Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Can't save global credentials in external storage #49829

Open
5 of 8 tasks
Bevito opened this issue Dec 12, 2024 · 8 comments · May be fixed by #49899
Open
5 of 8 tasks

[Bug]: Can't save global credentials in external storage #49829

Bevito opened this issue Dec 12, 2024 · 8 comments · May be fixed by #49899
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback bug needs info

Comments

@Bevito
Copy link

Bevito commented Dec 12, 2024

⚠️ This issue respects the following points: ⚠️

Bug description

Hi,
A couple of weeks ago, there was a bug in Global Credentials ( #49349 ).
The temporary solution provided by @a-lys was working.
Now, after updating to Nextcloud 30.0.3 and 30.0.4, the Global Credentials can't be saved anymore.

The problem seems a bit different : when i input a new password, there is a input box, that ask for users's password to confirm the new password store in global credentials.
I tested and I checked my password : I'm sure it is the good one (the password is that is store in our OpenLDAP server).
Nextcloud says that the input password is wrong.

Steps to reproduce

  1. Log in to Nextcloud
  2. Go to your Personnal parameters
  3. Input a new password in Global Credentials aera
  4. Save
  5. Input your password to confirm

Expected behavior

The input box that check your password, should verify your password.

Nextcloud Server version

30

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 28.0.1 to 28.0.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "30.0.4.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "ldapIgnoreNamingRules": false,
        "maxZipInputSize": 1073741824,
        "allowZipDownload": true,
        "theme": "",
        "overwrite.cli.url": "https:\/\/cloud.iut-orsay.fr",
        "htaccess.RewriteBase": "\/",
        "maintenance": false,
        "maintenance_window_start": 2,
        "default_language": "fr",
        "default_phone_region": "FR",
        "defaultapp": "files,dashboard",
        "log_type": "owncloud",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": 0,
        "enable_previews": false,
        "trusted_domains": [
            "cloud.iut-orsay.fr"
        ],
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trashbin_retention_obligation": "auto",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "dbindex": 0,
            "timeout": 0
        },
        "onlyoffice": {
            "jwt_secret": "***REMOVED SENSITIVE VALUE***",
            "jwt_header": "AuthorizationJwt"
        },
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "ldapUserCleanupInterval": "60",
        "updater.release.channel": "stable",
        "mysql.utf8mb4": true,
        "mail_sendmailmode": "smtp",
        "app_install_overwrite": [
            "printer"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 3.0.0
  - admin_audit: 1.20.0
  - announcementcenter: 7.0.1
  - app_api: 4.0.3
  - bruteforcesettings: 3.0.0
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contactsinteraction: 1.11.0
  - dashboard: 7.10.0
  - dav: 1.31.1
  - drawio: 3.0.3
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_external: 1.22.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - groupfolders: 18.0.7
  - lookup_server_connector: 1.18.0
  - nextcloud_announcements: 2.0.0
  - notifications: 3.0.0
  - oauth2: 1.18.1
  - onlyoffice: 9.5.0
  - password_policy: 2.0.0
  - photos: 3.0.2
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - support: 2.0.0
  - survey_client: 2.0.0
  - suspicious_login: 8.0.0
  - systemtags: 1.20.0
  - tasks: 0.16.1
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - twofactor_totp: 12.0.0-dev
  - updatenotification: 1.20.0
  - user_ldap: 1.21.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - weather_status: 1.10.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - encryption: 2.18.0
  - logreader: 3.0.0 (installed 2.14.0)
  - twofactor_nextcloud_notification: 4.0.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No error have been found in logs.

Additional info

Image

Here, you'll find the browser console output :

Image

Image

@Bevito Bevito added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Dec 12, 2024
@blizzz
Copy link
Member

blizzz commented Dec 13, 2024

@Bevito did you see a password confirmation dialog? Does it work, when you log out and back in again? I mean, you mention some dialogue. When you are logged in for a sufficient amount of time, an admin action will ask you for your password again for security reasons.

cc @icewind1991 @artonge

@Bevito
Copy link
Author

Bevito commented Dec 13, 2024

Dear @blizzz I see the password confirmation right away.
I changed my credentials, I clicked "saved" and the password confirmation appeared.
I logged out, logged in, and unfortunately, it was the same.
I even tried with private navigation under Firefox. It was the same.

