search

nextcloud / desktop

💻 Desktop sync client for Nextcloud
https://nextcloud.com/install/#install-clients
GNU General Public License v2.0
3.06k stars 804 forks source link

Re-Login doesn't work with (old) ownCloud servers #2111

Open csware opened 4 years ago

csware commented 4 years ago

Expected behaviour

I use the Nextcloud Client to sync with my nextcloud instance and onother old owncloud instance.

Recently the app token for the owncloud instance was revoked or got lost. Not I cannot log in again to that instance.

I expect that a dialog opens where I can enter my credentials (the very same dialog which appears when I add a new account for an old owncloud server).

Actual behaviour

When I click on Log-in I get a dialog where I see the error "Error acceccing the token endpoint: ... server replied: Precondition failed". Below there are two options "Open browser again" and "Copy link", both are not working.

When I try to add another account for that server I am correctly asked for my credentials by the nextcloud client.

How can I log in to that account again? (even very hacky methods are welcome)

Steps to reproduce

  1. Expire/revoke/delete an app token.
  2. Nextcloud client recognizes that the user is logged out.
  3. Click on Log-in in Nextcloud client

Client configuration

Client version: 2.6.4stable-Win64 (build 20200303)

Operating system: Win10 1909 x64

OS language: German

Server configuration

Owncloud version: 9.1.6 (stable) (yes, that'S very old, but not under my control)

Logs

Please use Gist (https://gist.github.com/) or a similar code paster for longer logs.

  1. Client logfile: 
    [OCC::AccountState::setState    AccountState state change:  "Abgemeldet" -> "Getrennt"
[OCC::WebFlowCredentials::createQNAM    Get QNAM
[OCC::FolderMan::slotAccountStateChanged    Account "USERNAME@SERVER" disconnected or paused, terminating or descheduling sync folders
[OCC::AccessManager::createRequest  2 "" "https://SERVER/status.php" has X-Request-ID "4c2e28e2-a887-4e36-8caf-ff6d1a48174b"
[OCC::AbstractNetworkJob::start     OCC::CheckServerJob created for "https://SERVER" + "status.php" "OCC::ConnectionValidator"
[OCC::WebFlowCredentials::slotFinished  request finished
[OCC::CheckServerJob::finished  status.php returns:  QJsonDocument({"edition":"","installed":true,"maintenance":false,"version":"9.1.6.2","versionstring":"9.1.6"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x1efe1e61c10)
[OCC::ConnectionValidator::slotStatusFound  ** Application: ownCloud found:  QUrl("https://SERVER")  with version  "9.1.6" ( "9.1.6.2" )
[OCC::ConnectionValidator::setAndCheckServerVersion     QUrl("https://SERVER") has server version "9.1.6.2"
[OCC::AccountState::slotConnectionValidatorResult   AccountState connection status change:  OCC::ConnectionValidator::Undefined -> OCC::ConnectionValidator::CredentialsNotReady
[OCC::AccountState::handleInvalidCredentials    Invalid credentials for "https://SERVER" asking user
[OCC::AccountState::setState    AccountState state change:  "Getrennt" -> "Zugangsdaten werden abgefragt"
[OCC::FolderMan::slotAccountStateChanged    Account "USERNAME@SERVER" disconnected or paused, terminating or descheduling sync folders
[OCC::DetermineAuthTypeJob::start   Determining auth type for QUrl("https://SERVER/remote.php/webdav/")
