07 January 2014, 13:16

It works for me on demo.mahara.org as well.

The message "{"fail":"Auth token cannot be blank"}" is the correct one to see if you visit http://demo.mahara.org/artefact/file/mobileupload.php in a web browser, but if you're seeing it from the app, that indicates some kind of problem. Specifically, it suggests that if you go to the app's Preferences and tap "Token", it'll be blank rather than storing a randomly updated token.

And if that's the case, then it suggests either an error in the app, or an error in the Mahara instance it was communicating with. You see, after each upload, Mahara generates a new token and replaces the current token with the new one. It also sends the new token back to the app, so that it can replace its stored token with the new one.

You can verify if that's what's going on by doing this:

1. Set a new token (or reset an existing token) in a user's Mahara account settings

2. Load that new token into the Mahara app

3. Upload a photo

4. Check in the Mahara app to see whether the token field is now blank, or whether it's a big long random string.

5. While you're at it also, check in the user's account settings to see what value the token there has.

6. And if you find that the tokens no longer match, check your Mahara instance's PHP error log to see if you can spot an error thrown by mobileupload.php. Perhaps it's erroring out partway through, and consequently it's failing to send the new key back to the app.

Cheers,

Aaron

08 January 2014, 1:41

Hi Aaron:

Problem is that the error happens first time after resetting tokens.

• I set my Mahara token to be 123456
• I set my MaharaDroid token to be 123456
• I upload a photo from the phone
• I get the "Auth token cannot be blank" message
• Tokens are still set to 123456

Your first comment is interesting; could it be that the Mahara does not recognize the app for some reason? Is that why the token communication is not taking place?

Your thoughts Dirk?

08 January 2014, 11:52

Hi Don,

Thanks for performing the test. The results are quite interesting...

I took a closer look at mobileupload.php yesterday. It updates the token at the very end of the script, and only if there were no errors along the way. So, the fact that the tokens remain the same before and after your test, shows that it is erroring out before it gets to the token reset part.

The specific error message "Auth token cannot be blank" comes from one specific line in the script, line 30, and it only appears if the token received by Mahara is an empty string.

So, this suggests that the cause is one of two things:

1. The Android app, for some reason not sending the token
2. OR a network issue, with the token (and possibly other POST data) being stripped from the request before it reaches Mahara

Perhaps the most direct way to tell which of these it is, would be to run a packet sniffer on your Android device, and see whether the app actually is including the token in its request. If the token is present in the request, that would suggest a network issue. If the token is not present, it's a bug in the app.

Do you experience the same issue whether the Android device is connected to the Internet via WiFi or over the cell phone network?

Cheers,

Aaron

08 January 2014, 13:17

Hi Aaron:

I have another way...the same Android device just worked fine on demo.mahara.org again.

Looks like the network may be the issue - I'll get Dirk to look at that

Getting closer!

08 January 2014, 15:14

Here's another wrinkle on that. I tried sending a POST request to http://portfolio.univ-avignon.fr/artefact/file/mobileupload.php using curl on my desktop computer, with a "token" value. And I received a response which indicated that it indeed received the token value. So at least some requests do not get the token removed.

Cheers,

Aaron

08 January 2014, 18:08

Hi Aaron,

Thanks for your continued support to help trouble shoot. My own abilities to trouble shoot are limited at the moment. In my efforts I deleted the app off my device to see if a re-install helped. Unfortunately I am unable to re-install the app because a) a search for maharadroid in the google play store comes up empty and the location I find via a google search wont allow me to download the app. I'll report back when I have the app again. I have a hunch that the solution is a small thing.

I can say however that everything was working on a 1.7 and 1.8 in the same datacentre environment that Don's site is on and that this was working before on his site. I also tried a couple systems elsewhere and they worked fine.

BTW, I have no affiliation with the portfolio.univ-avignion.fr site. Don's site is savvyfolio.net.

08 January 2014, 18:40

When looking at the usr_account_preference table I see some variation in how data is presented in the mobileuploadtoken field.

1) |123456|
2) ||
3)     (empty)

I don't see pipes used anywhere in the database so maybe its a way for working with tokens?

09 January 2014, 12:43

Hi Dirk,

Yeah, since you can have more than one mobile upload token, the pipes are how the code stores them in one database field. For instance, f you have three of them, it'd be "|token1|token2|token3|". So that's all correct.

I tried doing my curl test with http://www.savvyfolio.net/artefact/file/mobileupload.php , and it gave me a response that indicated that the token value I sent was detected by the PHP script. So, that doesn't really help pin down the problem.

Cheers,

Aaron

09 January 2014, 16:01

Thanks Aaron:

Can you tell me more about the network hypothesis, ie the possibility of  elements being stripped from the communication packets?

09 January 2014, 17:18

Hi Don,

It's pretty much what I described in this comment: https://mahara.org/interaction/forum/topic.php?id=3706&offset=70#post25646

Basically, the error message "Auth token cannot be blank" is a message that Mahara will only produce if there is no POST variable called "token", or if the variable is present but its value is an empty string or just whitespace.

Since there was a token value present in the Android app's settings, then either the app failed to include the contents of that token in its POST request for some reason, or the contents of that token was included but it got stripped out of the POST request by a proxy or something in the network.

Cheers,

Aaron