Open eppfel opened 4 years ago
I have the same issue. Reason, I do not want to have the user active nor do I want the user to be deleted. But also having "Fatal Errors" every few seconds in my logging is also not really an option, because I wouldn't see any "real" errors!
There shouldn't be errors for deactivated users
Is this Issue still valid in NC21.0.3? If not, please close this issue. Thanks! :)
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.
Still present in 21.0.4 :(
Fatal | webdav | Sabre\DAV\Exception\ServiceUnavailable: OC\User\LoginException: User disabled
In the meantime (reported 1 year ago), I would like to contact all the users that are still trying to connect via their desktop client, how to do that, the login information is hidden from me:
.../nextcloud/app/lib/private/User/Session.php - line 665:
OC\User\Session->completeLogin("*** sensiti ... *")
Still present in 22.2.3 Is there any plan to tackle this for Nextcloud 23?
Still present in 23.0.4 Is there any plan to tackle this for Nextcloud 24?
Still present in 24.0.2 Is there any plan to tackle this for Nextcloud 24.0.3? Got to check the access log, and compare usernames sent by the clients with the deactivated list. Can become tedious when lots of people get switched around.
Still present in 24.0.6
…
Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!
My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!
If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+
Still present in 25.0.3...
And 26.0.1... it doesn't make sense to throw a fatal error for this.
Still present in 27.1.2...
I think this is not a small issue. Error logs should tell me errors I need to fix. But when error logs are spammed with debug messages (nothing else is the message that a disabled user tries to log in), the logs cannot fulfill their purpose.
Facing the same issue since NC 26. A user was disabled but had webdav/caldav services active in his device (maybe calendar and a number of other services), and every time they client attempts to authenticate, it logs this "User disabled" error. It's annoying and since we do not have any means to contact the user any more, it's just a log error that we have to ignore.
Current setup: NC 28.0.1 PHP 8.2 FPM - Apache - Nginx (proxy)
Still present in 28.0.5, got even worse as the admin page is displaying "XXX errors since XXX", makes this new message kind of unusable
Looked into this a bit. Don't have a full solution to propose, but adding some notes for myself or someone else to pick up another time.
There are two entries generated in the logs. The LoginException
itself is generated here:
The log entry for it occurs due to line 144 here:
The ServiceUnavailable
exception is then thrown and not captured so it too gets logged.
I don't think we can just catch LoginException
because it's used in a few places.
I'm thinking maybe we could create a LoginDisabledException
to distinguish it from the other places. That could then be caught and handled as deemed appropriate rather than:
Still not a complete solution though because we need to work out what to do about the ServiceUnavailable
. That's actually used AFAIK to convey temporary scenarios to clients (so that they don't give up permanently/etc). So that piece needs to be looked at closer to make sure we don't break anything with the clients (web, mobile, desktop).
Didn't get to that this evening. If someone else runs across this and feels like digging in a bit, feel free.
Historical ref: 8eda6617618e0a1f650afc4e6766e799b4e62b82
EDIT: Since disabled users are a temporary state, we should be handling them certainly as well as we do outright login failures (which we handle just fine). So another path might be here.
In the meantime (reported 1 year ago), I would like to contact all the users that are still trying to connect via their desktop client, how to do that, the login information is hidden from me
@patricksebastien The user is embedded in the URL of the log entry (though maybe there are some scenarios where it wouldn't be - not sure):
"PROPFIND","url":"/remote.php/dav/principals/users/ncuser/
This is still an issue in 29.0.3
I deactivated a user on my installation and this is also the only deactivated user. Apparently a device of said user is still configured to sync and therefore tries to log in. The server log shows fatal errors. If this is standard behaviour, I think that is a bug. Deactivating a user is a standard procedure. Hence a login attempt is not an error. Maybe it justifies some debug / ingo logging, but not to throw an exception.
(And the german "Benutzer deaktiviert" does not belong there either. ^^)
Server configuration detail
Operating system: Linux 2.6.32-754.15.3.el6.x86_64 #1 SMP Tue Jun 18 16:25:32 UTC 2019 x86_64
Webserver: Apache/2.2.15 (CentOS) (cgi-fcgi)
Database: mysql 5.1.73
PHP version: 7.2.31
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, bcmath, bz2, calendar, ctype, curl, dom, hash, fileinfo, filter, ftp, gd, gettext, gmp, SPL, iconv, session, intl, json, ldap, mbstring, standard, mysqlnd, pcntl, mysqli, PDO, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, Reflection, imap, shmop, SimpleXML, soap, sockets, exif, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, cgi-fcgi, redis, imagick, Zend OPcache
Nextcloud version: 19.0.2 - 19.0.2.2
Updated from an older Nextcloud/ownCloud or fresh install: updated
Where did you install Nextcloud from: updater
Signing status
Array ( )List of activated apps
Enabled: - accessibility: 1.5.0 - activity: 2.12.0 - admin_audit: 1.9.0 - bruteforcesettings: 2.0.1 - calendar: 2.0.4 - cloud_federation_api: 1.2.0 - comments: 1.9.0 - contacts: 3.3.0 - contactsinteraction: 1.0.0 - dav: 1.15.0 - federatedfilesharing: 1.9.0 - federation: 1.9.0 - files: 1.14.0 - files_external: 1.10.0 - files_pdfviewer: 1.8.0 - files_rightclick: 0.16.0 - files_sharing: 1.11.0 - files_trashbin: 1.9.0 - files_versions: 1.12.0 - files_videoplayer: 1.8.0 - firstrunwizard: 2.8.0 - logreader: 2.4.0 - lookup_server_connector: 1.7.0 - mail: 1.4.1 - nextcloud_announcements: 1.8.0 - notifications: 2.7.0 - oauth2: 1.7.0 - password_policy: 1.9.1 - photos: 1.1.0 - polls: 1.4.3 - privacy: 1.3.0 - provisioning_api: 1.9.0 - recommendations: 0.7.0 - serverinfo: 1.9.0 - settings: 1.1.0 - sharebymail: 1.9.0 - support: 1.2.1 - survey_client: 1.7.0 - tasks: 0.13.3 - text: 3.0.1 - theming: 1.10.0 - twofactor_backupcodes: 1.8.0 - twofactor_totp: 5.0.0 - twofactor_u2f: 6.0.0 - updatenotification: 1.9.0 - viewer: 1.3.0 - workflowengine: 2.1.0 Disabled: - encryption - files_markdown - news - notes - systemtags - user_ldapConfiguration (config/config.php)
{ "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "19.0.2.2", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "loglevel": 0, "filelocking.enabled": "true", "memcache.locking": "\\OC\\Memcache\\Redis", "memcache.local": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "timeout": 0 }, "forcessl": true, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "maintenance": false, "updater.release.channel": "stable", "debug": false, "appstore.experimental.enabled": true, "theme": "", "log_rotate_size": 104857600, "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***", "htaccess.RewriteBase": "\/", "htaccess.IgnoreFrontController": true, "mail_smtpsecure": "ssl", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "twofactor_enforced": "true", "twofactor_enforced_groups": [ "admin" ], "twofactor_enforced_excluded_groups": [ "Familie", "test" ], "preview_max_x": "2048", "preview_max_y": "2048", "jpeg_quality": "60" }External storages: yes
External storage configuration
Encryption: no
User-backends: