search

nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
26.18k stars 3.95k forks source link

Tokens can multiply like rabbits #28102

Closed raid1 closed 2 years ago

raid1 commented 2 years ago

This is a split of https://github.com/nextcloud/server/issues/27603

Expected behaviour

1 oc_authtoken per user+device

Actual behaviour

hundreds of oc_authtoken entries: $ mysql mycloud -B -e "select count(*) from oc_authtoken where uid='andy'" count(*) 167

After "DELETE * from oc_authtoken where uid=‘andy’" the server responds quick again. But this is not a permanent solution. 157 new(!) entries were back the next day. Here is just a short part of it:

Questions/Doubts

Server configuration

Operating system: 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux

Web server: Apache 2.4.38-3+deb10u4

Database: mysql Ver 15.1 Distrib 10.3.27-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

PHP version: PHP version (eg, 7.4): 2:7.3+69

Nextcloud version: (see Nextcloud admin page) 21.0.2.1

Updated from an older Nextcloud/ownCloud or fresh install: latest v20

Where did you install Nextcloud from: with the internal NC updater

Signing status:

Signing status ``` Login as admin user into your Nextcloud and access http://example.com/index.php/settings/integrity/failed paste the results here. No errors have been found. ```

List of activated apps:

App list ``` Enabled: - accessibility: 1.7.0 - activity: 2.14.3 - admin_audit: 1.11.0 - apporder: 0.12.0 - audioplayer: 3.1.0 - bbb: 1.4.1 - bookmarks: 4.2.2 - bruteforcesettings: 2.2.0 - calendar: 2.2.2 - carnet: 0.24.1 - cloud_federation_api: 1.4.0 - cms_pico: 1.0.15 - comments: 1.11.0 - contacts: 3.5.1 - contactsinteraction: 1.2.0 - dashboard: 7.1.0 - data_request: 1.8.0 - dav: 1.17.1 - deck: 1.4.2 - drawio: 1.0.0 - federatedfilesharing: 1.11.0 - federation: 1.11.0 - files: 1.16.0 - files_external: 1.12.0 - files_markdown: 2.3.3 - files_pdfviewer: 2.1.0 - files_retention: 1.10.1 - files_rightclick: 1.0.0 - files_sharing: 1.13.1 - files_trashbin: 1.11.0 - files_versions: 1.14.0 - files_videoplayer: 1.10.0 - firstrunwizard: 2.10.0 - forms: 2.2.4 - gpxmotion: 0.1.0 - gpxpod: 4.2.8 - impersonate: 1.8.0 - integration_google: 1.0.2 - integration_whiteboard: 0.0.14 - integration_zammad: 1.0.1 - keeweb: 0.6.5 - logreader: 2.6.0 - lookup_server_connector: 1.9.0 - mail: 1.9.5 - nextcloud_announcements: 1.10.0 - notes: 4.0.4 - notifications: 2.9.0 - oauth2: 1.9.0 - openhab: 0.9.5 - password_policy: 1.11.0 - photos: 1.3.0 - privacy: 1.5.0 - provisioning_api: 1.11.0 - rainloop: 7.1.2 - recommendations: 1.0.0 - serverinfo: 1.11.0 - settings: 1.3.0 - sharebymail: 1.11.0 - socialsharing_email: 2.2.0 - spreed: 11.2.2 - support: 1.4.0 - survey_client: 1.9.0 - systemtags: 1.11.0 - tasks: 0.13.6 - text: 3.2.0 - theming: 1.12.0 - twofactor_backupcodes: 1.10.0 - updatenotification: 1.11.0 - user_status: 1.1.1 - user_usage_report: 1.5.0 - viewer: 1.5.0 - weather_status: 1.1.0 - workflowengine: 2.3.0 Disabled: - encryption - passwords - user_ldap ```

Nextcloud configuration:

Config report ``` { "system": { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "21.0.2.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "maintenance": false, "loglevel": 2, "theme": "", "trusted_domains": [ "cloud.mydomain.de", ], "share_folder": "\/Shared", "defaultapp": "calendar", "trashbin_retention_obligation": "auto, 14", "versions_retention_obligation": "auto, 14", "default_language": "en", "default_phone_region": "DE", "secret": "***REMOVED SENSITIVE VALUE***", "memcache.local": "\\OC\\Memcache\\APCu", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "updater.release.channel": "stable", "overwrite.cli.url": "https:\/\/cloud.mydomain.de", "blacklisted_files": [ "._*", ".DS_Store", ".DS_STORE", ".ds_store" ], "integrity.check.disabled": false, "mysql.utf8mb4": true, "mail_smtpauthtype": "LOGIN", "mail_sendmailmode": "smtp", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "mail_smtpauth": 1, "mail_smtpsecure": "tls", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "app_install_overwrite": [ "apporder", "calendar", "bookmarks" ], "has_rebuilt_cache": true, "encryption.legacy_format_support": false, "encryption.key_storage_migrated": false } } ```

Are you using external storage, if yes which one: local/smb/sftp/... No

Are you using encryption: yes/no No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/... No

Client configuration

irrelevant

Logs

Web server error log

Web server error log ``` (only irrelevant lines like:) [Tue Jun 22 16:57:47.274268 2021] [access_compat:error] [pid 32647] [client 62.216.xx.yy:64788] AH01797: client denied by server configuration: /var/www/nextcloud/config ```

Nextcloud log (data/nextcloud.log)

Nextcloud log ``` {"reqId":"YNIMvrdbUoVOcoItzNhK1QAAAAw","level":3,"time":"2021-06-22T16:15:59+00:00","remoteAddr":"138.246.3.189","user":"andy","app":"PHP","method":"PROPFIND","url":"/remote.php/dav/files/andy/","message":"Module 'mbstring' already loaded at Unknown#0","userAgent":"Mozilla/5.0 (Linux) mirall/3.2.2-20210531.142805.04afaa1fe-1.0~focal1 (Nextcloud, ubuntu-5.4.0-74-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"21.0.2.1"} ``` The output of your Nextcloud log in Admin > Logging: ``Error PHP Module 'mbstring' already loaded at Unknown#0`` (shows up every time when I call curl)
kesselb commented 2 years ago

Duplicate of https://github.com/nextcloud/server/issues/27603.

raid1 commented 2 years ago

No, this is NOT a duplicate. I was asked to split this issue in two issues:

rfc2822 commented 2 years ago

Yes, this is not a duplicate.

I suggest to change the topic to: _ocauthtoken table is quickly filled with hundreds of entries and not cleared

kesselb commented 2 years ago

Hey @rfc2822 :wave:

This issue and #27603 are related to each other. I prefer to keep one issue for now. We can always create another issue later.