[OCC::AccessManager::createRequest  2 "" "https://SERVER/remote.php/webdav/" has X-Request-ID "d18a825a-cf7c-43c0-bdc3-d5109a575504"
[OCC::AbstractNetworkJob::start     OCC::SimpleNetworkJob created for "https://SERVER" + "" "OCC::Account"
[OCC::AccessManager::createRequest  6 "PROPFIND" "https://SERVER/remote.php/webdav/" has X-Request-ID "8a891e7c-4e47-459c-8309-348f9bba53f9"
[OCC::AbstractNetworkJob::start     OCC::SimpleNetworkJob created for "https://SERVER" + "" "OCC::Account"
[OCC::AccessManager::createRequest  2 "" "https://SERVER/ocs/v2.php/cloud/capabilities?format=json" has X-Request-ID "c7447bf9-87aa-4ecd-9972-f82dee9afa08"
[OCC::AbstractNetworkJob::start     OCC::JsonApiJob created for "https://SERVER" + "/ocs/v2.php/cloud/capabilities" "OCC::DetermineAuthTypeJob"
[OCC::WebFlowCredentials::slotFinished  request finished
[OCC::WebFlowCredentials::stillValid    QNetworkReply::AuthenticationRequiredError
[OCC::WebFlowCredentials::stillValid    "Der Host verlangt eine Authentifizierung"
[OCC::WebFlowCredentials::slotFinished  request finished
[OCC::WebFlowCredentials::stillValid    QNetworkReply::AuthenticationRequiredError
[OCC::WebFlowCredentials::stillValid    "Der Host verlangt eine Authentifizierung"
[OCC::WebFlowCredentials::slotFinished  request finished
[OCC::WebFlowCredentials::stillValid    QNetworkReply::AuthenticationRequiredError
[OCC::WebFlowCredentials::stillValid    "Der Host verlangt eine Authentifizierung"
[OCC::JsonApiJob::finished  JsonApiJob of QUrl("https://SERVER/ocs/v2.php/cloud/capabilities?format=json") FINISHED WITH STATUS "AuthenticationRequiredError Der Host verlangt eine Authentifizierung"
[OCC::JsonApiJob::finished  Network error:  "/ocs/v2.php/cloud/capabilities" "Der Host verlangt eine Authentifizierung" QVariant(int, 401)
[OCC::DetermineAuthTypeJob::checkAllDone    Auth type for QUrl("https://SERVER/remote.php/webdav/") is 0
[unknown    QLayout: Attempting to add QLayout "" to OCC::WebFlowCredentialsDialog "", which already has a layout
[OCC::AccessManager::createRequest  4 "" "https://SERVER/index.php/login/v2" has X-Request-ID "befaaaab-da10-4baf-87ca-b3258982203d"
[OCC::AbstractNetworkJob::start     OCC::SimpleNetworkJob created for "https://SERVER" + "" "OCC::Account"
[OCC::WebFlowCredentials::slotFinished  request finished
[OCC::AbstractNetworkJob::slotFinished  Redirecting "POST" QUrl("https://SERVER/index.php/login/v2") QUrl("https://SERVER/index.php/login")
[OCC::AccessManager::createRequest  4 "" "https://SERVER/index.php/login" has X-Request-ID "e57df2de-e361-4d3b-9c20-cccd3ba0cd5a"
[OCC::WebFlowCredentials::slotFinished  request finished
[OCC::AbstractNetworkJob::slotFinished  QNetworkReply::UnknownContentError "Server hat \"412 Precondition failed\" auf \"POST https://SERVER/index.php/login\" geantwortet" QVariant(int, 412)
[OCC::WebFlowCredentials::stillValid    QNetworkReply::UnknownContentError
[OCC::WebFlowCredentials::stillValid    "Error transferring https://SERVER/index.php/login - server replied: Precondition failed"
[OCC::Flow2Auth::fetchNewToken::::operator()    Error when getting the loginUrl QJsonObject({"error":null,"message":"CSRF check failed"}) "Fehler beim Zugriff auf den 'Token'-Endpunkt: <br><em>Error transferring https://SERVER/index.php/login - server replied: Precondition failed</em>"
er-vin commented 4 years ago

