"id","type","url","updated","created","not_found","server_secret"
docspell-joex1,joex,http://docspell-joex1:7878,2024-12-10 16:58:45.501,2024-12-10 09:58:38.303,0,
docspell-joex2,joex,http://docspell-joex2:7878,2024-12-10 16:58:45.511,2024-12-10 09:58:34.842,0,
docspell-joex3,joex,http://docspell-joex3:7878,2024-12-10 16:58:45.523,2024-12-10 09:58:39.408,0,

Expected Behavior

REST server should maintain its registration in the node table

Potential Investigation Points

  1. REST server node registration process
  2. Node cleanup/maintenance processes that might incorrectly remove the REST server entry
  3. Error handling when server secret is missing (currently silently falls back to empty key)

Environment

  • Multiple JOEX nodes in production setup
  • REST server configured with server-secret
  • Database shows only JOEX nodes, missing REST server entry

Additional Notes

This could be a race condition or timing issue where the REST server entry is being removed unexpectedly. The error handling could also be improved to fail fast with a clear error message when no server secret is available, rather than proceeding with an empty key.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tiborrr