nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.38k stars 4.07k forks source link

[Bug]: Setting db password with `occ` does not work if you nextcloud does not have access to the db. #44924

Open stavros-k opened 6 months ago

stavros-k commented 6 months ago

⚠️ This issue respects the following points: ⚠️

Bug description

Trying to update db password with

occ config:system:set dbpassword --value="some-secret"

throws

An unhandled exception has been thrown:
Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[08006] [7] connection to server at "postgres" (192.168.192.2), port 5432 failed: FATAL:  password authentication failed for user "nextcloud" in /var/www/html/lib/private/DB/Connection.php:139
Stack trace:
#0 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1654): OC\DB\Connection->connect()
#1 /var/www/html/3rdparty/doctrine/dbal/src/Connection.php(1081): Doctrine\DBAL\Connection->getWrappedConnection()
#2 /var/www/html/lib/private/DB/Connection.php(261): Doctrine\DBAL\Connection->executeQuery('SELECT * FROM "...', Array, Array, NULL)
#3 /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(337): OC\DB\Connection->executeQuery('SELECT * FROM "...', Array, Array, NULL)
#4 /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(377): Doctrine\DBAL\Query\QueryBuilder->executeQuery()
#5 /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php(280): Doctrine\DBAL\Query\QueryBuilder->execute()
#6 /var/www/html/lib/private/AppConfig.php(421): OC\DB\QueryBuilder\QueryBuilder->execute()
#7 /var/www/html/lib/private/AppConfig.php(187): OC\AppConfig->loadConfigValues()
#8 /var/www/html/lib/private/AppConfig.php(377): OC\AppConfig->getApps()
#9 /var/www/html/lib/private/App/AppManager.php(128): OC\AppConfig->getValues(false, 'enabled')
#10 /var/www/html/lib/private/App/AppManager.php(149): OC\App\AppManager->getInstalledAppsValues()
#11 /var/www/html/lib/private/legacy/OC_App.php(231): OC\App\AppManager->getInstalledApps()
#12 /var/www/html/lib/private/AppFramework/Bootstrap/Coordinator.php(90): OC_App::getEnabledApps()
#13 /var/www/html/lib/base.php(700): OC\AppFramework\Bootstrap\Coordinator->runInitialRegistration()
#14 /var/www/html/lib/base.php(1200): OC::init()
#15 /var/www/html/console.php(48): require_once('/var/www/html/l...')
#16 /var/www/html/occ(11): require_once('/var/www/html/c...')
#17 {main}

Steps to reproduce

  1. Setup an instance with postgres 2 .occ config:system:set dbpassword --value="incorrect"
  2. occ config:system:set dbpassword --value="correct"
  3. Observe the trace

Expected behavior

The password to update

Installation method

Community Docker image

Nextcloud Server version

28

Operating system

Other

PHP engine version

PHP 8.2

Web server

Nginx

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

Configuration report

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "28.0.4.1",
        "overwrite.cli.url": "https:\/\/cloud.domain.me",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "5432",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "upgrade.disable-web": true,
        "default_phone_region": "GR",
        "share_folder": "Shared",
        "log_type": "file",
        "log_type_audit": "file",
        "loglevel": "2",
        "logfile": "\/var\/www\/html\/data\/logs\/nextcloud.log",
        "logfile_audit": "\/var\/www\/html\/data\/logs\/audit.log",
        "logdateformat": "d\/m\/Y H:i:s",
        "logtimezone": "Europe\/Athens",
        "overwritehost": "cloud.domain.me",
        "overwriteprotocol": "https",
        "activity_expire_days": "60",
        "trashbin_retention_obligation": "30,60",
        "versions_retention_obligation": "30,60",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "enable_previews": "true",
        "jpeg_quality": "60",
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "preview_max_memory": "1024",
        "preview_max_filesize_image": "50",
        "onlyoffice": "",
        "allow_local_remote_servers": "true",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauthtype": "login",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "app_install_overwrite": [
            "news"
        ],
        "trusted_domains": [
            "localhost",
            "cloud.domain.me",
            "kube.internal.healthcheck",
            "collabora.domain.me"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "enabledPreviewProviders": [
            "OC\\Preview\\Imaginary",
            "OC\\Preview\\Image",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\PDF",
            "OC\\Preview\\Movie",
            "OC\\Preview\\Photoshop",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\SVG",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\MarkDown"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 2.20.0
  - admin_audit: 1.18.0
  - bookmarks: 13.1.3
  - bruteforcesettings: 2.8.0
  - calendar: 4.6.7
  - circles: 28.0.0
  - cloud_federation_api: 1.11.0
  - comments: 1.18.0
  - contacts: 5.5.3
  - contactsinteraction: 1.9.0
  - dashboard: 7.8.0
  - dav: 1.29.1
  - deck: 1.12.2
  - federatedfilesharing: 1.18.0
  - federation: 1.18.0
  - files: 2.0.0
  - files_antivirus: 5.5.0
  - files_pdfviewer: 2.9.0
  - files_reminders: 1.1.0
  - files_sharing: 1.20.0
  - files_trashbin: 1.18.0
  - files_versions: 1.21.0
  - firstrunwizard: 2.17.0
  - logreader: 2.13.0
  - lookup_server_connector: 1.16.0
  - mail: 3.5.8
  - news: 24.0.0
  - nextcloud_announcements: 1.17.0
  - notes: 4.9.4
  - notifications: 2.16.0
  - notify_push: 0.6.10
  - oauth2: 1.16.3
  - password_policy: 1.18.0
  - photos: 2.4.0
  - previewgenerator: 5.5.0
  - privacy: 1.12.0
  - provisioning_api: 1.18.0
  - recommendations: 2.0.0
  - related_resources: 1.3.0
  - richdocuments: 8.3.4
  - serverinfo: 1.18.0
  - settings: 1.10.1
  - sharebymail: 1.18.0
  - support: 1.11.1
  - survey_client: 1.16.0
  - systemtags: 1.18.0
  - tasks: 0.15.0
  - text: 3.9.1
  - theming: 2.3.0
  - twofactor_backupcodes: 1.17.0
  - twofactor_totp: 10.0.0-beta.2
  - updatenotification: 1.18.0
  - user_status: 1.8.1
  - viewer: 2.2.0
  - weather_status: 1.8.0
  - workflowengine: 2.10.0
Disabled:
  - encryption: 2.16.0
  - files_external: 1.20.0
  - suspicious_login: 6.0.0
  - user_ldap: 1.19.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No response

Additional info

No response

joshtrichards commented 6 months ago

I'm not sure this is really a bug. Maybe technical debt, but it's expected at present. Need to change parameters like that via config.php rather than occ.

Related/same issue (basically): #40904

EDIT: Might be something worth documenting somehow too I suppose.