Unable to use webauthn to log in (since Nextcloud 23?)

Derkades commented 2 years ago

How to use GitHub

Please use the 👍 reaction to show that you are affected by the same issue.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.

Steps to reproduce

Use the "Log in with a device" feature to log in. After entering a username, and confirming login by pressing the security key's button, nothing happens and the error below is logged to the nextcloud log file:

Error: OC\Core\Controller\WebAuthnController::finishAuthentication(): Argument #1 ($data) must be of type string, null given, called in /var/www/html/lib/private/AppFramework/Http/Dispatcher.php on line 217 in file '/var/www/html/core/Controller/WebAuthnController.php' line 95

Full raw backtrace

``` { "reqId": "N6q5uRPmPfYYHYmNrYzw", "level": 3, "time": "2022-01-08T11:00:08+00:00", "remoteAddr": "10.0.1.254", "user": "--", "app": "index", "method": "POST", "url": "/login/webauthn/finish", "message": "OC\\Core\\Controller\\WebAuthnController::finishAuthentication(): Argument #1 ($data) must be of type string, null given, called in /var/www/html/lib/private/AppFramework/Http/Dispatcher.php on line 217 in file '/var/www/html/core/Controller/WebAuthnController.php' line 95", "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0", "version": "23.0.0.10", "exception": { "Exception": "Exception", "Message": "OC\\Core\\Controller\\WebAuthnController::finishAuthentication(): Argument #1 ($data) must be of type string, null given, called in /var/www/html/lib/private/AppFramework/Http/Dispatcher.php on line 217 in file '/var/www/html/core/Controller/WebAuthnController.php' line 95", "Code": 0, "Trace": [ { "file": "/var/www/html/lib/private/AppFramework/App.php", "line": 157, "function": "dispatch", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ { "__class__": "OC\\Core\\Controller\\WebAuthnController" }, "finishAuthentication" ] }, { "file": "/var/www/html/lib/private/Route/Router.php", "line": 302, "function": "main", "class": "OC\\AppFramework\\App", "type": "::", "args": [ "OC\\Core\\Controller\\WebAuthnController", "finishAuthentication", { "__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer" }, { "_route": "core.WebAuthn.finishAuthentication" } ] }, { "file": "/var/www/html/lib/base.php", "line": 1006, "function": "match", "class": "OC\\Route\\Router", "type": "->", "args": ["/login/webauthn/finish"] }, { "file": "/var/www/html/index.php", "line": 36, "function": "handleRequest", "class": "OC", "type": "::", "args": [] } ], "File": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "Line": 158, "Previous": { "Exception": "TypeError", "Message": "OC\\Core\\Controller\\WebAuthnController::finishAuthentication(): Argument #1 ($data) must be of type string, null given, called in /var/www/html/lib/private/AppFramework/Http/Dispatcher.php on line 217", "Code": 0, "Trace": [ { "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "line": 217, "function": "finishAuthentication", "class": "OC\\Core\\Controller\\WebAuthnController", "type": "->", "args": [null] }, { "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php", "line": 126, "function": "executeController", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ { "__class__": "OC\\Core\\Controller\\WebAuthnController" }, "finishAuthentication" ] }, { "file": "/var/www/html/lib/private/AppFramework/App.php", "line": 157, "function": "dispatch", "class": "OC\\AppFramework\\Http\\Dispatcher", "type": "->", "args": [ { "__class__": "OC\\Core\\Controller\\WebAuthnController" }, "finishAuthentication" ] }, { "file": "/var/www/html/lib/private/Route/Router.php", "line": 302, "function": "main", "class": "OC\\AppFramework\\App", "type": "::", "args": [ "OC\\Core\\Controller\\WebAuthnController", "finishAuthentication", { "__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer" }, { "_route": "core.WebAuthn.finishAuthentication" } ] }, { "file": "/var/www/html/lib/base.php", "line": 1006, "function": "match", "class": "OC\\Route\\Router", "type": "->", "args": ["/login/webauthn/finish"] }, { "file": "/var/www/html/index.php", "line": 36, "function": "handleRequest", "class": "OC", "type": "::", "args": [] } ], "File": "/var/www/html/core/Controller/WebAuthnController.php", "Line": 95 }, "CustomMessage": "--" }, "id": "61d97135160fd" } ```

Server configuration

Operating system: debian

Web server: nginx

Database: mariadb

PHP version: 8.something

Nextcloud version: 23.0.0

Updated from an older Nextcloud/ownCloud or fresh install: updated

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Firefox 95

Operating system: Kubuntu 21.10

CarlSchwan commented 2 years ago

Hello, do you have any error messages in the web console? On firefox do a right click -> inspect -> go to the console tab

Derkades commented 2 years ago

Browser console:

exported to text

