[BUG]: Frequent Logout on Chrome Extension - "Too Many Requests" error

[Be-Mann]

⚠️ This issue respects the following points: ⚠️

• [X] This is a single bug, not a question or a configuration/webserver/proxy issue.
• [X] This is not a bug in the browser extension or another client.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server and the Passwords App is up to date. See Nextcloud Apps.
• [X] There are no warnings and errors reported in the Passwords App settings in the admin area
• [X] The following apps are not installed: Rainloop

Server Information

Server1:
{
    "version": {
        "server": "30.0.1.2",
        "app": "2024.9.20",
        "lsr": false,
        "php": "8.3.12",
        "cronPhp": "8.3.13"
    },
    "environment": {
        "os": "Linux",
        "architecture": "x86_64",
        "bits": 64,
        "database": "mysql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": true,
        "subdirectory": false
    },
    "services": {
        "images": "imagick",
        "favicons": "bi",
        "previews": "pageres",
        "security": "hibp",
        "words": "leipzig",
        "previewApi": false,
        "faviconApi": false
    },
    "status": {
        "autoBackupRestored": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 5
    },
    "encryption": {
        "sse": {
            "SSEv1r1": false,
            "SSEv1r2": true,
            "SSEv2r1": true,
            "SSEv3r1": false,
            "none": true,
            "default": "none"
        },
        "cse": {
            "CSEv1r1": true,
            "none": true,
            "default": "CSEv1r1"
        }
    }
}

Server2:
{
    "version": {
        "server": "30.0.1.2",
        "app": "2024.9.20",
        "lsr": false,
        "php": "8.2.25",
        "cronPhp": "8.2.25"
    },
    "environment": {
        "os": "Linux",
        "architecture": "x86_64",
        "bits": 64,
        "database": "mysql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": true,
        "subdirectory": false
    },
    "services": {
        "images": "imagick",
        "favicons": "bi",
        "previews": "ssl",
        "security": "hibp",
        "words": "auto",
        "previewApi": true,
        "faviconApi": false
    },
    "status": {
        "autoBackupRestored": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 5
    },
    "encryption": {
        "sse": {
            "SSEv1r1": false,
            "SSEv1r2": true,
            "SSEv2r1": true,
            "SSEv3r1": false,
            "none": true,
            "default": "SSEv2r1"
        },
        "cse": {
            "CSEv1r1": true,
            "none": true,
            "default": "CSEv1r1"
        }
    }
}

Client Information

Browser and Version: Chrome 130.0.0.0 Client OS and Version: Windows 10 Pro 64bit, Version 19045.5073

Bug description

Recently I have been frequently logged out of the Password Manager extension (on both servers), sometimes immediately after logging in and sometimes only after 30 seconds or so. I am connected to two servers, one of which is connected via VPN.

The extension log shows "Too Many Requests" as an error message. Addendum: And it sometimes shows "Error: Could not establish connection" to one server.

But basically I am always logged out of both instead of just one.

Steps to reproduce

Open the Password Manager Chrome Extension. Log in to the account. Perform any action (e.g., access a stored password). After a short while (sometimes immediately), I am logged out, and the message "Too Many Requests" or "Error: Could not establish connection" appears in the log.

Expected behavior

I should stay logged in to the extension after logging in, without unexpected logout due to "Too many requests" or "Could not connect", (especially if it's only on a short timeout (1-2 seconds by vpn) and the connection is back afterwards.