@kriegerse
Copy link

kriegerse commented Dec 13, 2024

I can confirm the same behavior for external storage for individual users.

When going to "User Profile" --> "External Storage" the configuration dialog is asking for my user password to confirm and store the settings.

After typing the correct password the dialogue does report "Wrong password".

I've also enabled the LDAP backend but the same behavior can be seen for my admin user (not in LDAP) and within the global external storage configuration dialogues.

Furthermore things god more worse. When I have an external storage configured (on user level) the Files App does not list any files anymore, I just can access them folder and subfolders. I need to delete the external storage configuration to make the Files App work again.

Image

My environment:

  • Nextcloud: 30.0.4 - below 30.0.3 all was fine.

Apps installed:

Enabled:
  - activity: 3.0.0
  - admin_audit: 1.20.0
  - app_api: 4.0.3
  - bookmarks: 15.0.4
  - bruteforcesettings: 3.0.0
  - calendar: 5.0.6
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contacts: 6.1.1
  - contactsinteraction: 1.11.0
  - dashboard: 7.10.0
  - dav: 1.31.1
  - deck: 1.14.2
  - duplicatefinder: 1.2.6
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_accesscontrol: 1.20.1
  - files_automatedtagging: 1.20.0
  - files_downloadactivity: 1.17.0
  - files_downloadlimit: 3.0.0
  - files_external: 1.22.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_retention: 1.19.0
  - files_scripts: 4.1.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - flow_notifications: 1.10.0
  - forms: 4.3.4
  - gdatavaas: 30.1.3
  - keeweb: 0.6.20
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - mail: 4.0.9
  - memories: 7.4.1
  - metadata: 0.21.0
  - news: 25.1.0
  - nextcloud_announcements: 2.0.0
  - notes: 4.11.0
  - notifications: 3.0.0
  - notify_push: 0.7.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - photos: 3.0.2
  - previewgenerator: 5.7.0
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - quota_warning: 1.20.0
  - recognize: 8.2.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - richdocuments: 8.5.3
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - side_menu: 4.0.1
  - suspicious_login: 8.0.0
  - systemtags: 1.20.0
  - tables: 0.8.2
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - twofactor_nextcloud_notification: 4.0.0
  - twofactor_totp: 12.0.0-dev
  - updatenotification: 1.20.0
  - user_ldap: 1.21.0
  - user_status: 1.10.0
  - viewer: 3.0.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - encryption: 2.18.0
  - firstrunwizard: 3.0.0 (installed 2.18.0)
  - support: 2.0.0 (installed 1.0.0)
  - survey_client: 2.0.0 (installed 0.1.5)
  - weather_status: 1.10.0 (installed 1.3.0)
  - whereami: 0.0.37 (installed 0.0.37)

@artonge
Copy link
Contributor

artonge commented Dec 16, 2024

Maybe the backend does not allow pwd confirmation. I was too strict with this condition: https://github.com/nextcloud-libraries/nextcloud-password-confirmation/blob/6c4e40ae53c9398c113777b7db38d8de0448c5e0/src/main.ts#L29-L31

@artonge
Copy link
Contributor

artonge commented Dec 16, 2024

@BritBytes
Copy link

BritBytes commented Dec 18, 2024

I'm having the exact same issue, when I try to change anything on the External Storage page I get the Wrong Password message.

I was hoping the new update fixed the SFTP issue but seems to have broken the External Storage page even more.

Image

@laragio
Copy link

laragio commented Dec 23, 2024

Hi,
i'm having the same issue. If a user try to change settings under External Storage, the Password confirmation mask appear and they have the wrong password error message.

Can you provide a fix?

thanks

@archont00
Copy link

Similar or the same problem. Hub 30.0.4 via Nextcloud AIO beta channel.

  • Any change on Administration // External Storage page done by an LDAP user with admin rights fails on extra authentication ("Wrong password").
  • The very same user can log out and log in to NC as usual (TOTP is active). He can also update Apps (which requires extra password entry / authentication).
  • At least: loggin in as admin and creating/modifying External Storage works as expected (extra authentication succeeds).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback bug needs info
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants