Direct file download token not available

Not sure what you mean. Where are you trying to use this token, and where and how did you use the equivalent token in 6.x?

You should just need to grant the "download file" permission to anonymous users. If this still isn't working please provide the exact error messages and/or a screenshot demonstrating the issue.

I have the same problem and have granted "download file" permission to anonymous users. Any ideas how I can enable file downloads for anonymous users?

In #4 I said "please provide the exact error messages and/or a screenshot demonstrating the issue."

After purchase the user receives an email with a link to the file(s) they have purchased. The link looks like this:

www.domain.com/download/9

If I'm not logged into Drupal (which as a customer you wouldn't be) then you get the following error:

Access denied
You are not authorized to access this page.

On the "permissions" page under "File downloads" I have ticked for anonymous users:

Download file
View all downloads

Is anything logged in watchdog (Reports > Recent log entries) when this happens? As long as the user has the correct permission, any other download failure should be logged in watchdog with the reason.

No further info provided. File downloads errors should be logged in watchdog.

I have the same issue. the file download link should be a one time only link, but instead the link in the email is something like www.website.com/download/135 so when the user clicks there is no download.

I think there is a missing token. I imagine there needs to be an extra one made like:

[expiration:downloads:one-time-only]

probably named differently but does that make sense?

at the moment I can't see any way of allowing users to download their files without logging in, like I used to in drupal 6.

active*

I've started having this issue as well. We just updated Ubercart to 7.x-3.5 and file downloads no longer work at all.

Prior to the update, when a file download email would be sent, the link to that email would appear like this:

http://[domain.com]/download/[fid of the file being downloaded]/[long string of characters]

Now, the email download links leave out the long string of characters, which I believe were tied to the download limits (time, number, ip address, etc). So the link is just:

http://[domain]/download/[fid of the file]

It always returns an access denied page, even if I'm logged in as an administrator.

There is no error message in the status logs and the issue is with the link being generated. This isn't a feature request -- this is a missing feature. I don't see that file downloads have been removed, so at some point in the update, that unique download string got stripped out of the URL generated when granting files.

That url is being generated by the following rule created by Ubercart:

Notify customer when a file is granted
Machine name: uc_file_notify_grant_trigger

Within that rule, the download link is being generated by the following token:

[expiration:downloads]

Whatever is supposed to create that link is getting tripped up somewhere.

If someone can give me an idea of how I can help to solve this issue, I'd appreciate it. Like I said, there's no error in dblog (except for the "Access Denied" error when you try to click on the malformed download link). This is a pretty critical feature for our site, so any help would be greatly appreciated.

The file key (long string of characters) was deliberately removed in 7.x, though I am not entirely sure why. File downloads are supposed to work without the key now.

I wonder if you are seeing the same issue as #2024565: File download access denied even for user 1? That is the reason for it not working "even if I'm logged in as an administrator", at least.

When you say "file downloads no longer work at all", is this for all users, or only anonymous users?

Hi, I have the same / similar problem to that described above, so I will try to add useful information and answer any questions as I'm desperate to work out how to make this work for anonymous users. I'm no expert in Drupal or Ubercart though so bear with me, but I am here on the spot to answer or try to answer any questions at all that will help with this!

Versions:
Ubercart Core 7.x - 3.5
Drupal Core 7.15

What I'm trying to achieve:
A simple e-commerce site with some physical and some download products, but requiring no account creation/login at any point. I am willing to accept that this means there are limitations to the security model - the content and anticipated customer base are low piracy risk. However, I am unable to find a way to get anonymous file downloads to work -at all- regardless of the permissions settings in file downloads section. It almost appears asif those permission settings are being ignored completely.

Settings:
Private file location outside web root, file permissions 644
People permissions settings for file download: Both Download File and View all Downloads are permitted for all users including anonymous users.
Anonymous Checkout settings:
Enable anonymous checkout - enabled
Allow anonymous users to use existing email address - enabled
(All others settings under anonymous checkout disabled)

What Happens?
Order process and payment completes fine for anonymous, authenticated and admin users. A user account is created for anonymous users but is never used or communicated to the customer (outgoing e-mails/references to the account have been deliberately removed)
File Downloads e-mail is sent, with "simple" links ?q=download/1
(Exactly the same link is given for any order whether by a logged in user or an anonymous checkout, there is no unique string)
If I am logged in as admin, I am able to download the files from these links regardless. (This presumably is correct, but also the admin account has previously purchased these files in testing)
If I login as an authenticated user, and complete a purchase as this user, then download while still logged in, I am able to download the files (I assume this is also correct).
If I am logged in an an authenticated user who has not completed the purchase, then I get Access Denied.
If I am not logged in (anonymous user), then I get Access Denied. (Even when I have completed a purchase as an anonymous user). Effectively, it appears that I would be forced to both give my customer an account and make them log in, in order for them to download the file.

In the recent log messages, I see three log messages when I try to download using an anonymous user,
Page not Found img/loading.gif Anonymous user (I assume this is spurious as I see this frequently for all users)
Access Denied with location=file download link and user Anonymous User (not verified)

My apologies if I am missing something obvious - I will be monitoring this thread very actively and will be happy to reply with any information you need at all - I'm very keen to find a solution, even if that solution is very low security for anonymous downloads.

Thanks
Chris

I was having the same issue, getting access denied notification when following the file download link sent via email. (even when logged in as user 1)
This could be related to https://drupal.org/node/2024565

A patch was provided and this code is now included in Ubercart 7.x-3.x-dev.

After Changing to the dev version of ubercart the file downloads started working for me.

Remember to allow file download permission for anonymous users. And that the file download link via email will only work once... don't let that confuse you.

Good Luck!

This patch restores the one-time download link functionality which was already available in Ubercart for D6.

Customer gets link to the file which works only one time. For more downloads the user should log in.

Set status to "Needs review" so the testbot will look at it ...

Your patch seems to be in the wrong format. Some documentation on how to make patches in found at https://www.drupal.org/patch

If you need help creating the proper format, I'm glad to help - you can contact me at https://www.drupal.org/user/202830/contact

This one should be according to the guidelines.

I know this is an old thread but it seems to be closest to the issue we are facing. An old site owner is asking to add a free download file system and since they had ubercart, add File Download seemed sensible.

The goal is that an anon can go through the cart, be sent an email, and use the link in that email to download the file without having to log in.

Everything works other than the part of getting a unique link. As per others comments, the link received is more like /download/1

but they get access denied. I do have permissions set so Anon can use File Download.

In error logs I only see

uc_file 18 Dec 2019 - 3:49pm 18dec1549 has been allowed to download XKCD french...
followed by
access denied 18 Dec 2019 - 3:50pm download/1
when they try to access that url.

It seems to me, as others have said, that some additional tokens would be required to make the link unique

My next step was to test patch in #26. BINGO.

Link was /download/1/kJDhcGGubvMvKkf6fCEdoXx7cTkULyLcxnyk62TUXS8

Thank you.