search

owncloud / oauth2

🔐 Application for using OAuth 2.0 in ownCloud
GNU Affero General Public License v3.0
32 stars 24 forks source link

using wrong user and then retrying the correct user does not connect the desktop client #347

Open individual-it opened 1 year ago

individual-it commented 1 year ago

Steps to reproduce

  1. Connect to an oc10 server with oauth2 as admin
  2. Log out in the client
  3. Start login process in the client
  4. Open the browser
  5. Log in with an other existing user
  6. retry the process because you have used the wrong user
  7. re-login in the browser as the correct user

see also comment of @fmoc in https://github.com/owncloud/client/issues/10300#issuecomment-1329161751

Expected behaviour

When re-logging in as the correct user the oauth2 authentication should work

Actual behaviour

after using the wrong user in the browser, it tells you to switch the user :+1: image

after switching the user and authorizing the app an error is shown :-1: image

on the client the user can try again image

after re trying the authentication works

Server configuration

{
    "system": {
        "instanceid": "ocuv4s8d5xsv",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "192.168.56.1"
        ],
        "datadirectory": "\/home\/artur\/www\/owncloud-core\/data",
        "overwrite.cli.url": "http:\/\/localhost\/owncloud-core",
        "htaccess.RewriteBase": "\/owncloud-core",
        "dbtype": "mysql",
        "version": "10.11.0.6",
        "logtimezone": "UTC",
        "theme": "",
        "loglevel": 0,
        "maintenance": false,
        "default_language": "en",
        "singleuser": false,
        "ldapIgnoreNamingRules": false,
        "sharing.federation.allowHttpFallback": true,
        "files_external_allow_create_new_local": "true",
        "enable_previews": false,
        "dbname": "owncloud_20211231",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "trusted_proxies": {
            "1": "10.4.1.248",
            "2": "127.0.0.1"
        },
        "apps_paths": [
            {
                "path": "\/home\/artur\/www\/owncloud-core\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/home\/artur\/www\/owncloud-core\/apps-external",
                "url": "\/apps-external",
                "writable": true
            }
        ],
        "cors.allowed-domains": [
            "http:\/\/localhost:9100",
            "http:\/\/localhost\/owncloud-web"
        ],
        "installed": true,
        "dav.enable.tech_preview": true,
        "license-key": "***REMOVED SENSITIVE VALUE***",
        "web.rewriteLinks": "true",
        "web.baseUrl": "http:\/\/localhost\/owncloud-web\/dist",
        "csrf.disabled": "true",
        "allow_user_to_change_mail_address": "",
        "mail_smtpport": "1025",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "log_type": "owncloud",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "grace_period.demo_key.show_popup": false,
        "skeletondirectory": "\/home\/artur\/www\/owncloud-core\/apps\/testing\/data\/tinySkeleton"
    }
}
  - activity:
    - Version: 2.7.0
    - Path: /home/artur/www/owncloud-core/apps/activity
  - comments:
    - Version: 0.3.0
    - Path: /home/artur/www/owncloud-core/apps/comments
  - dav:
    - Version: 0.7.0
    - Path: /home/artur/www/owncloud-core/apps/dav
  - diagnostics:
    - Version: 0.1.4
    - Path: /home/artur/www/owncloud-core/apps/diagnostics
  - federatedfilesharing:
    - Version: 0.5.0
    - Path: /home/artur/www/owncloud-core/apps/federatedfilesharing
  - federation:
    - Version: 0.1.0
    - Path: /home/artur/www/owncloud-core/apps/federation
  - files:
    - Version: 1.5.2
    - Path: /home/artur/www/owncloud-core/apps/files
  - files_external:
    - Version: 0.9.0
    - Path: /home/artur/www/owncloud-core/apps/files_external
  - files_mediaviewer:
    - Version: 1.0.5
    - Path: /home/artur/www/owncloud-core/apps-external/files_mediaviewer
  - files_sharing:
    - Version: 0.14.0
    - Path: /home/artur/www/owncloud-core/apps/files_sharing
  - files_texteditor:
    - Version: 2.3.0
    - Path: /home/artur/www/owncloud-core/apps/files_texteditor
  - files_trashbin:
    - Version: 0.9.1
    - Path: /home/artur/www/owncloud-core/apps/files_trashbin
  - files_versions:
    - Version: 1.3.0
    - Path: /home/artur/www/owncloud-core/apps/files_versions
  - gallery:
    - Version: 16.1.2
    - Path: /home/artur/www/owncloud-core/apps-external/gallery
  - market:
    - Version: 0.6.1
    - Path: /home/artur/www/owncloud-core/apps/market
  - oauth2:
    - Version: 0.5.2
    - Path: /home/artur/www/owncloud-core/apps-external/oauth2
  - provisioning_api:
    - Version: 0.5.0
    - Path: /home/artur/www/owncloud-core/apps/provisioning_api
  - systemtags:
    - Version: 0.3.0
    - Path: /home/artur/www/owncloud-core/apps/systemtags
  - testing:
    - Version: 0.1.0
    - Path: /home/artur/www/owncloud-core/apps/testing
  - updatenotification:
    - Version: 0.2.1
    - Path: /home/artur/www/owncloud-core/apps/updatenotification
Disabled:
  - brute_force_protection:
    - Path: /home/artur/www/owncloud-core/apps/brute_force_protection
  - contacts:
    - Path: /home/artur/www/owncloud-core/apps/contacts
  - customgroups:
    - Path: /home/artur/www/owncloud-core/apps/customgroups
  - encryption:
    - Path: /home/artur/www/owncloud-core/apps/encryption
  - files_primary_s3:
    - Path: /home/artur/www/owncloud-core/apps/files_primary_s3
  - guests:
    - Path: /home/artur/www/owncloud-core/apps/guests
  - more-fun-theme:
    - Path: /home/artur/www/owncloud-core/apps/more-fun-theme
  - multidirtest:
    - Path: /home/artur/www/owncloud-core/apps/multidirtest
  - notes:
    - Path: /home/artur/www/owncloud-core/apps/notes
  - notifications:
    - Path: /home/artur/www/owncloud-core/apps/notifications
  - password_policy:
    - Path: /home/artur/www/owncloud-core/apps/password_policy
  - ransomware_protection:
    - Path: /home/artur/www/owncloud-core/apps/ransomware_protection
  - search_elastic:
    - Path: /home/artur/www/owncloud-core/apps/search_elastic
  - security:
    - Path: /home/artur/www/owncloud-core/apps/security
  - theme-example:
    - Path: /home/artur/www/owncloud-core/apps/theme-example
  - twofactor_totp:
    - Path: /home/artur/www/owncloud-core/apps/twofactor_totp
  - user_ldap:
    - Path: /home/artur/www/owncloud-core/apps/user_ldap
  - user_management:
    - Path: /home/artur/www/owncloud-core/apps/user_management
  - windows_network_drive:
    - Path: /home/artur/www/owncloud-core/apps-external/windows_network_drive