Nextcloud Logs

[
  {
    "reqId": "UFj2OMQgaDu6PpJPrMpS",
    "level": 3,
    "time": "31.10.2024 18:47:59",
    "remoteAddr": "192.168.190.20",
    "user": "xxxx@xxxxxx.de",
    "app": "passwords",
    "method": "POST",
    "url": "/index.php/apps/passwords/api/1.0/session/open",
    "message": "Error \"Passphrase invalid\" in OCA\\Passwords\\Controller\\Api\\SessionApiController::open",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0",
    "version": "30.0.1.2",
    "data": {
      "app": "passwords"
    }
  },
  {
    "reqId": "UFj2OMQgaDu6PpJPrMpS",
    "level": 4,
    "time": "31.10.2024 18:47:59",
    "remoteAddr": "192.168.190.20",
    "user": "xxxx@xxxxxx.de",
    "app": "passwords",
    "method": "POST",
    "url": "/index.php/apps/passwords/api/1.0/session/open",
    "message": "Passphrase invalid",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0",
    "version": "30.0.1.2",
    "exception": {
      "Exception": "OCA\\Passwords\\Exception\\ApiException",
      "Message": "Passphrase invalid",
      "Code": 256,
      "Trace": [
        {
          "file": "/var/www/html/custom_apps/passwords/lib/Services/UserChallengeService.php",
          "line": 134,
          "function": "solveChallenge",
          "class": "OCA\\Passwords\\Helper\\Challenge\\ChallengeV1Helper",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/passwords/lib/Controller/Api/SessionApiController.php",
          "line": 225,
          "function": "validateChallenge",
          "class": "OCA\\Passwords\\Services\\UserChallengeService",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/passwords/lib/Controller/Api/SessionApiController.php",
          "line": 142,
          "function": "verifyChallenge",
          "class": "OCA\\Passwords\\Controller\\Api\\SessionApiController",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 208,
          "function": "open",
          "class": "OCA\\Passwords\\Controller\\Api\\SessionApiController",
          "type": "->",
          "args": []
        },
        {
          "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 114,
          "function": "executeController",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->",
          "args": [
            [
              "OCA\\Passwords\\Controller\\Api\\SessionApiController"
            ],
            "open"
          ]
        },
        {
          "file": "/var/www/html/lib/private/AppFramework/App.php",
          "line": 161,
          "function": "dispatch",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->",
          "args": [
            [
              "OCA\\Passwords\\Controller\\Api\\SessionApiController"
            ],
            "open"
          ]
        },
        {
          "file": "/var/www/html/lib/private/Route/Router.php",
          "line": 302,
          "function": "main",
          "class": "OC\\AppFramework\\App",
          "type": "::",
          "args": [
            "SessionApiController",
            "open",
            [
              "OC\\AppFramework\\DependencyInjection\\DIContainer"
            ],
            [
              "passwords.session_api.open"
            ]
          ]
        },
        {
          "file": "/var/www/html/lib/base.php",
          "line": 1001,
          "function": "match",
          "class": "OC\\Route\\Router",
          "type": "->",
          "args": [
            "/apps/passwords/api/1.0/session/open"
          ]
        },
        {
          "file": "/var/www/html/index.php",
          "line": 24,
          "function": "handleRequest",
          "class": "OC",
          "type": "::",
          "args": []
        }
      ],
      "File": "/var/www/html/custom_apps/passwords/lib/Helper/Challenge/ChallengeV1Helper.php",
      "Line": 61,
      "Previous": {
        "Exception": "Exception",
        "Message": "HMAC does not match.",
        "Code": 0,
        "Trace": [
          {
            "file": "/var/www/html/lib/private/Security/Crypto.php",
            "line": 98,
            "function": "decryptWithoutSecret",
            "class": "OC\\Security\\Crypto",
            "type": "->",
            "args": [
              "*** sensitive parameters replaced ***"
            ]
          },
          {
            "file": "/var/www/html/custom_apps/passwords/lib/Helper/Challenge/ChallengeV1Helper.php",
            "line": 59,
            "function": "decrypt",
            "class": "OC\\Security\\Crypto",
            "type": "->",
            "args": [
              "*** sensitive parameters replaced ***"
            ]
          },
          {
            "file": "/var/www/html/custom_apps/passwords/lib/Services/UserChallengeService.php",
            "line": 134,
            "function": "solveChallenge",
            "class": "OCA\\Passwords\\Helper\\Challenge\\ChallengeV1Helper",
            "type": "->",
            "args": [
              "*** sensitive parameters replaced ***"
            ]
          },
          {
            "file": "/var/www/html/custom_apps/passwords/lib/Controller/Api/SessionApiController.php",
            "line": 225,
            "function": "validateChallenge",
            "class": "OCA\\Passwords\\Services\\UserChallengeService",
            "type": "->",
            "args": [
              "*** sensitive parameters replaced ***"
            ]
          },
          {
            "file": "/var/www/html/custom_apps/passwords/lib/Controller/Api/SessionApiController.php",
            "line": 142,
            "function": "verifyChallenge",
            "class": "OCA\\Passwords\\Controller\\Api\\SessionApiController",
            "type": "->",
            "args": [
              "*** sensitive parameters replaced ***"
            ]
          },
          {
            "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 208,
            "function": "open",
            "class": "OCA\\Passwords\\Controller\\Api\\SessionApiController",
            "type": "->",
            "args": []
          },
          {
            "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 114,
            "function": "executeController",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->",
            "args": [
              [
                "OCA\\Passwords\\Controller\\Api\\SessionApiController"
              ],
              "open"
            ]
          },
          {
            "file": "/var/www/html/lib/private/AppFramework/App.php",
            "line": 161,
            "function": "dispatch",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->",
            "args": [
              [
                "OCA\\Passwords\\Controller\\Api\\SessionApiController"
              ],
              "open"
            ]
          },
          {
            "file": "/var/www/html/lib/private/Route/Router.php",
            "line": 302,
            "function": "main",
            "class": "OC\\AppFramework\\App",
            "type": "::",
            "args": [
              "SessionApiController",
              "open",
              [
                "OC\\AppFramework\\DependencyInjection\\DIContainer"
              ],
              [
                "passwords.session_api.open"
              ]
            ]
          },
          {
            "file": "/var/www/html/lib/base.php",
            "line": 1001,
            "function": "match",
            "class": "OC\\Route\\Router",
            "type": "->",
            "args": [
              "/apps/passwords/api/1.0/session/open"
            ]
          },
          {
            "file": "/var/www/html/index.php",
            "line": 24,
            "function": "handleRequest",
            "class": "OC",
            "type": "::",
            "args": []
          }
        ],
        "File": "/var/www/html/lib/private/Security/Crypto.php",
        "Line": 137
      },
      "message": "Passphrase invalid",
      "exception": {},
      "CustomMessage": "Passphrase invalid"
    }
  }
]

