[Bug]: Internal Server Error on Accessing Shared Resource (2FA-enabled Server)

[micadeyeye]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

This is most likely not a bug but worth reporting since no potential fix at sight. When a file is shared and it's URL sent, the recipient, on clicking it, sees Internal Server Error.

Steps to reproduce

1) Set up 2FA 2) Enable Verification (TOTP, I think) via Email 3) Share a file with no additional settings like permissions, expiry date, etc 4) Copy the link and sign out of NC. Perhaps, you can send the URL to another device 5) Open the link in the same browser, another browser or device 6) You will see the 'Internal.Servet Error'

Expected behavior

The resource e.g. pdf, video, etc should load in the browser.

Installation method

Official All-in-One appliance

Nextcloud Server version

26

Operating system

Other

PHP engine version

PHP 8.0

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

• [X] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

{
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "26.0.0.11",
        "overwrite.cli.url": "https:\/\/mnc.com",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "33456",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "ldapIgnoreNamingRules": false,
        "app_install_overwrite": [
            "hsts",
            "admin_notifications",
            "bookmarks_fulltextsearch",
            "extract",,
            "folderplayer",
            "calendar",
            "social",
            "impersonate"
        ],
        "theme": "",
       "loglevel": 0,
        "maintenance": false,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "tls",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "2525",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "has_rebuilt_cache": true,
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": []
    }
}

List of activated Apps

Enabled:

  - notes: 4.7.2
  - notifications: 2.14.0
  - oauth2: 1.14.0
  - ocdownloader: 1.9.1
  - terms_of_service: 2.1.0
  - duplicatefinder: 0.0.15 (installed 0.0.15)
  - encryption: 2.14.0 (installed 2.12.0)
  - files_fulltextsearch: 25.0.0 (installed 25.0.0)
  - files_fulltextsearch_tesseract: 25.0.0 (installed 25.0.0)
  - files_markdown: 2.3.6 (installed 2.3.6)
  - files_mindmap: 0.0.27 (installed 0.0.27)
  - files_retention: 1.15.0 (installed 1.13.2)
  - files_trackdownloads: 1.11.0 (installed 1.11.0)
  - integration_mastodon: 2.0.1 (installed 2.0.1)  
  - password_policy: 1.16.0
  - passwords: 2023.4.0
  - photos: 2.2.0
  - printer: 0.0.5
  - privacy: 1.10.0
  - provisioning_api: 1.16.0
  - qownnotesapi: 23.3.0
  - quota_warning: 1.16.0
  - recommendations: 1.5.0
  - registration: 2.1.0
  - related_resources: 1.1.0-alpha1
  - richdocuments: 8.0.0
  - spreed: 16.0.2 (installed 14.0.4)
  - survey_client: 1.14.0 (installed 1.10.0)
  - talk_matterbridge: 1.26.0 (installed 1.26.0)
  - transfer: 0.6.0 (installed 0.6.0)
  - twofactor_gateway: 0.20.0 (installed 0.20.0)
  - user_external: 3.1.0 (installed 3.1.0)
  - user_ldap: 1.16.0 (installed 1.12.0)
  - user_oidc: 1.3.1 (installed 1.2.0)
  - user_retention: 1.9.0 (installed 1.9.0)
  - video_converter: 1.0.5 (installed 1.0.5)
  - w2g2: 3.3.9 (installed 3.3.9)
  - whereami: 0.0.26 (installed 0.0.26)
  - whiteboard: 0.0.3 (installed 0.0.3)
  - wopi: 3.5.11 (installed 3.5.10)

Nextcloud Signing status

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- core
    - INVALID_HASH
        - .htaccess

Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [.htaccess] => Array
                        (
                            [expected] => e1ce1c04d22356f6760bf5499347db365d48c0d6e7e3f085d8b80581f85d766c1e8b5862ff639ce9a40e2aef5c60dbee2386bf506e572453c5a1a5c3413e38e3
                            [current] => aab002636038627a549cdc33b749fe7ef74fcbb2a52decf1af0b4c90394d869d982dd7a2d3ce72d1d5114b21aa73cb35ddb6c8b54760ca0e7347e7b26760d6ab
                        )

                )

        )

)