``` No OC found index.js:46:12 Proxying an event bus of version 2.1.1 with 1.3.0 index.es.js:2337:14 JQMIGRATE: Migrate is installed, version 3.3.2 jquery-migrate.min.js:2:708 jQuery is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own. globals.js:62:15 $ is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own. globals.js:62:15 jQuery is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own. 3 globals.js:62:15 $ is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own. globals.js:62:15 Backbone is deprecated: please ship your own, this will be removed in Nextcloud 20 globals.js:62:15 Handlebars is deprecated: please ship your own, this will be removed in Nextcloud 20 globals.js:62:15 Proxying an event bus of version 2.1.1 with 1.3.0 index.es.js:2337:14 session heartbeat polling started session-heartbeat.js:101:9 passwordless login initiated PasswordLessLoginForm.vue:107 Obtained PublicKeyCredentialRequestOptions PasswordLessLoginForm.vue:145 Object { challenge: Uint8Array(32), rpId: "cloud.rkslot.nl", userVerification: "discouraged", allowCredentials: (1) […], timeout: 60000 } PasswordLessLoginForm.vue:146 Converted PublicKeyCredentialRequestOptions PasswordLessLoginForm.vue:161 Object { challenge: Uint8Array(32), rpId: "cloud.rkslot.nl", userVerification: "discouraged", allowCredentials: (1) […], timeout: 60000 } PasswordLessLoginForm.vue:162 Object { challenge: Uint8Array(32), rpId: "cloud.rkslot.nl", userVerification: "discouraged", allowCredentials: (1) […], timeout: 60000 } allowCredentials: Array [ {…} ] 0: Object { type: "public-key", id: Uint8Array(64) } length: 1 : Array [] challenge: Uint8Array(32) [ 62, 96, 182, … ] rpId: "cloud.rkslot.nl" timeout: 60000 userVerification: "discouraged" : Object { … } PasswordLessLoginForm.vue:111 GOT AN ERROR! PasswordLessLoginForm.vue:201 DOMException: An attempt was made to use an object that is not, or is no longer, usable PasswordLessLoginForm.vue:202 TIME TO COMPLETE PasswordLessLoginForm.vue:206 GOT AN ERROR WHILE SUBMITTING CHALLENGE! PasswordLessLoginForm.vue:216 Error: Request failed with status code 500 exports createError.js:16 exports settle.js:17 onreadystatechange xhr.js:62 PasswordLessLoginForm.vue:217 jQuery is deprecated: The global jQuery is deprecated. It will be removed in a later versions without another warning. Please ship your own. 108 globals.js:62:15 ```

szaimen commented 1 year ago

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!

Derkades commented 1 year ago

I am on 25.0.2, and still get the error 500. This is the error in the server log now:

[index] Error: Exception: OC\Core\Controller\WebAuthnController::finishAuthentication(): Argument #1 ($data) must be of type string, null given, called in /var/www/html/lib/private/AppFramework/Http/Dispatcher.php on line 225 in file '/var/www/html/core/Controller/WebAuthnController.php' line 88 at <<closure>>

0. /var/www/html/lib/private/AppFramework/App.php line 172
   OC\AppFramework\Http\Dispatcher->dispatch(OC\Core\Controller\WebAuthnController {}, "finishAuthentication")
1. /var/www/html/lib/private/Route/Router.php line 298
   OC\AppFramework\App::main("OC\\Core\\Contr ... r", "finishAuthentication", OC\AppFramework\ ... {}, ["core.WebAuthn.finishAuthentication"])
2. /var/www/html/lib/base.php line 1047
   OC\Route\Router->match("/login/webauthn/finish")
3. /var/www/html/index.php line 36
   OC::handleRequest()

POST /login/webauthn/finish
from 10.0.1.254 at 2023-01-09T11:07:58+00:00

Same error message, different line numbers.

szaimen commented 1 year ago

cc @ChristophWurst

ItsSiem commented 1 year ago

I am also experiencing this exact same problem. I have no problem adding webAuthn devices but the login functionality does not work. The server logs this error:

