[BUG]: Dashboard widget reports long loading time even if not activated

[BMerz]

⚠️ This issue respects the following points: ⚠️

• [X] This is a single bug, not a question or a configuration/webserver/proxy issue.
• [X] This is not a bug in the browser extension or another client.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server and the Passwords App is up to date. See Nextcloud Apps.
• [X] There are no warnings and errors reported in the Passwords App settings in the admin area
• [X] The following apps are not installed: Rainloop

Server Information

{
    "version": {
        "server": "27.1.5.1",
        "app": "2023.12.31",
        "lsr": false,
        "php": "8.1.26",
        "cronPhp": "8.1.26"
    },
    "environment": {
        "os": "Linux",
        "architecture": "aarch64",
        "bits": 64,
        "database": "mysql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": false,
        "subdirectory": true
    },
    "services": {
        "images": "imagick",
        "favicons": "default",
        "previews": "default",
        "security": "hibp",
        "words": "auto",
        "previewApi": false,
        "faviconApi": false
    },
    "status": {
        "autoBackupRestored": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 1
    },
    "encryption": {
        "sse": {
            "SSEv1r1": false,
            "SSEv1r2": true,
            "SSEv2r1": false,
            "SSEv3r1": false,
            "none": false,
            "default": "SSEv1r2"
        },
        "cse": {
            "CSEv1r1": false,
            "none": true,
            "default": "none"
        }
    }
}

Client Information

Browser and Version: Firefox 115.5.0esr (64-Bit) Client OS and Version: Linux, Debian 12.2

Bug description

I have not activated the Passwords widget on the Dashboard page. But I see an error in the nextcloud server log, that the widget takes several seconds to load.

Steps to reproduce

1. Open Browser on the client and log in to the nextcloud instance.
2. Dashboards opens (Passwords widget not enabled and not visible)
3. Look into the server log file
4. Check log entries {"reqId":"lU3PkpbN94Du7fbLWGab","level":3,"time":"2023-12-14T15:08:33+00:00","remoteAddr":"X.X.X.X","user":"XXX","app":"no app in context","method":"GET","url":"/nextcloud/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=mail-unread","message":"Dashboard widget passwords-widget took 4.4 seconds to load.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"27.1.5.1","data":[],"id":"657b1a7fd500b"}

Expected behavior

1. Long loading is not an Error but a Warning
2. If a widget is not activated then it is not loading

Nextcloud Logs

{"reqId":"lU3PkpbN94Du7fbLWGab","level":3,"time":"2023-12-14T15:08:33+00:00","remoteAddr":"X.X.X.X","user":"XXX","app":"no app in context","method":"GET","url":"/nextcloud/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=mail-unread","message":"Dashboard widget passwords-widget took 4.4 seconds to load.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"27.1.5.1","data":[],"id":"657b1a7fd500b"}

Browser Logs

-

[marius-wieschollek]

The dashboard loads every widget available for every request, even if they're not actually enabled. Since the passwords widget also needs a token, i guess this can take a while on a RaspberryPI.

I will add an additional check to not load the widget if not needed and cache the token so the time is lower for repeat requests.

[BMerz]

Thanks @marius-wieschollek for the fast response and action!

[Oberlurch3000]

Will this update also be available for NC 27 / PHP 8.1 server? Since an update to NC 28 and PHP 8.2 will take some time for raspberrypi users it would be nice if this could be fixed. I'm asking because the appstore tells me version 2023.12.31 was the last one for older setups.

[ibahnasy]

This issue is also happening on a VPS which should be faster than a Raspberri Pi.

But why other apps are involved too with the Passwords widget?

{"reqId":"","level":3,"time":"2023-12-23T11:42:29+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v1/widgets","message":"Dashboard widget passwords-widget took 2.13 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

{"reqId":"","level":3,"time":"2023-12-23T11:42:38+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=collectives-recent-pages","message":"Dashboard widget passwords-widget took 5.36 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

{"reqId":"","level":3,"time":"2023-12-23T11:42:39+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=user_status","message":"Dashboard widget passwords-widget took 6.53 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

{"reqId":"","level":3,"time":"2023-12-23T11:42:40+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=mail-unread","message":"Dashboard widget passwords-widget took 6.86 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

{"reqId":"","level":3,"time":"2023-12-23T11:42:40+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=recommendations","message":"Dashboard widget passwords-widget took 7.17 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

{"reqId":"","level":3,"time":"2023-12-23T11:42:40+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=mail","message":"Dashboard widget passwords-widget took 7.26 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

{"reqId":"","level":3,"time":"2023-12-23T11:42:40+00:00","remoteAddr":"","user":"","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/dashboard/api/v2/widget-items?widgets%5B%5D=calendar","message":"Dashboard widget passwords-widget took 7.61 seconds to load.","userAgent":"","version":"27.1.5.1","data":[]}

[sbe-arg]

running yesterday release 2024.3.20 the issue https://github.com/marius-wieschollek/passwords/issues/624 still persists :(

Why not to remove the date from the event of the session?

[marius-wieschollek]

Why not to remove the date from the event of the session?

I don't understand what you're trying to say.

Also i can no longer reproduce either of these issues.

[sbe-arg]

The session name is recorded including a time and date stamp when session names could be function specific so they can be reused/over written.

When enabling passwords and refreshing the dashboard multiple sessions are logged like in the issue referenced.

Using a fully patched instance and latest app updates.

[sbe-arg]

Issue #624 should be re opened is still happening basically.

[marius-wieschollek]

The app reuses the same session as long as the token is stored in your Nextcloud session. The timestamp is just part of the name, it's not used for any technical functionality.

I have tested the session functionality on test.passwordsapp.org and it works as intended:

session test.webm

[sbe-arg]

I still get many session logged every 15-20 min a new session comes in during the hours I'm working on the web ui.

I have many more apps

Calendar, talk, photos, files, and few others and this happens when I refresh the dashboard screen and the password widget is not enabled. I only have calendar, activity and weather widgets enabled.

[marius-wieschollek]

3-4 sessions per hour is not excessive. In 624, users got 10+ sessions per minute. That has been fixed.

I checked the lifetime of how long the token is being stored in the session. It's 10 minutes by default, uses with E2EE/CSE enabled can set this to up to an hour in the expert settings.

In my testing, i can also not see that the app is creating sessions on its own, so if you get a new session every 15 - 20 min, it's because you have opened the app or the dashboard. The tokens are temporary, so NC will automatically clean up after some time.

I have checked the logs of all my servers for any loading time warning related to the passwords app dashboard widget. I have found none. So i assume that the issue has been resolved on any reasonably sized Nextcloud instance.

I will close this ticket now. if you still experience any issues, please open a new bug report with all the information necessary to reproduce the issue. If you have any more questions, please use one of the support channels to ask them.