Client freezes while connecting to ocis

mike-lloyd03 commented 1 year ago

Pre-submission Checks

[X] I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
[X] I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Describe the bug

When attempting to log in to my OCIS server, the initial window "What is your server's address?" disappears after entering the URL. The main window stays open but appears frozen. No mouse or keyboard events are recognized.

Looking at the client logs, it appears that the server is not sending the registration endpoint URL when it attempts to authenticate.

I am running OCIS v3.0.0 using Docker.

Docker compose file:

version: "3"

services:
  ocis:
    image: owncloud/ocis:3
    entrypoint:
      - /bin/sh
    command: ["-c", "ocis init || true; ocis server"]
    env_file: .env
    environment:
      OCIS_URL: ${OCIS_URL}
      OCIS_LOG_LEVEL: info
      OCIS_LOG_COLOR: true
      PROXY_TLS: "false"
      OCIS_INSECURE: "false"
      PROXY_ENABLE_BASIC_AUTH: "true"
      IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD}"
      IDM_CREATE_DEMO_USERS: "false"
    volumes:
      - /mnt/data/owncloud/config:/etc/ocis
      - /mnt/data/owncloud/data:/var/lib/ocis
    logging:
      driver: "local"
    restart: always
    ports:
      - 9200:9200

Expected behavior

Should generate link to authenticate with browser.

Steps to reproduce the issue

No response

Screenshots

No response

Logs

Client Logs:

23-08-17 22:57:48:585 [ debug sync.credentials.oauth ]  [ OCC::OAuth::startAuthentication ]:    starting authentication
23-08-17 22:57:48:585 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown ]: fetching "/.well-known/openid-configuration"
23-08-17 22:57:48:586 [ debug setupwizard.controller ]  [ OCC::Wizard::SetupWizardController::changeStateTo ]:  Current wizard state: OCC::Wizard::SetupWizardState::CredentialsState
23-08-17 22:57:48:744 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown()::<lambda ]:      parsing .well-known reply successful, auth endpoint QUrl("https://ocis.my.server/signin/v1/identifier/_/authorize") and token endpoint QUrl("https://ocis.my.server/konnect/v1/token") and registration endpoint QUrl("")
23-08-17 22:57:48:744 [ debug sync.credentials.oauth ]  [ OCC::OAuth::startAuthentication()::<lambda ]: registration endpoint not provided or empty: QUrl("")

Server Logs:

ocis-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"b042e8f2-9626-46bd-8020-46ce07bfeca8","remote-addr":"XX.XX.XX.XX","method":"GET","status":200,"path":"/.well-known/webfinger","duration":0.803456,"bytes":140,"time":"2023-08-18T03:57:48.558403948Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
ocis-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"05518205-7d63-4bb1-81a4-ac961eb39cdf","remote-addr":"XX.XX.XX.XX","method":"GET","status":200,"path":"/.well-known/openid-configuration","duration":0.425368,"bytes":1802,"time":"2023-08-18T03:57:48.710297386Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
ocis-ocis-1  | {"level":"info","service":"auth-machine","pkg":"rgrpc","traceid":"00000000000000000000000000000000","time":"2023-08-18T03:58:12.308461083Z","line":"github.com/cs3org/reva/v2@v2.14.0/internal/grpc/services/authprovider/authprovider.go:141","message":"user idp:\"https://ocis.my.server\" opaque_id:\"5a4937b6-92bc-4f43-83be-164f2d9191bd\" type:USER_TYPE_PRIMARY  authenticated"}
ocis-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"5120b133-ae58-4399-a25b-2cd4534627f0","remote-addr":"XX.XX.XX.XX","method":"GET","status":200,"path":"/ocs/v2.php/apps/notifications/api/v1/notifications","duration":3.410828,"bytes":72,"time":"2023-08-18T03:58:12.310523451Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
ocis-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"4cadf0ab8c3c/sdSXtPmqLz-000086","remote-addr":"XX.XX.XX.XX","method":"GET","status":302,"path":"/signin/v1/identifier/_/authorize","duration":37.744752,"bytes":0,"time":"2023-08-18T03:58:28.347163345Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
ocis-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"4cadf0ab8c3c/sdSXtPmqLz-000088","remote-addr":"XX.XX.XX.XX","method":"GET","status":200,"path":"/oidc-silent-redirect.html","duration":0.492546,"bytes":490,"time":"2023-08-18T03:58:28.581131326Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
ocis-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"4cadf0ab8c3c/sdSXtPmqLz-000090","remote-addr":"XX.XX.XX.XX","method":"GET","status":200,"path":"/oidc-silent-redirect","duration":0.529676,"bytes":7683,"time":"2023-08-18T03:58:28.77588887Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}