[index] Error: Exception: sha1(): Argument #1 ($string) must be of type string, null given in file '/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php' line 116 at <<closure>>

0. /var/www/html/lib/private/AppFramework/App.php line 183
   OC\AppFramework\Http\Dispatcher->dispatch(["OC\\Core\\Cont ... "], "finishAuthentication")
1. /var/www/html/lib/private/Route/Router.php line 315
   OC\AppFramework\App::main("OC\\Core\\Contr ... r", "finishAuthentication", ["OC\\AppFramewo ... "], ["core.WebAuthn.finishAuthentication"])
2. /var/www/html/lib/base.php line 1055
   OC\Route\Router->match("/login/webauthn/finish")
3. /var/www/html/index.php line 36
   OC::handleRequest()

Caused by:

TypeError: sha1(): Argument #1 ($string) must be of type string, null given at <<closure>>

 0. /var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php line 116
    sha1("*** sensitive parameters replaced ***")
 1. /var/www/html/lib/private/Authentication/Token/Manager.php line 69
    OC\Authentication\Token\PublicKeyTokenProvider->generateToken("*** sensitive parameters replaced ***")
 2. /var/www/html/lib/private/User/Session.php line 686
    OC\Authentication\Token\Manager->generateToken("*** sensitive parameters replaced ***")
 3. /var/www/html/lib/private/Authentication/Login/CreateSessionTokenCommand.php line 56
    OC\User\Session->createSessionToken("*** sensitive parameters replaced ***")
 4. /var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39
    OC\Authentication\Login\CreateSessionTokenCommand->process(["OC\\Authentication\\Login\\LoginData"])
 5. /var/www/html/lib/private/Authentication/Login/CompleteLoginCommand.php line 47
    OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\\Authentication\\Login\\LoginData"])
 6. /var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39
    OC\Authentication\Login\CompleteLoginCommand->process(["OC\\Authentication\\Login\\LoginData"])
 7. /var/www/html/lib/private/Authentication/Login/LoggedInCheckCommand.php line 60
    OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\\Authentication\\Login\\LoginData"])
 8. /var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39
    OC\Authentication\Login\LoggedInCheckCommand->process(["OC\\Authentication\\Login\\LoginData"])
 9. /var/www/html/lib/private/Authentication/Login/WebAuthnLoginCommand.php line 45
    OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\\Authentication\\Login\\LoginData"])
10. /var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39
    OC\Authentication\Login\WebAuthnLoginCommand->process(["OC\\Authentication\\Login\\LoginData"])
11. /var/www/html/lib/private/Authentication/Login/UserDisabledCheckCommand.php line 57
    OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\\Authentication\\Login\\LoginData"])
12. /var/www/html/lib/private/Authentication/Login/WebAuthnChain.php line 95
    OC\Authentication\Login\UserDisabledCheckCommand->process(["OC\\Authentication\\Login\\LoginData"])
13. /var/www/html/core/Controller/WebAuthnController.php line 112
    OC\Authentication\Login\WebAuthnChain->process(["OC\\Authentication\\Login\\LoginData"])
14. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 230
    OC\Core\Controller\WebAuthnController->finishAuthentication("{\"id\":\"8FVrM ... }")
15. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 137
    OC\AppFramework\Http\Dispatcher->executeController(["OC\\Core\\Cont ... "], "finishAuthentication")
16. /var/www/html/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch(["OC\\Core\\Cont ... "], "finishAuthentication")
17. /var/www/html/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main("OC\\Core\\Contr ... r", "finishAuthentication", ["OC\\AppFramewo ... "], ["core.WebAuthn.finishAuthentication"])
18. /var/www/html/lib/base.php line 1055
    OC\Route\Router->match("/login/webauthn/finish")
19. /var/www/html/index.php line 36
    OC::handleRequest()

POST /login/webauthn/finish

I am currently running version 26.0.0

Mike710Shine commented 1 year ago

Same Problem here. I running the 26.0.0 too.

