[Bug]: Error message "Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you." is clogging up the logs

[affemogaffe]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

The log is clogged up with error messages when uploading files (See exact error message below). All user accounts are affected. This seems to be an issue with files_fulltextsearch in combination with per-user key encryption. Even though the error message does not indicate a specific app, it is only encountered when files_fulltextsearch is enabled (doesnt't happen if only fulltextsearch and fulltextsearch_elasticsearch are enabled). The error message appears whenever a human-readable file is uploaded. If e.g. a .dll file is uploaded, no error messages occur. If the file extension is changed from .dll to .txt, the error occurs immediately. The files themselves can be opened without errors both from the web interface and the desktop drive.

Steps to reproduce

1. Enable per-user key encryption
2. Install fulltextsearch, fulltextsearch_elasticsearch and files_fulltextsearch
3. Upload a human-readable file

Expected behavior

No errors in the logs

Installation method

Community Manual installation with Archive

Nextcloud Server version

28

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.3

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Enabled

What user-backends are you using?

• [X] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.redacted.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "28.0.2.5",
        "overwrite.cli.url": "https:\/\/cloud.redacted.com",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "cloud.redacted.com",
        "activity_expire_days": 14,
        "allow_local_remote_servers": true,
        "auth.bruteforce.protection.enabled": true,
        "blacklisted_files": [
            ".htaccess",
            "Thumbs.db",
            "thumbs.db"
        ],
        "cron_log": true,
        "default_phone_region": "DE",
        "defaultapp": "files,dashboard",
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\Movie",
            "OC\\Preview\\PDF",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown"
        ],
        "filesystem_check_changes": 0,
        "filelocking.enabled": "true",
        "htaccess.RewriteBase": "\/",
        "integrity.check.disabled": false,
        "knowledgebaseenabled": false,
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": 2,
        "logtimezone": "Europe\/Berlin",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "overwriteprotocol": "https",
        "preview_max_x": 1024,
        "preview_max_y": 768,
        "preview_max_scale_factor": 1,
        "profile.enabled": false,
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "password": "***REMOVED SENSITIVE VALUE***",
            "timeout": 0.5,
            "dbindex": 1
        },
        "quota_include_external_storage": false,
        "share_folder": "\/shared",
        "skeletondirectory": "",
        "theme": "",
        "trashbin_retention_obligation": "auto, 7",
        "updater.release.channel": "stable",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "remember_login_cookie_lifetime": "1800",
        "versions_retention_obligation": "auto, 365",
        "simpleSignUpLink.shown": false,
        "upgrade.disable-web": true,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "log_rotate_size": "0",
        "maintenance": false,
        "maintenance_window_start": "0",
        "default_timezone": "Europe\/Berlin"
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - bruteforcesettings: 2.8.0
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - encryption: 2.16.0
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_accesscontrol: 1.18.0
  - files_automatedtagging: 1.18.0
  - files_fulltextsearch: 28.0.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - fulltextsearch: 28.0.0
  - fulltextsearch_elasticsearch: 28.0.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - nextcloud_announcements: 1.17.0
  - notifications: 2.16.0
  - notify_push: 0.6.9
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - quota_warning: 1.18.0
  - recommendations: 2.0.0
  - related_resources: 1.3.0
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - spreed: 18.0.3
  - support: 1.11.0
  - systemtags: 1.18.0
  - terms_of_service: 2.3.2
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - updatenotification: 1.18.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - circles: 28.0.0-dev (installed 28.0.0-dev)
  - files_external: 1.20.0
  - files_fulltextsearch_tesseract: 27.0.0
  - firstrunwizard: 2.17.0 (installed 2.17.0)
  - survey_client: 1.16.0 (installed 1.16.0)
  - suspicious_login: 6.0.0
  - twofactor_totp: 10.0.0-beta.2
  - user_ldap: 1.19.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

{"reqId":"1cOoYXpgrtXxozMVL652","level":3,"time":"2024-02-13T13:12:49+01:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Cannot decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you.","userAgent":"--","version":"28.0.2.5","data":[]}

Additional info

No response

[joshtrichards]

This seems to be an issue with files_fulltextsearch in combination with per-user key encryption.

You may be able to get a bit more certainty about the broader code path this is flowing through by temporarily enabling log.backtrace:

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#log-backtrace

The files themselves can be opened without errors both from the web interface and the desktop drive.

But can they even be searched via FTS successfully? Or is the log noise truly your primary concern?

[affemogaffe]

Yeah, sorry for not including that rather important info, the files cannot be searched via FTS successfully. I enabled log.backtrace, and almost all lines produced when uploading a testfile include "app":"files_fulltextsearch" or "app":"fulltextsearch_elasticsearch".