Keepasium and failed authentications over Nextcloud storage

keepassium / KeePassium

KeePass-compatible password manager for iOS

https://keepassium.com

Other

1.21k stars 103 forks source link

Keepasium and failed authentications over Nextcloud storage #234

Closed fuzunspm closed 2 years ago

fuzunspm commented 2 years ago

Description I have fail2ban configured for Nextcloud authentication and Keepassium keeps making failed authentication attempts and gets IP blocked

Environment:

Device: iPhone 13 Pro Max/iPad Pro (they both have the same issue)
OS: iOS 15.5/iPadOS 15.5
App Version: 1.32

Here is the Nextcloud logs triggered by Keepassium. I have 3 others apps that use Nextcloud storage and they don't have this problem. I tried to re-login/re-install both apps but it didn't fix the problem

{"reqId":"someID","level":2,"time":"2022-05-15T13:22:50+03:00",
"remoteAddr":"MY_IP_ADDRESS","user":"--","app":"core","method":"PUT",
"url":"/nextcloud/remote.php/dav/files/username/Pass/Passwords.kdbx",
"message":"Login failed: '' (Remote IP: MY_IP_ADDRESS')","userAgent":"File%20Provider%20Extension/0 CFNetwork/1331.0.7 Darwin/21.4.0","version":"24.0.0.12"}

keepassium commented 2 years ago

KeePassium does not store your Nextcloud credentials and does not send network requests to your server. The app delegates synchronization to the original cloud provider's app. (Or, more precisely, its File Provider module which handles Nextcloud integration with the standard iOS Files app.)

So this is purely a Nextcloud issue that has nothing to do with KeePassium. You can try to replicate the issue by opening Nextcloud-stored PDF files in the standard Files app, and editing them using Markup feature (still in the Files PDF preview). Requests received by your server in this scenario should be very similar to KeePassium's workflow.

I have 3 others apps that use Nextcloud storage and they don't have this problem.

I assume these apps communicate with your server directly, not via the Files/Nextcloud integration.

ann0see commented 1 year ago

Is there any follow up issue in the Nextcloud app? I'm facing the same issue

keepassium commented 1 year ago

@ann0see , I don't think so, unless one was created independently.

By the way, since my previous response here KeePassium added support for direct WebDAV connections. It works with Nextcloud storage without relying on Nextcloud app, so this might be the quickest solution.

ann0see commented 1 year ago

Thank you for your answer. I've updated the regular expression for the Nextcloud fail2ban jail. Let's wait and see.