I suspect that's because your very old ownCloud instance doesn't support the new login flow... even the ownCloud client stopped supporting it. I doubt much can be done about that. For the time being you could try to make you own build of the client with shibboleth support but that code will be canned soon (has its own implication on install payload and so on).

csware commented 4 years ago

When I connect to the very same ownCloud instance using "Add account" it still works. That's the reason why I consider this a regression.

csware commented 4 years ago

Some new findings: When I add a new connection I see 0\authType=http and 0\http_user=XXX in %APPDATA%\Nextcloud\Nextcloud.cf and on my system where the issues arises authType is currently set to webflow.

What bothers me is that even if I manually change webflow to http the Nextcloud client automatically reverts to webflow. So this does not help, any idea why?

On my testmachine I can successfully logout and login again in the Nextcloud client.

csware commented 4 years ago

This issue only seems to occurr if at least one account with webflow is configured.

What does not work:

  1. Stop Nextcloud client
  2. Change webflow to http in Nextcloud.cfg
  3. Manually create an entry in Windows Credential Manager using the format Nextcloud_USERNAME:https://SERVERNAME/:1 (because the username needs to be empty, this cannot be done using the Windows UI)?!

What does work, however, really evil:

  1. Stop Nextcloud client
  2. Backup Nextcloud.cfg
  3. Delete Nextcloud.cfg
  4. Add accounts as needed (until you get the right ID in Nextcloud.cfg, I always used the very same account w/o setting up any sync folders)
  5. Drop unneeded accounts in the client again
  6. Close Nextcloud client
  7. Restore backup of Nextcloud.cfg and voila
csware commented 4 years ago

Easier fix:

  1. Stop Nextcloud client
  2. Delete the authType line for the affected account
  3. Start Nextcloud client
  4. Re-Login to the account

Also, when I click on Logout and try to re-login again the authType is set to webflow again.

csware commented 4 years ago

The reason might be https://github.com/nextcloud/desktop/blob/712869d/src/gui/accountmanager.cpp#L257

er-vin commented 4 years ago

I see now I understand better. Indeed it looks related to the migration you spotted... I guess we could complete that by not migrating if the server version is too old. Would have to look for which versions of both servers support webflow or not. Indeed we really only have the version and not the server type.

jangop commented 4 years ago

Should I open an additional issue for “Open browser again” and “Copy link” being unresponsive, or it that considered part of this issue? @er-vin

To clarify. Clicking either of the two options brings up a note “Starting authorization...” that stays on screen for but a moment, but then nothing happens. This also means that no “link” is being copied:

screencast

Btw, this issue is related to #1915.

er-vin commented 4 years ago

Should I open an additional issue for “Open browser again” and “Copy link” being unresponsive, or it that considered part of this issue? @er-vin

To clarify. Clicking either of the two options brings up a note “Starting authorization...” that stays on screen for but a moment, but then nothing happens. This also means that no “link” is being copied:

screencast

Btw, this issue is related to #1915.

I don't think a new ticket is needed for this. It's pretty much due to the Bad Request so there's nothing to open or copy in such a case.

jangop commented 4 years ago

I don't think a new ticket is needed for this. It's pretty much due to the Bad Request so there's nothing to open or copy in such a case.

I agree. However, the interface is mishandling the communication of said request with regards to the user. A buttons that does nothing is a bug in its own right.

er-vin commented 4 years ago

Yes, it is clearly misleading in that case. Still in that case it would go away if the root cause was handled.

hoehnp commented 3 years ago

sorry for bumping, but is there any activity in this issue? I think for students at German universities it would be very valuable.

paroj commented 2 years ago

I guess we could complete that by not migrating if the server version is too old.

that would be an improvement, as currently one needs to edit nextcloud.cfg after each restart..

ifrh commented 1 year ago

Did not work with Nextcloud client version 3.8.0, too.

grafik

Adding as new account after deleting the account, shows that the server is running Version 10.12.0.6.

grafik

ifrh commented 1 year ago

Did not work with Nextcloud client version 3.8.0, too.

Workaround, that is deleting authtype line from nextcloud.cfg, mentioned in June 2020 in https://github.com/nextcloud/desktop/issues/2111#issuecomment-647486747 , allows re-using SCIEBO-cloud between two starts of nextcloud client 3.8.0.

It seems to me, that setting authtype=webflow is not allowed for clients to communicate with SCIEBO-Server

bernd-wechner commented 1 year ago

I'm getting this message too on a virgin install of Nextcloud 27, and newly downloaded desktop client (appImage)

"Could not parse the JSON returned from the server: illegal value"

here is my nextcloud.cfg, no account info at all or authtype.

[General]
clientVersion=3.10.0 (build 17672)
confirmExternalStorage=true
isVfsEnabled=false
logToTemporaryLogDir=true
newBigFolderSizeLimit=500
optionalDesktopNotifications=true
optionalServerNotifications=true
showInExplorerNavigationPane=true
updateSegment=45
useNewBigFolderSizeLimit=false

[Accounts]
version=2

[ActivityListHeader]
geometry=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x6\xfa\0\0\0\x5\x1\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x81\0\0\0\0\0\0\0\x5\0\0\0\x81\0\0\0\x1\0\0\0\0\0\0\x4h\0\0\0\x1\0\0\0\0\0\0\x1M\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0`\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\xff\xff\xff\xff)

[LogBrowser]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x6\xb9\0\0\x3\xc1\0\0\n\xf0\0\0\x4\xf0\0\0\x6\xba\0\0\x3\xd7\0\0\n\xef\0\0\x4\xef\0\0\0\0\0\0\0\0\a\x80\0\0\x6\xba\0\0\x3\xd7\0\0\n\xef\0\0\x4\xef)

[Proxy]
type=2

[Settings]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x1\xbd\0\0\x1\xfa\0\0\b\xaa\0\0\x6$\0\0\x1\xbd\0\0\x2\x16\0\0\b\xaa\0\0\x6$\0\0\0\0\0\0\0\0\xf\0\0\0\x1\xbd\0\0\x2\x16\0\0\b\xaa\0\0\x6$)

[SharingDialog]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x6\x44\0\0\x3o\0\0\a\xc8\0\0\x4V\0\0\x6\x45\0\0\x3\x85\0\0\a\xc7\0\0\x4U\0\0\0\0\0\0\0\0\a\x80\0\0\x6\x45\0\0\x3\x85\0\0\a\xc7\0\0\x4U)