Browser Logs

{
  "details": {
    "data": {
      "_response": {},
      "_status": 429
    },
    "message": "HTTP 429 - Too Many Requests",
    "stack": [
      "TooManyRequestsError: HTTP 429 - Too Many Requests",
      "    at f.getClass (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:558803)",
      "    at _.getClass (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:622342)",
      "    at O._getHttpError (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:575959)",
      "    at O.send (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:573668)",
      "    at async n.getFavicon (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:608824)",
      "    at async chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:902052"
    ],
    "time": 1730897648057
  },
  "error": {
    "name": "TooManyRequestsError",
    "stack": [
      "TooManyRequestsError: HTTP 429 - Too Many Requests",
      "    at f.getClass (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:558803)",
      "    at _.getClass (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:622342)",
      "    at O._getHttpError (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:575959)",
      "    at O.send (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:573668)",
      "    at async n.getFavicon (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:608824)",
      "    at async chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:902052"
    ],
    "string": "TooManyRequestsError: HTTP 429 - Too Many Requests",
    "message": "HTTP 429 - Too Many Requests",
    "_response": {},
    "_status": 429
  }
}

Addendum to the log:

{
  "details": {
    "data": {
      "id": "9a1f302a-f360-4704-8b8c-ac449cdcbc14",
      "tab": null,
      "type": "queue.items",
      "reply": null,
      "silent": false,
      "sender": "background",
      "channel": "runtime",
      "payload": {
        "name": "authorisation",
        "items": [
          {
            "id": "a0ceda2f-f32d-482c-8633-11bca268efb1",
            "task": {
              "server": "370c693e-3559-4695-b9b5-d399dd97b199",
              "label": "XXXXXX xxxx@xxxxxx.de",
              "password": true,
              "token": false,
              "providers": []
            },
            "result": {},
            "success": null,
            "accepted": false,
            "feedback": {}
          }
        ]
      },
      "receiver": null
    },
    "message": "Could not establish connection. Receiving end does not exist.",
    "stack": "Error: Could not establish connection. Receiving end does not exist.\n    at h (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:776309)",
    "time": 1730920307930
  },
  "error": {
    "name": "Error",
    "stack": [
      "Error: Could not establish connection. Receiving end does not exist.",
      "    at h (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:776309)"
    ],
    "string": "Error: Could not establish connection. Receiving end does not exist.",
    "message": "Could not establish connection. Receiving end does not exist."
  }
}

[JonTabor]

Just wanted to add that I'm seeing this as well on Brave browser (which uses Chrome extensions).

[marius-wieschollek]

Sounds like an extension issue to me so i'm moving this