Client version number

ownCloud 4.2.0 f5a29b Libraries Qt 5.15.10, OpenSSL 3.1.1 30 May 2023 Using virtual files plugin: suffix arch-6.4.3-arch1-1

Desktop environment (Linux only)

Linux 6.4.3-arch1-1

Client package version and origin (Linux only)

Installed from Arch Package Repository

Installation path (Windows only)

No response

Server information

ownCloud | Infinite Scale Community 3.0.0 7.0.0

Additional context

No response

michaelstingl commented 1 year ago

@mike-lloyd03 please enable HTTP logging and post the lines.

mike-lloyd03 commented 1 year ago

Sure. Thanks.

Logs

``` 23-08-18 21:38:38:015 [ debug setupwizard.controller ] [ OCC::Wizard::SetupWizardController::SetupWizardController(OCC::SettingsDialog*)::

github-actions[bot] commented 1 year ago

This issue was marked stale because it has been open for 30 days with no activity. Remove the stale label or comment or this will be closed in 7 days.

TheOneRing commented 1 year ago

Sorry for the late answer:

23-08-18 21:38:38:522 [ debug sync.credentials.oauth ]  [ OCC::OAuth::startAuthentication()::<lambda ]: registration endpoint not provided or empty: QUrl("")

This is just a debug message. If we don't get a registration endpoint we just don't use dynamic registration and fall back to the default client id and secret. So we need to find another reason for your issue.

mike-lloyd03 commented 1 year ago

Thanks for the reply. Where else should I be looking?

michaelstingl commented 1 year ago

Thanks for the reply. Where else should I be looking?

What are the last lines with [ info sync.httplogger ]: ? Maybe start the desktop sync client with --logflush parameter, to make sure you see all log lines immediately.

Here you can find more information:

https://doc.owncloud.com/desktop/4.2/appendices/troubleshooting.html#log-files

mike-lloyd03 commented 1 year ago

Okay I ran it again with --flushlogs.

23-09-19 22:53:21:360 [ info sync.httplogger ]: "4b95070c-c63c-403e-856f-789f0deb555d: Request: GET https://ocis.my.server/.well-known/webfinger?resource=https://ocis.my.server Header: { User-Agent: Mozilla/5.0 (Linux) mirall/4.2.0 (ownCloud, arch-6.4.3-arch1-1 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 4b95070c-c63c-403e-856f-789f0deb555d, Original-Request-ID: 4b95070c-c63c-403e-856f-789f0deb555d, } Data: []"
23-09-19 22:53:21:650 [ info sync.httplogger ]: "4b95070c-c63c-403e-856f-789f0deb555d: Response: GET 200 (289ms) https://ocis.my.server/.well-known/webfinger?resource=https://ocis.my.server Header: { Alt-Svc: h3=\":443\"; ma=2592000, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value, Content-Length: 140, Content-Security-Policy: frame-ancestors 'none', Content-Type: application/json; charset=utf-8, Date: Wed, 20 Sep 2023 05:53:21 GMT, Expires: Thu, 01 Jan 1970 00:00:00 GMT, Last-Modified: Wed, 20 Sep 2023 05:53:21 GMT, Server: Caddy, Vary: Origin, X--Version: , X-Content-Type-Options: nosniff, X-Frame-Options: DENY, } Data: [{\"subject\":\"https://ocis.my.server\",\"links\":[{\"rel\":\"http://openid.net/specs/connect/1.0/issuer\",\"href\":\"https://ocis.my.server\"}]}\n]"
23-09-19 22:53:21:667 [ info sync.httplogger ]: "45e43b8d-8ba0-4a26-8bf2-9a27b53d9a6a: Request: GET https://ocis.my.server/.well-known/openid-configuration Header: { User-Agent: Mozilla/5.0 (Linux) mirall/4.2.0 (ownCloud, arch-6.4.3-arch1-1 ClientArchitecture: x86_64 OsArchitecture: x86_64), Accept: */*, X-Request-ID: 45e43b8d-8ba0-4a26-8bf2-9a27b53d9a6a, Original-Request-ID: 45e43b8d-8ba0-4a26-8bf2-9a27b53d9a6a, } Data: []"