[index] Fehler: Exception: sha1(): Argument #1 ($string) must be of type string, null given in file '/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php' line 116 at <>

/var/www/html/lib/private/AppFramework/App.php line 183 OC\AppFramework\Http\Dispatcher->dispatch(["OC\Core\Cont ... "], "finishAuthentication")
/var/www/html/lib/private/Route/Router.php line 315 OC\AppFramework\App::main("OC\Core\Contr ... r", "finishAuthentication", ["OC\AppFramewo ... "], ["core.WebAuthn.finishAuthentication"])
/var/www/html/lib/base.php line 1055 OC\Route\Router->match("/login/webauthn/finish")
/var/www/html/index.php line 36 OC::handleRequest()

Caused by:

TypeError: sha1(): Argument #1 ($string) must be of type string, null given at <>

/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php line 116 sha1(" sensitive parameters replaced ")
/var/www/html/lib/private/Authentication/Token/Manager.php line 69 OC\Authentication\Token\PublicKeyTokenProvider->generateToken(" sensitive parameters replaced ")
/var/www/html/lib/private/User/Session.php line 686 OC\Authentication\Token\Manager->generateToken(" sensitive parameters replaced ")
/var/www/html/lib/private/Authentication/Login/CreateSessionTokenCommand.php line 56 OC\User\Session->createSessionToken(" sensitive parameters replaced ")
/var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39 OC\Authentication\Login\CreateSessionTokenCommand->process(["OC\Authentication\Login\LoginData"])
/var/www/html/lib/private/Authentication/Login/CompleteLoginCommand.php line 47 OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\Authentication\Login\LoginData"])
/var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39 OC\Authentication\Login\CompleteLoginCommand->process(["OC\Authentication\Login\LoginData"])
/var/www/html/lib/private/Authentication/Login/LoggedInCheckCommand.php line 60 OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\Authentication\Login\LoginData"])
/var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39 OC\Authentication\Login\LoggedInCheckCommand->process(["OC\Authentication\Login\LoginData"])
/var/www/html/lib/private/Authentication/Login/WebAuthnLoginCommand.php line 45 OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\Authentication\Login\LoginData"])
1. /var/www/html/lib/private/Authentication/Login/ALoginCommand.php line 39 OC\Authentication\Login\WebAuthnLoginCommand->process(["OC\Authentication\Login\LoginData"])
2. /var/www/html/lib/private/Authentication/Login/UserDisabledCheckCommand.php line 57 OC\Authentication\Login\ALoginCommand->processNextOrFinishSuccessfully(["OC\Authentication\Login\LoginData"])
3. /var/www/html/lib/private/Authentication/Login/WebAuthnChain.php line 95 OC\Authentication\Login\UserDisabledCheckCommand->process(["OC\Authentication\Login\LoginData"])
4. /var/www/html/core/Controller/WebAuthnController.php line 112 OC\Authentication\Login\WebAuthnChain->process(["OC\Authentication\Login\LoginData"])
5. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 230 OC\Core\Controller\WebAuthnController->finishAuthentication("{\"id\":\"EK08O ... }")
6. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 137 OC\AppFramework\Http\Dispatcher->executeController(["OC\Core\Cont ... "], "finishAuthentication")
7. /var/www/html/lib/private/AppFramework/App.php line 183 OC\AppFramework\Http\Dispatcher->dispatch(["OC\Core\Cont ... "], "finishAuthentication")
8. /var/www/html/lib/private/Route/Router.php line 315 OC\AppFramework\App::main("OC\Core\Contr ... r", "finishAuthentication", ["OC\AppFramewo ... "], ["core.WebAuthn.finishAuthentication"])
9. /var/www/html/lib/base.php line 1055 OC\Route\Router->match("/login/webauthn/finish")
10. /var/www/html/index.php line 36 OC::handleRequest()

POST /index.php/login/webauthn/finish from 84.179.33.110 by mike710shine at 2023-04-18T04:28:54+00:00

But what is strange is that I have a user for whom it works. It is an admin user but even if I make the user where it does not work to the admin it does not work either does not seem as if it is the admin itself at least not assigned afterwards.

With NC 26.0.1 i think it works again. I can now login again with the Security Key (YubiKey)

joshtrichards commented 10 months ago

@ItsSiem & @Mike710Shine Your issues appear related to each other, but not to the matter reported in this Issue itself. Please create a dedicated issue. Thanks! Also may be same as #37396 which has since been fixed via #37192

joshtrichards commented 10 months ago

Similar recent in the help forum with NC28 but not using webauthn: https://help.nextcloud.com/t/nextcloud-strange-login-behavior/176981

nextcloud / server