Logs

ownCloud log (data/owncloud.log)

{"reqId":"163540ae-2afe-4c4d-ba6f-363f80407412","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/capabilities?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"163540ae-2afe-4c4d-ba6f-363f80407412","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/capabilities?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"72d0eaf4-603d-4c49-b07e-51c5c0d28d4b","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/user?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"72d0eaf4-603d-4c49-b07e-51c5c0d28d4b","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/user?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"29b66069-e87a-4584-bdda-65dcd79c3106","level":0,"time":"2022-11-30T04:22:33+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/remote.php\/dav\/avatars\/admin\/128.png","message":"updating token 620, last check is now 1669782026"}
{"reqId":"29b66069-e87a-4584-bdda-65dcd79c3106","level":0,"time":"2022-11-30T04:22:33+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"webdav","method":"GET","url":"\/owncloud-core\/remote.php\/dav\/avatars\/admin\/128.png","message":"Exception: HTTP\/1.1 404 Not Found: {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotFound\",\"Message\":\"\",\"Code\":0,\"Trace\":\"#0 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Tree.php(78): OCA\\\\DAV\\\\Avatars\\\\AvatarHome->getChild()\\n#1 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Tree.php(51): Sabre\\\\DAV\\\\Tree->getNodeForPath()\\n#2 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(76): OCA\\\\DAV\\\\Tree->getNodeForPath()\\n#3 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(89): Sabre\\\\DAV\\\\CorePlugin->httpGet()\\n#4 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(472): Sabre\\\\DAV\\\\Server->emit()\\n#5 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(253): Sabre\\\\DAV\\\\Server->invokeMethod()\\n#6 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Server.php(348): Sabre\\\\DAV\\\\Server->start()\\n#7 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#8 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/remote.php(165): require_once('\\\/home\\\/artur\\\/www...')\\n#9 {main}\",\"File\":\"\\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Avatars\\\/AvatarHome.php\",\"Line\":66}"}
{"reqId":"20f674e3-efb8-4559-abad-3f0344f3b4fd","level":0,"time":"2022-11-30T04:22:35+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
{"reqId":"e01c89af-98f5-4fba-9777-78a93457c041","level":0,"time":"2022-11-30T04:22:57+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
{"reqId":"f8ce576a-e979-4d2b-ad81-cf652510e183","level":0,"time":"2022-11-30T04:23:16+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
{"reqId":"e6bdfa8d-695d-4e9d-8432-2a86605e3095","level":0,"time":"2022-11-30T04:23:27+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
michaelstingl commented 1 year ago

Duplicate for https://github.com/owncloud/oauth2/issues/309 ?

fmoc commented 1 year ago

I don't think so. This is absolutely reproducible, and handled completely on the server side. The client doesn't even get told there's an error.