search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.33k stars 4.06k forks source link

API password change #24692

Closed krakazyabra closed 3 years ago

krakazyabra commented 3 years ago

Steps to reproduce

  1. curl -X PUT https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -d key="password" -d value="somepassword" -H "OCS-APIRequest: true"

Expected behaviour

The password for user Fran was changed

Actual behaviour

504 Gateway Time-out

Server configuration

Operating system: Debian 10 Buster

Web server: nginx/1.19.1

Database: Percona xtradb-cluster 5.7.19

PHP version: PHP 7.3.20

Nextcloud version: (see Nextcloud admin page) 19.0.1-fpm

Updated from an older Nextcloud/ownCloud or fresh install: Rolling updates from 16

Where did you install Nextcloud from: Docker image

Signing status:

Signing status ``` No messages ```

List of activated apps:

App list ``` Enabled: - accessibility: 1.5.0 - activity: 2.12.0 - admin_audit: 1.9.0 - analytics: 2.5.0 - apporder: 0.11.0 - bookmarks: 3.4.3 - calendar: 2.0.4 - camerarawpreviews: 0.7.8 - checksum: 0.4.5 - cloud_federation_api: 1.2.0 - comments: 1.9.0 - contacts: 3.4.0 - contactsinteraction: 1.0.0 - cookbook: 0.7.6 - dashboardcharts: 0.1.3 - dav: 1.15.0 - deck: 1.1.2 - dicomviewer: 1.2.2 - encryption: 2.7.0 - external: 3.6.0 - extract: 1.2.4 - federatedfilesharing: 1.9.0 - federation: 1.9.0 - files: 1.14.0 - files_accesscontrol: 1.9.1 - files_automatedtagging: 1.9.0 - files_downloadactivity: 1.8.0 - files_external: 1.10.0 - files_markdown: 2.3.1 - files_mindmap: 0.0.23 - files_pdfviewer: 1.8.0 - files_rightclick: 0.16.0 - files_sharing: 1.11.0 - files_texteditor: 2.14.0 - files_trashbin: 1.9.0 - files_versions: 1.12.0 - files_videoplayer: 1.8.0 - firstrunwizard: 2.8.0 - forms: 2.0.4 - gpxedit: 0.0.13 - gpxmotion: 0.0.11 - gpxpod: 4.2.2 - groupfolders: 7.1.0 - groupquota: 0.1.4 - keeweb: 0.6.3 - logreader: 2.4.0 - lookup_server_connector: 1.7.0 - mail: 1.4.1 - maps: 0.1.6 - music: 0.16.0 - news: 14.2.2 - notes: 3.6.4 - oauth2: 1.7.0 - ocr: 6.0.56 - onlyoffice: 6.0.2 - password_policy: 1.9.1 - photos: 1.1.0 - privacy: 1.3.0 - provisioning_api: 1.9.0 - quicknotes: 0.6.1 - quota_warning: 1.8.0 - recommendations: 0.7.0 - serverinfo: 1.9.0 - settings: 1.1.0 - sharebymail: 1.9.0 - sociallogin: 3.4.1 - socialsharing_email: 2.1.0 - spreed: 9.0.4 - support: 1.2.1 - survey_client: 1.7.0 - systemtags: 1.9.0 - tasks: 0.13.4 - text: 3.0.1 - twofactor_backupcodes: 1.8.0 - updatenotification: 1.9.0 - viewer: 1.3.0 - workflowengine: 2.1.0 Disabled: - appointments - nextcloud_announcements - notifications - phonetrack - theming - theming_customcss - user_ldap ```

Nextcloud configuration:

Config report ``` { "system": { "theme": "mytheme", "blacklisted_files": [], "mail_smtpmode": "sendmail", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": 25, "mail_smtptimeout": 10, "mail_smtpsecure": "", "mail_smtpauth": false, "mail_smtpauthtype": "LOGIN", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "logfile": "\/dev\/stdout", "enable_previews": true, "preview_max_filesize_image": 4096, "preview_max_y": 4096, "preview_max_x": 4096, "enabledPreviewProviders": [ "OC\\Preview\\PNG", "OC\\Preview\\JPEG", "OC\\Preview\\GIF", "OC\\Preview\\HEIC", "OC\\Preview\\BMP", "OC\\Preview\\XBitmap", "OC\\Preview\\MP3", "OC\\Preview\\TXT", "OC\\Preview\\MarkDown", "OC\\Preview\\Illustrator", "OC\\Preview\\Photoshop" ], "logtimezone": "Europe\/Prague", "social_login_auto_redirect": true, "updatechecker": false, "has_internet_connection": true, "objectstore_multibucket": { "class": "\\OC\\Files\\ObjectStore\\S3", "arguments": { "num_buckets": 15000, "bucket": "nextcloud-", "autocreate": true, "key": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "use_ssl": true, "hostname": "***REMOVED SENSITIVE VALUE***", "port": 443, "use_path_style": true } }, "onlyoffice": { "jwt_header": "Authorization", "verify_peer_off": true }, "loglevel": 3, "trusted_domains": [ "nc.domain.org", "localhost", "10.*.*.*", "onlyoffice.domain.org", "nc-api.domain.org", "*cluster.local" ], "memcache.local": "\\OC\\Memcache\\APCu", "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "filelocking.enabled": false, "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": "6379", "timeout": 0 }, "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "19.0.1.1", "overwrite.cli.url": "https:\/\/nc.domain.com", "overwriteprotocol": "https", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "updater.release.channel": "stable", "maintenance": false } } ```

Are you using external storage, if yes which one: local/smb/sftp/... Minio S3 as default backend

Are you using encryption: yes/no No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/... Keyclak and Social login app in NC

Logs

Web server error log

Web server error log ``` 10.113.24.21 - admin [14/Dec/2020:15:11:59 +0100] "PUT /ocs/v1.php/cloud/users/Frank HTTP/1.1" 499 0 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "10.28.20.45" ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` Nothing here ```

In the same time, when I use weak password in the same API endpoint, I have answer: 

curl -X PUT https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -d key="password" -d value="123" -H "OCS-APIRequest: true"
<?xml version="1.0"?>
<ocs>
 <meta>
  <status>failure</status>
  <statuscode>103</statuscode>
  <message>Password needs to be at least 8 characters long</message>
  <totalitems></totalitems>
  <itemsperpage></itemsperpage>
 </meta>
 <data/>
</ocs>
krakazyabra commented 3 years ago

I understand, that 504 is error from webserver (nginx in my case), but the same request (with same method and same endpoint) with another key-value works fine:

curl -X PUT https://admin:secret@example.com/ocs/v1.php/cloud/users/Frank -d key="email" -d value="frank@email.com" -H "OCS-APIRequest: true"
<?xml version="1.0"?>
<ocs>
 <meta>
  <status>ok</status>
  <statuscode>100</statuscode>
  <message>OK</message>
  <totalitems></totalitems>
  <itemsperpage></itemsperpage>
 </meta>
 <data/>
</ocs>

That's why I suppose, that the problem is not in nginx configuration.

szaimen commented 3 years ago

Is this Issue still valid in NC21.0.2? If not, please close this issue. Thanks! :)

krakazyabra commented 3 years ago

Hello. I have no plans to upgrade to 21st version until 19th is in service. So, 19th version this problem exists and needs to be solved.

ghost commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.