23-09-19 22:53:21:678 [ info sync.httplogger ]: "45e43b8d-8ba0-4a26-8bf2-9a27b53d9a6a: Response: GET 200 (11ms) https://ocis.my.server/.well-known/openid-configuration Header: { Alt-Svc: h3=\":443\"; ma=2592000, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, value, Content-Length: 1802, Content-Security-Policy: frame-ancestors 'none', Content-Type: application/json; encoding=utf-8, Date: Wed, 20 Sep 2023 05:53:21 GMT, Expires: Thu, 01 Jan 1970 00:00:00 GMT, Last-Modified: Wed, 20 Sep 2023 05:53:21 GMT, Server: Caddy, Vary: Origin, X-Content-Type-Options: nosniff, X-Frame-Options: DENY, X-Idp-Version: 3.0.0, } Data: [{\n  \"issuer\": \"https://ocis.my.server\",\n  \"authorization_endpoint\": \"https://ocis.my.server/signin/v1/identifier/_/authorize\",\n  \"token_endpoint\": \"https://ocis.my.server/konnect/v1/token\",\n  \"userinfo_endpoint\": \"https://ocis.my.server/konnect/v1/userinfo\",\n  \"end_session_endpoint\": \"https://ocis.my.server/signin/v1/identifier/_/endsession\",\n  \"check_session_iframe\": \"https://ocis.my.server/konnect/v1/session/check-session.html\",\n  \"jwks_uri\": \"https://ocis.my.server/konnect/v1/jwks.json\",\n  \"scopes_supported\": [\n    \"openid\",\n    \"offline_access\",\n    \"profile\",\n    \"email\",\n    \"LibgreGraph.UUID\",\n    \"LibreGraph.RawSub\"\n  ],\n  \"response_types_supported\": [\n    \"id_token token\",\n    \"id_token\",\n    \"code id_token\",\n    \"code id_token token\"\n  ],\n  \"subject_types_supported\": [\n    \"public\"\n  ],\n  \"id_token_signing_alg_values_supported\": [\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\"\n  ],\n  \"userinfo_signing_alg_values_supported\": [\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\"\n  ],\n  \"request_object_signing_alg_values_supported\": [\n    \"ES256\",\n    \"ES384\",\n    \"ES512\",\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\",\n    \"none\",\n    \"EdDSA\"\n  ],\n  \"token_endpoint_auth_methods_supported\": [\n    \"client_secret_basic\",\n    \"none\"\n  ],\n  \"token_endpoint_auth_signing_alg_values_supported\": [\n    \"RS256\",\n    \"RS384\",\n    \"RS512\",\n    \"PS256\",\n    \"PS384\",\n    \"PS512\"\n  ],\n  \"claims_parameter_supported\": true,\n  \"claims_supported\": [\n    \"iss\",\n    \"sub\",\n    \"aud\",\n    \"exp\",\n    \"iat\",\n    \"name\",\n    \"family_name\",\n    \"given_name\",\n    \"email\",\n    \"email_verified\"\n  ],\n  \"request_parameter_supported\": true,\n  \"request_uri_parameter_supported\": false\n}\n]"

michaelstingl commented 1 year ago

This is the last request you see in the logs before it gets stuck? Nothing else? 🤔

mike-lloyd03 commented 1 year ago

No sorry, those are just the httplogger logs. There's three more entries after that:

23-09-21 07:52:58:337 [ debug sync.credentials.oauth ]  [ OCC::OAuth::fetchWellKnown()::<lambda ]:  parsing .well-known reply successful, auth endpoint QUrl("https://ocis.my.server/signin/v1/identifier/_/authorize") and token endpoint QUrl("https://ocis.my.server/konnect/v1/token") and registration endpoint QUrl("")
23-09-21 07:52:58:337 [ debug sync.credentials.oauth ]  [ OCC::OAuth::startAuthentication()::<lambda ]: registration endpoint not provided or empty: QUrl("")
23-09-21 07:53:01:685 [ info gui.application ]: Trying tray icon, tray available: false

mike-lloyd03 commented 1 year ago

This seems to be a Wayland issue. I just tried to log in using an X session and authenticated without issue.

And looks like I didn't provide this info when I first opened the issue: currently running Hyprland with Nvidia patch.

TheOneRing commented 1 year ago

Hmm is there a modal dialog that got eaten by wayland?

mike-lloyd03 commented 1 year ago

I don't know. After authenticating on Xorg, I'm good to go on Wayland. I logged out and removed my account from the client and now I can't reproduce the error. Auth works as expected on Wayland now. I ran a system update this morning so maybe that fixed it?

Thanks for your help. I'll close this now.

owncloud / client