Background (sync) jobs executed with missing oauth access token

SvenKeimpema commented 10 months ago

⚠️ This issue respects the following points: ⚠️

[X] This is a bug, not a question or a configuration/webserver/proxy issue.
[X] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
[X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
[X] I agree to follow Nextcloud's Code of Conduct.

Bug description

I'm currently running a nextcloud server on v27.1.2~ynh3 and i'm getting an error whenever i attempt to login into a school/work outlook email account. From what i've seen it has something to do with after logging on with Microsofts 2FA it forgets or doesn't pass on the var $authenticatedCiphertext correctly. Also this might have nothing to do with it, whenever Microsofts popup shows up about the 2FA it goes into a completly different window so maybe it has something to do with that however it didn't seem likely but worth to mention.

I haven't found a workaround for this, is this issue known and can it be fixed?

Steps to reproduce

Create a outlook school/work account and enable 2FA on it
attempt to login to the account with nextcloud's mail

Expected behavior

No issues thrown and able to login to the account

Installation method

Community Web installer on a VPS or web space

Nextcloud Server version

27

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

[X] Default user-backend (database)
[ ] LDAP/ Active Directory
[ ] SSO - SAML
[ ] Other

Configuration report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "ikhebgeenwebsite.nl"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "config_is_read_only": true,
        "version": "27.1.2.1",
        "overwrite.cli.url": "https:\/\/ikhebgeenwebsite.nl",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "updatechecker": false,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "integrity.check.disabled": true,
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "6379",
            "timeout": "0.0",
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "hashing_default_password": true,
        "localstorage.allowsymlinks": true,
        "simpleSignUpLink.shown": false,
        "logout_url": "https:\/\/ikhebgeenwebsite.nl\/yunohost\/sso\/?action=logout"
    }
}

List of activated Apps

Enabled:
  - activity: 2.19.0
  - circles: 27.0.1
  - cloud_federation_api: 1.10.0
  - comments: 1.17.0
  - contactsinteraction: 1.8.0
  - dashboard: 7.7.0
  - dav: 1.27.0
  - federatedfilesharing: 1.17.0
  - federation: 1.17.0
  - files: 1.22.0
  - files_external: 1.19.0
  - files_pdfviewer: 2.8.0
  - files_reminders: 1.0.0
  - files_rightclick: 1.6.0
  - files_sharing: 1.19.0
  - files_trashbin: 1.17.0
  - files_versions: 1.20.0
  - firstrunwizard: 2.16.0
  - logreader: 2.12.0
  - lookup_server_connector: 1.15.0
  - mail: 3.4.4
  - nextcloud_announcements: 1.16.0
  - notifications: 2.15.0
  - oauth2: 1.15.1
  - password_policy: 1.17.0
  - photos: 2.3.0
  - privacy: 1.11.0
  - provisioning_api: 1.17.0
  - recommendations: 1.6.0
  - related_resources: 1.2.0
  - richdocuments: 8.2.2
  - serverinfo: 1.17.0
  - settings: 1.9.0
  - sharebymail: 1.17.0
  - support: 1.10.0
  - survey_client: 1.15.0
  - systemtags: 1.17.0
  - text: 3.8.0
  - theming: 2.2.0
  - twofactor_backupcodes: 1.16.0
  - user_ldap: 1.17.0
  - user_status: 1.7.0
  - viewer: 2.1.0
  - weather_status: 1.7.0
  - workflowengine: 2.9.0
Disabled:
  - admin_audit: 1.17.0
  - bruteforcesettings: 2.7.0
  - encryption: 2.15.0
  - suspicious_login: 5.0.0
  - twofactor_totp: 9.0.0
  - updatenotification: 1.17.0 (installed 1.17.0)

Nextcloud Signing status

disabled.

Nextcloud Logs

{"reqId":"OvQ17EdpCp51JxUttq99","level":3,"time":"2023-11-03T14:15:02+00:00","remoteAddr":"","user":"--","app":"mail","method":"","url":"--","message":"Cron mail sync failed for account 33","userAgent":"--","version":"27.1.2.1","exception":{"Exception":"TypeError","Message":"OC\\Security\\Crypto::decrypt(): Argument nextcloud/server#1 ($authenticatedCiphertext) must be of type string, null given, called in /var/www/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php on line 107","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php","line":107,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/mail/lib/IMAP/MailboxSync.php","line":103,"function":"getClient","class":"OCA\\Mail\\IMAP\\IMAPClientFactory","type":"->"},{"file":"/var/www/nextcloud/apps/mail/lib/BackgroundJob/SyncJob.php","line":110,"function":"sync","class":"OCA\\Mail\\IMAP\\MailboxSync","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/Job.php","line":81,"function":"run","class":"OCA\\Mail\\BackgroundJob\\SyncJob","type":"->"},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php","line":103,"function":"start","class":"OCP\\BackgroundJob\\Job","type":"->"},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php","line":93,"function":"start","class":"OCP\\BackgroundJob\\TimedJob","type":"->"},{"file":"/var/www/nextcloud/cron.php","line":152,"function":"execute","class":"OCP\\BackgroundJob\\TimedJob","type":"->"}],"File":"/var/www/nextcloud/lib/private/Security/Crypto.php","Line":124,"message":"Cron mail sync failed for account {accountId}","exception":[],"CustomMessage":"Cron mail sync failed for account 33"},"id":"65481ed960e0e"}

Additional info

No response

solracsf commented 10 months ago

Seems a duplicate of https://github.com/nextcloud/mail/issues/8258

ChristophWurst commented 10 months ago

Background jobs check if an inbound (IMAP) password is set. There must be a missing check for oauth accounts.

gwnmikedus commented 9 months ago

Is this one related?

https://github.com/nextcloud/mail/issues/8916

SvenKeimpema commented 9 months ago

@gwnmikedus not really, errors are the same in nextcloud logs but the cause of the errors are different. however in both cases server doesn't receive any info from microsoft auth(in the other issue the microsoft auth form doesn't even open)

nextcloud / mail