search

pondersource / nextcloud-mfa-awareness

Make Nextcloud aware of whether the current user is logged in with Multi-Factor Authentication
MIT License
0 stars 2 forks source link

MFA Zone tab stays empty #92

Closed michielbdejong closed 10 months ago

michielbdejong commented 11 months ago

When I run testnet from sunet-custom-with-gss branch, the drawer tab exists but is empty. There are no errors in the web console. Something apparently changed in my test setup that's causing this. Investigating.

michielbdejong commented 11 months ago

There is a CSP error but Im not sure whether that was already there before. The OCA.mfazones object is there.

michielbdejong commented 11 months ago

It would make it easier if I could use localhost instead of testnet setup but that's currently not working due to https://github.com/pondersource/nextcloud-mfa-awareness/issues/93

michielbdejong commented 11 months ago

It's probably because https://github.com/pondersource/mfazones/blob/main/js/plugin.js is not getting executed, will test and debug.

michielbdejong commented 11 months ago

This seems to have been resolved, maybe it was due to #95

michielbdejong commented 10 months ago

Hm, still seeing this with


git checkout fb4582337e3c236543be859e0cc463cc876241a1
yasharpm commented 10 months ago

I can see in the js logs that a GET request to http://sunet-nc2/index.php/apps/mfazones/access?source=/testfolder is failing with 500 error code when the user opens the details side menu.

yasharpm commented 10 months ago

I also added a log to https://github.com/pondersource/mfazones/blob/main/js/plugin.js inside the attach function. I don't see the log in the console.

yasharpm commented 10 months ago

Also this error message appears on an interval in the sunet-nc2 logs. It seems unrelated though.


172.20.0.3 - - [13/Nov/2023:10:15:15 +0000] "POST /index.php/apps/text/session/sync HTTP/1.1" 200 1303 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
{"reqId":"ez82upXjX5siaC4XdcLD","level":4,"time":"2023-11-13T10:15:15+00:00","remoteAddr":"172.20.0.3","user":"usr1","app":"no app in context","method":"POST","url":"/index.php/apps/text/session/sync","message":"Could not boot mfazones: The given tag id is invalid","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0","version":"26.0.7.1","exception":{"Exception":"UnexpectedValueException","Message":"The given tag id is invalid","Code":4,"Trace":[{"file":"/var/www/html/apps/workflowengine/lib/Manager.php","line":592,"function":"validateCheck","class":"OCA\\WorkflowEngine\\Check\\FileSystemTags","type":"->","args":["is","1"]},{"file":"/var/www/html/apps/workflowengine/lib/Manager.php","line":350,"function":"validateOperation","class":"OCA\\WorkflowEngine\\Manager","type":"->","args":["OCA\\FilesAccessControl\\Operation","",[["OCA\\WorkflowEngine\\Check\\MfaVerified","!is","",false],["OCA\\WorkflowEngine\\Check\\FileSystemTags","is","1",false]],"deny",["OCA\\WorkflowEngine\\Helper\\ScopeContext"],"OCA\\WorkflowEngine\\Entity\\File",[]]},{"file":"/var/www/html/apps/mfazones/lib/AppInfo/Application.php","line":149,"function":"addOperation","class":"OCA\\WorkflowEngine\\Manager","type":"->","args":["OCA\\FilesAccessControl\\Operation","",[["OCA\\WorkflowEngine\\Check\\MfaVerified","!is","",false],["OCA\\WorkflowEngine\\Check\\FileSystemTags","is","1",false]],"deny",["OCA\\WorkflowEngine\\Helper\\ScopeContext"],"OCA\\WorkflowEngine\\Entity\\File",[]]},{"file":"/var/www/html/apps/mfazones/lib/AppInfo/Application.php","line":80,"function":"addFlows","class":"OCA\\mfazones\\AppInfo\\Application","type":"->","args":[]},{"file":"/var/www/html/lib/private/ServerContainer.php","line":107,"function":"__construct","class":"OCA\\mfazones\\AppInfo\\Application","type":"->","args":[]},{"file":"/var/www/html/lib/private/ServerContainer.php","line":186,"function":"getAppContainer","class":"OC\\ServerContainer","type":"->","args":["mfazones","mfazones"]},{"file":"/var/www/html/lib/private/ServerContainer.php","line":153,"function":"getAppContainerForService","class":"OC\\ServerContainer","type":"->","args":["OCA\\mfazones\\AppInfo\\Application"]},{"file":"/var/www/html/lib/private/AppFramework/Bootstrap/Coordinator.php","line":196,"function":"query","class":"OC\\ServerContainer","type":"->","args":["OCA\\mfazones\\AppInfo\\Application"]},{"file":"/var/www/html/lib/private/legacy/OC_App.php","line":213,"function":"bootApp","class":"OC\\AppFramework\\Bootstrap\\Coordinator","type":"->","args":["mfazones"]},{"file":"/var/www/html/lib/private/legacy/OC_App.php","line":141,"function":"loadApp","class":"OC_App","type":"::","args":["mfazones"]},{"file":"/var/www/html/lib/base.php","line":1045,"function":"loadApps","class":"OC_App","type":"::","args":[]},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/apps/workflowengine/lib/Check/FileSystemTags.php","Line":109,"message":"Could not boot mfazones: The given tag id is invalid","exception":{},"CustomMessage":"Could not boot mfazones: The given tag id is invalid"}}```
yasharpm commented 10 months ago

This log appears on a short cycle and makes it impossible to debug other stuff. So I am going to prioritize it. Whatever it is, it seems related to mfazones so fixing it will only help I guess.

yasharpm commented 10 months ago

This error message might be related. Because it is about a failure in loading the mfazones app: "Could not boot mfazones"

yasharpm commented 10 months ago

The error stems from this bit of code from the mfazones Application class:

                         "class" => "OCA\WorkflowEngine\Check\FileSystemTags", 
                         "operator" => "is", 
                         "value" => $tagId, 
                         "invalid" => false

Where the $tagId is queried from systemTagManager. A tag which is created if not exists via a call to addTag function. But the error says "The given tag id is invalid".

yasharpm commented 10 months ago

The tag is visible in the database which is not a surprise since I already in my logs that the value for $tagId is 1.

MariaDB [nextcloud]> SELECT * FROM oc_systemtag
    -> ;
+----+---------+------------+----------+
| id | name    | visibility | editable |
+----+---------+------------+----------+
|  1 | mfazone |          0 |        0 |
+----+---------+------------+----------+
1 row in set (0.000 sec)
yasharpm commented 10 months ago

A look at the source code for the validateCheck function reveals the problem. The tag has to be user visible. But on the database record we can see that it is not. Note that the error code for the exception is 4.

yasharpm commented 10 months ago

I changed the tab visibility value to true in the database and it fixed this issue along with the repeating error message. So changing:

$this->systemTagManager->createTag(self::TAG_NAME, false, false);

to:

$this->systemTagManager->createTag(self::TAG_NAME, true, false);

in the mfazones Application class fixes this issue.

yasharpm commented 10 months ago

The change is applied in this commit.

yasharpm commented 10 months ago

Verified with @MahdiBaghbani that the issue is fixed.