Closed gerharddaniel closed 9 months ago
Hi, we've got same situation. Nextcloud v. 27.1.5.2, Passwords app 2023.12.32 and one user in LDAP (not all users from LDAP).
I think the problem is related to Dashboard app + Passwords app.
We've seen that the user also is unable to login through the webpage if the default app is "Dashboard", so changing to "Files" is a workaround.
If you add the next line in your config.php file:
'defaultapp' => 'files',
then you can impersonate the user, as the first app opened is "Files app", not "Dashboard app".
Also if you go to Passwords app version 2023.12.31 issue is not reproducible, so Dashboard app works fine, and you can impersonate into a user with default app the Dashboard.
I have added a patch for this to the nightly versions
Thanks for the patch, but patching manually on version 2023.12.32 does not fix the issue of trying to show Dashboard app as default. User "xerencia@XXXXXXXXXX" is a LDAP user.
What I can see is that "admin" user (not LDAP user) can impersonate into a LDAP user and get into his Dashboard fine.
But if I try to do the same with one LDAP user, who impersonates fine into another LDAP user, but cannot get into the Dashboard app, failing with the error shown below:
{"reqId":"S2Q5JL1Ee4Y4eOwEHw2q","level":2,"time":"Feb 05 19:29:29","remoteAddr":"46.222.227.81","user":"xerencia@XXXXXXXXX","app":"passwords","method":"GET","url":"/apps/dashboard/","message":"Login attempt with invalid session for xerencia@XXXXXXXXX","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"27.1.5.2","data":{"app":"passwords"}}
{"reqId":"S2Q5JL1Ee4Y4eOwEHw2q","level":3,"time":"Feb 05 19:29:29","remoteAddr":"46.222.227.81","user":"xerencia@XXXXXXXXX","app":"index","method":"GET","url":"/apps/dashboard/","message":"Exception thrown: Exception","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0","version":"27.1.5.2","exception":{"Exception":"Exception","Message":"Unable to verify user xerencia@XXXXXXXXX","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/passwords/lib/Services/EnvironmentService.php","line":361,"function":"loadUserInformation","class":"OCA\\Passwords\\Services\\EnvironmentService","type":"->"},{"file":"/var/www/nextcloud/apps/passwords/lib/Services/EnvironmentService.php","line":185,"function":"determineAppMode","class":"OCA\\Passwords\\Services\\EnvironmentService","type":"->"},{"function":"__construct","class":"OCA\\Passwords\\Services\\EnvironmentService","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":84,"function":"newInstanceArgs","class":"ReflectionClass","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":124,"function":"buildClass","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":142,"function":"resolve","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php","line":494,"function":"query","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php","line":466,"function":"queryNoFallback","class":"OC\\AppFramework\\DependencyInjection\\DIContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":97,"function":"query","class":"OC\\AppFramework\\DependencyInjection\\DIContainer","type":"->"},{"function":"OC\\AppFramework\\Utility\\{closure}","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":84,"function":"array_map"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":124,"function":"buildClass","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":142,"function":"resolve","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php","line":494,"function":"query","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php","line":466,"function":"queryNoFallback","class":"OC\\AppFramework\\DependencyInjection\\DIContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":97,"function":"query","class":"OC\\AppFramework\\DependencyInjection\\DIContainer","type":"->"},{"function":"OC\\AppFramework\\Utility\\{closure}","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":84,"function":"array_map"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":124,"function":"buildClass","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":142,"function":"resolve","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php","line":494,"function":"query","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/ServerContainer.php","line":155,"function":"queryNoFallback","class":"OC\\AppFramework\\DependencyInjection\\DIContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":65,"function":"query","class":"OC\\ServerContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/Dashboard/Manager.php","line":78,"function":"get","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->"},{"file":"/var/www/nextcloud/lib/private/Dashboard/Manager.php","line":141,"function":"loadLazyPanels","class":"OC\\Dashboard\\Manager","type":"->"},{"file":"/var/www/nextcloud/apps/dashboard/lib/Controller/DashboardController.php","line":101,"function":"getWidgets","class":"OC\\Dashboard\\Manager","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"index","class":"OCA\\Dashboard\\Controller\\DashboardController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1068,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/index.php","line":38,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/apps/passwords/lib/Services/EnvironmentService.php","Line":398,"CustomMessage":"Exception thrown: Exception"}}
I tested this with with the dashboard as default page in any combination of LDAP and non-LDAP users trough the impersonate app. I can't reproduce the error in the current 2024.2.0.
I don't support 2023.12 any longer, but i would publish an update if there is a PR with a solution. So if anyone wants to debug the issue, they can check out the function \OCA\Passwords\Services\EnvironmentService::loadUserFromSession
which seems to be where the error happens.
⚠️ This issue respects the following points: ⚠️
Server Information
Client Information
Browser and Version: firefox 115.6.0esr Client OS and Version: Red Hat Enterprise Linux release 9.3 (Plow)
We have tested it on different clients with different OS, and the result is always the same.
Bug description
Hi,
I'm taking the liberty of contacting you after having requested Nextcloud support for a bug that, for us, is blocking. After investigation, it appears that there is an interraction between the "impersonate" plugin and the "Password" plugin.
Here's the problem: users from an ldap directory and members of the "admin" group cannot assume the identity of a third party (impersonate plugin). This is not the case for local "Nextcloud" accounts and members of the admin group.
This is the message displayed in the browser:
Then the IP address is then blacklisted for a few minutes.
After deactivating the "Password" plugin, the problem disappears and the "impersonate" function is fully operational. Could you please help us to unblock this situation?
Regards
Steps to reproduce
Expected behavior
Normally, I should have taken the user's identity and have access to his environment (files, ...)
Nextcloud Logs
Browser Logs
No response