Nextcloud Logs

/var/log/nextcloud/nextcloud.log:210394:{"reqId":"ZC-NMFI5jWHInJZAhYhVrQAAAVE","level":3,"time":"2023-04-07T03:25:36+00:00","remoteAddr":"192.168.1.225","user":"--","app":"index","method":"GET","url":"/index.php/s/mmWoCqKKXYysQDe","message":"OCA\\Files_Reader\\Listeners\\LoadViewerListener::__construct(): Argument #3 ($userId) must be of type string, null given in file '/usr/local/www/apache24/data/nextcloud/apps/files_reader/lib/Listeners/LoadViewerListener.php' line 32","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"26.0.0.11","exception":{"Exception":"Exception","Message":"OCA\\Files_Reader\\Listeners\\LoadViewerListener::__construct(): Argument #3 ($userId) must be of type string, null given in file '/usr/local/www/nextcloud/apps/files_reader/lib/Listeners/LoadViewerListener.php' line 32","Code":0,"Trace":[{"file":"/usr/local/www/apache24/data/nextcloud/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\Files_Sharing\\Controller\\ShareController"],"showShare"]},{"file":"/usr/local/www/apache24/data/nextcloud/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Files_Sharing\\Controller\\ShareController","showShare",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["mmWoCqKKXYysQDe","files_sharing.Share.showShare"]]},{"file":"/usr/local/www/apache24/data/nextcloud/lib/base.php","line":1055,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/s/mmWoCqKKXYysQDe"]},{"file":"/usr/local/www/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/usr/local/www/apache24/data/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","Line":169,"Previous":{"Exception":"TypeError","Message":"OCA\\Files_Reader\\Listeners\\LoadViewerListener::__construct(): Argument #3 ($userId) must be of type string, null given","Code":0,"Trace":[{"function":"__construct","class":"OCA\\Files_Reader\\Listeners\\LoadViewerListener","type":"->","args":[["OC\\AppFramework\\Services\\InitialState"],["OC\\AllConfig"],null]},{"file":"/usr/local/www/apache24/data/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":116,"function":"newInstanceArgs","class":"ReflectionClass","type":"->","args":[[["OC\\AppFramework\\Services\\InitialState"],["OC\\AllConfig"],null]]},{"file":"/usr/local/www/apache24/data/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":124,"function":"buildClass","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->","args":[["ReflectionClass","OCA\\Files_Reader\\Listeners\\LoadViewerListener"]]},{"file":"/usr/local/www/apache24/data/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php","line":142,"function":"resolve","class":"OC\\AppFramework\\Utility\\SimpleContainer","type":"->","args":["OCA\\Files_Reader\\Listeners\\LoadViewerListener"]},{"file

Additional info

Browser Error:

Internal Server Error

The server was unable to complete your request.

If this happens again, please send the technical details below to the server administrator.

More details can be found in the server log. Technical details

Remote Address: 192.168.1.225
Request ID: ZC-NMFI5jWHInJZAhYhVrQAAAVE

[micadeyeye]

I reckon the general public can access the shared resources when 2FA is disabled.

[micadeyeye]

It started way before NC26. Any fix yet?

[joshtrichards]

Hi @micadeyeye:

Your stack trace (the log entry) is incomplete - it looks like it got cut-off. But from the looks of what was included, your issue isn't in NC but in the third-party app called "files_reader":

OCA\\Files_Reader\\Listeners\\LoadViewerListener::__construct(): Argument #3 ($userId) must be of type string, null given in file '/usr/local/www/apache24/data/nextcloud/apps/files_reader/lib/Listeners/LoadViewerListener.php' line 32

And from the looks of it, it doesn't support > NC24:

https://apps.nextcloud.com/apps/files_reader https://github.com/Yetangitu/files_reader

Oddly it's not in your list of installed apps, but that list appears to have been edited so maybe it got left out by accident?

This doesn't appear to be a bug in Nextcloud. I would suggest contacting the author of that application.

[joshtrichards]

Disable the third-party (ebook) Reader app. Your problem will go away. It hasn't been updated for >NC24 from the looks of it. You'll have to contact the maintainer. It's not an NC distributed app. This isn't a bug in NC Server. Closing.