Rocket.Chat's Community Open Call 🎤 Dec 15, 2021 Join us!

Error 400 [invalid-token] on file uploads after upgrade to 4.0.5

I posted this as an issue on GitHub, but I was hoping to get a bit more traction here. Any help is greatly appreciated.

Description:

After upgrading from 3.18.1 to 4.0.5, all file uploads throw a 400 (Bad Request) error.

Steps to reproduce:

  1. Open any direct or group message

  2. Upload any file, such as a screenshot

Expected behavior:

File is uploaded. This worked perfectly in 3.18.1 and older versions of Rocket.Chat.

Actual behavior:

File is not uploaded. There is a notification that says Token is not valid [invalid-token] in the message window. Additionally, in the browser console:

image

Server Setup Information:

  • Version of Rocket.Chat Server: 4.0.5

  • Operating System: Ubuntu 20.04.3 LTS

  • Deployment Method: Manual install converted to rocketchatctl install

  • Number of Running Instances: 1

  • DB Replicaset Oplog: 1

  • NodeJS Version: v12.22.1

  • MongoDB Version: 5.0.3

Client Setup Information

  • Desktop App or Browser Version: Google Chrome 94.0.4606.81

  • Operating System: Windows 10

Additional context

After looking through the various issues that seem similar to mine such as #22918 and #22853, I do not believe I have the same issue. I have also made sure to log out of Rocket.Chat and clear all browser caches and cookies before logging in and trying again. I accept all media types in Rocket.Chat’s file upload settings.

Also, I don’t think if it’s relevant to this issue or not, but since upgrading to 4.0.4, Rocket.Chat now displays <user> is uploading... instead of <user> is typing... when a user is typing.

Relevant logs:

Here is the relevant server log when the issue happens:

{"level":35,"time":"2021-10-24T21:52:02.285Z","pid":26391,"hostname":"<redacted>","name":"API","method":"POST","url":"/api/v1/rooms.upload/Tu8X3X6kgTffMtcbA","userId":"EsExm35gg2S9uDnbg","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","length":"25756","host":"<redacted>","referer":"https://<redacted>/direct/Tu8X3X6kgTffMtcbA","remoteIP":"<redacted>","err":{"type":"errorClass","message":"Token is not valid [invalid-token]","stack":"Error: Token is not valid [invalid-token]
    at MethodInvocation.ufsComplete (packages/jalik:ufs/ufs-methods.js:60:11)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
    at packages/ddp-server/livedata_server.js:1689:15
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at packages/ddp-server/livedata_server.js:1687:36
    at new Promise (<anonymous>)
    at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
    at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
    at Server.call (packages/ddp-server/livedata_server.js:1607:17)
    at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:628:24)
    at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:655:15)
    at FileUploadClass.insertSync (packages/meteor.js:306:21)
    at Object.post (app/api/server/v1/rooms.js:96:34)
    at app/api/server/api.js:406:82
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object._internalRouteActionHandler [as action] (app/api/server/api.js:406:39)
    at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
    at packages/nimble_restivus/lib/route.coffee:59:33
    at packages/simple_json-routes.js:98:9
 => awaited here:
    at Promise.await (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
    at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
    at Server.call (packages/ddp-server/livedata_server.js:1607:17)
    at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:628:24)
    at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:655:15)
    at FileUploadClass.insertSync (packages/meteor.js:306:21)
    at Object.post (app/api/server/v1/rooms.js:96:34)
    at app/api/server/api.js:406:82
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object._internalRouteActionHandler [as action] (app/api/server/api.js:406:39)
    at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
    at packages/nimble_restivus/lib/route.coffee:59:33
    at packages/simple_json-routes.js:98:9","isClientSafe":true,"error":"invalid-token","reason":"Token is not valid","errorType":"Meteor.Error"},"status":400,"responseTime":16,"msg":"Token is not valid [invalid-token]"}

Hi! I just answered the issue you also opened

Can we keep discussions there?

Thanks!

Sounds great, thanks!