Error 400 [invalid-token] on file uploads after upgrade to 4.0.5

michael.song · October 26, 2021, 3:21pm

I posted this as an issue on GitHub, but I was hoping to get a bit more traction here. Any help is greatly appreciated.

Description:

After upgrading from 3.18.1 to 4.0.5, all file uploads throw a 400 (Bad Request) error.

Steps to reproduce:

Open any direct or group message
Upload any file, such as a screenshot

Expected behavior:

File is uploaded. This worked perfectly in 3.18.1 and older versions of Rocket.Chat.

Actual behavior:

File is not uploaded. There is a notification that says Token is not valid [invalid-token] in the message window. Additionally, in the browser console:

Server Setup Information:

Version of Rocket.Chat Server: 4.0.5
Operating System: Ubuntu 20.04.3 LTS
Deployment Method: Manual install converted to rocketchatctl install
Number of Running Instances: 1
DB Replicaset Oplog: 1
NodeJS Version: v12.22.1
MongoDB Version: 5.0.3

Client Setup Information

Desktop App or Browser Version: Google Chrome 94.0.4606.81
Operating System: Windows 10

Additional context

After looking through the various issues that seem similar to mine such as #22918 and #22853, I do not believe I have the same issue. I have also made sure to log out of Rocket.Chat and clear all browser caches and cookies before logging in and trying again. I accept all media types in Rocket.Chat’s file upload settings.

Also, I don’t think if it’s relevant to this issue or not, but since upgrading to 4.0.4, Rocket.Chat now displays <user> is uploading... instead of <user> is typing... when a user is typing.

Relevant logs:

Here is the relevant server log when the issue happens:

{"level":35,"time":"2021-10-24T21:52:02.285Z","pid":26391,"hostname":"<redacted>","name":"API","method":"POST","url":"/api/v1/rooms.upload/Tu8X3X6kgTffMtcbA","userId":"EsExm35gg2S9uDnbg","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36","length":"25756","host":"<redacted>","referer":"https://<redacted>/direct/Tu8X3X6kgTffMtcbA","remoteIP":"<redacted>","err":{"type":"errorClass","message":"Token is not valid [invalid-token]","stack":"Error: Token is not valid [invalid-token]
    at MethodInvocation.ufsComplete (packages/jalik:ufs/ufs-methods.js:60:11)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12)
    at packages/ddp-server/livedata_server.js:1689:15
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at packages/ddp-server/livedata_server.js:1687:36
    at new Promise (<anonymous>)
    at Server.applyAsync (packages/ddp-server/livedata_server.js:1686:12)
    at Server.apply (packages/ddp-server/livedata_server.js:1625:26)
    at Server.call (packages/ddp-server/livedata_server.js:1607:17)
    at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:628:24)
    at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:655:15)
    at FileUploadClass.insertSync (packages/meteor.js:306:21)
    at Object.post (app/api/server/v1/rooms.js:96:34)
    at app/api/server/api.js:406:82
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object._internalRouteActionHandler [as action] (app/api/server/api.js:406:39)
    at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
    at packages/nimble_restivus/lib/route.coffee:59:33
    at packages/simple_json-routes.js:98:9
 => awaited here:
    at Promise.await (/opt/Rocket.Chat/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/promise_server.js:60:12)
    at Server.apply (packages/ddp-server/livedata_server.js:1638:22)
    at Server.call (packages/ddp-server/livedata_server.js:1607:17)
    at FileUploadClass._doInsert (app/file-upload/server/lib/FileUpload.js:628:24)
    at FileUploadClass.insert (app/file-upload/server/lib/FileUpload.js:655:15)
    at FileUploadClass.insertSync (packages/meteor.js:306:21)
    at Object.post (app/api/server/v1/rooms.js:96:34)
    at app/api/server/api.js:406:82
    at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12)
    at Object._internalRouteActionHandler [as action] (app/api/server/api.js:406:39)
    at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:150:32)
    at packages/nimble_restivus/lib/route.coffee:59:33
    at packages/simple_json-routes.js:98:9","isClientSafe":true,"error":"invalid-token","reason":"Token is not valid","errorType":"Meteor.Error"},"status":400,"responseTime":16,"msg":"Token is not valid [invalid-token]"}

dudanogueira · October 28, 2021, 6:04pm

Hi! I just answered the issue you also opened

Can we keep discussions there?

Thanks!

michael.song · October 28, 2021, 6:09pm

Sounds great, thanks!

Topic		Replies	Views
Can't upload ovpn file Community Support	3	492	May 23, 2024
FileUpload lost after upgrading from 3.x to 4.x Community Support	0	392	May 20, 2022
Failed to authenticate with Rocket.chat cloud Community Support	5	2140	July 24, 2020
.REG file upload Community Support	0	554	April 6, 2020
Rocketchat cannot use "file_upload" after upgrade to 3.18.7 Community Support rocketchat-apps	0	396	June 18, 2022

[Secure CommsOS™ Launch] Join our next Roadmap Reveal webinar to learn more Register now ->