search

owncloud / client

🖥️ Desktop Syncing Client for ownCloud
GNU General Public License v2.0
1.38k stars 667 forks source link

re-auth required with [keepassxc secret service] #9313

Open mefromthepast opened 2 years ago

mefromthepast commented 2 years ago

Expected behaviour

The client should not simply invalidate oauth tokens, even if it receives a timeout or keepassxc is close; it should instead again try to use the token then when the db is reopened as an alternative.

Actual behaviour

Valid oauth tokens are trashed, browser windows / tab opens and re-authentication is required.

Steps to reproduce

  1. setup owncloud to use secretservice via keepassxc
  2. use owncloud
  3. at some point that I cannot exactly grasp (it does not always happen after data base is closed; I believe it happens regularly if keepassxc is not running before owncloud-client, keepassxc is closed, or after the computer returns from sleep), the oauth token is attempted to be trashed. However, 1. trashing valid oauth tokens should never be required in the first place and 2. this does not work automatically if saving the data base requires yubikey interaction. This is totally annoying.

Server configuration

owncloud enterprise, no further information available

Client configuration

Client version: 2.9.2 Operating system: archlinux OS language: en Qt version used by client package (Linux only, see also Settings dialog): - Client package (From ownCloud or distro) (Linux only): owncloud-client

Logs

Client logfile

[ info sync.credentials.manager ]:   get "ownCloud_credentials:[OWNCLOUD-SERVER]:[TOKEN]:http/oauthtoken"
[ debug gui.account.manager ]        [ OCC::AccountManager::saveAccount ]:   Saving account "https://[OWNCLOUD-SERVER]/"
[ info gui.account.manager ]:        Saving  0  unknown certs.
[ info gui.account.manager ]:        Saving cookies. "[HOME]/.config/ownCloud/cookies0.db"
[ debug sync.cookiejar ]     [ OCC::CookieJar::save ]:       "[HOME]/.config/ownCloud/cookies0.db"
[ debug gui.account.manager ]        [ OCC::AccountManager::saveAccount ]:   Saved account settings, status: QSettings::NoError
[ info sync.credentials.manager ]:   del "ownCloud_credentials:[OWNCLOUD-SERVER]:[TOKEN]:http/oauthtoken"
[ info gui.account.state ]:  AccountState state change:  "Disconnected" -> "Asking Credentials"
[ debug sync.database.sql ]  [ OCC::SqlQuery::bindValue ]:   SQL bind 1 3
[ debug sync.database.sql ]  [ OCC::SqlQuery::exec ]:        SQL exec "SELECT path FROM selectivesync WHERE type=?1"
[ warning sync.credentials.manager ]:        Failed to remove: "ownCloud_credentials:[OWNCLOUD-SERVER]:[TOKEN]:http/oauthtoken" "Timeout was reached"
TheOneRing commented 10 months ago

Research: Check whether qt-keychain tells us whether the backend is ready.

TheOneRing commented 9 months ago

Related: https://github.com/owncloud/client/blob/62306b02ee2d1229af56aaf70000a93ac6d7a724/src/libsync/creds/credentialmanager.cpp#L193-L202