search

pulsejet / nextcloud-oidc-login

Nextcloud login via a single OpenID Connect 1.0 provider
https://apps.nextcloud.com/apps/oidc_login
GNU Affero General Public License v3.0
219 stars 59 forks source link

Sometimes Login Faild with Internal Server Error #240

Closed mueller-tobias closed 1 year ago

mueller-tobias commented 1 year ago

Hi all,

we've the problem that sometimes the login from keycloak failed with an internal server error. In the logs we see the following error:

{
  "reqId": "Fn0osYU8GJfxfTuGMZt7",
  "level": 3,
  "time": "2023-08-24T14:57:11+00:00",
  "remoteAddr": "10.42.185.129",
  "user": "--",
  "app": "index",
  "method": "GET",
  "url": "/apps/oidc_login/oidc?state=7525f07d7fd9d036a09de96c62d57b31&session_state=097adf88-8903-4bb1-a880-d4799f534326&code=16272809-1691-4a68-8b92-5bb46c94e9fd.097adf88-8903-4bb1-a880-d4799f534326.64acb20f-eb7e-46ac-b3f5-66997780f73a",
  "message": "sha1(): Argument #1 ($string) must be of type string, null given in file '/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php' line 116",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.54",
  "version": "26.0.0.11",
  "exception": {
    "Exception": "Exception",
    "Message": "sha1(): Argument #1 ($string) must be of type string, null given in file '/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php' line 116",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/html/lib/private/AppFramework/App.php",
        "line": 183,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->",
        "args": [
          [
            "OCA\\OIDCLogin\\Controller\\LoginController"
          ],
          "oidc"
        ]
      },
      {
        "file": "/var/www/html/lib/private/Route/Router.php",
        "line": 315,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::",
        "args": [
          "OCA\\OIDCLogin\\Controller\\LoginController",
          "oidc",
          [
            "OC\\AppFramework\\DependencyInjection\\DIContainer"
          ],
          [
            "oidc_login.login.oidc"
          ]
        ]
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 1055,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->",
        "args": [
          "/apps/oidc_login/oidc"
        ]
      },
      {
        "file": "/var/www/html/index.php",
        "line": 36,
        "function": "handleRequest",
        "class": "OC",
        "type": "::",
        "args": []
      }
    ],
    "File": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
    "Line": 169,
    "Previous": {
      "Exception": "TypeError",
      "Message": "sha1(): Argument #1 ($string) must be of type string, null given",
      "Code": 0,
      "Trace": [
        {
          "file": "/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php",
          "line": 116,
          "function": "sha1",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/lib/private/Authentication/Token/Manager.php",
          "line": 69,
          "function": "generateToken",
          "class": "OC\\Authentication\\Token\\PublicKeyTokenProvider",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/lib/private/User/Session.php",
          "line": 686,
          "function": "generateToken",
          "class": "OC\\Authentication\\Token\\Manager",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/oidc_login/lib/Service/LoginService.php",
          "line": 198,
          "function": "createSessionToken",
          "class": "OC\\User\\Session",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/oidc_login/lib/Service/LoginService.php",
          "line": 173,
          "function": "completeLogin",
          "class": "OCA\\OIDCLogin\\Service\\LoginService",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/oidc_login/lib/Controller/LoginController.php",
          "line": 147,
          "function": "login",
          "class": "OCA\\OIDCLogin\\Service\\LoginService",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/oidc_login/lib/Controller/LoginController.php",
          "line": 123,
          "function": "login",
          "class": "OCA\\OIDCLogin\\Controller\\LoginController",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/custom_apps/oidc_login/lib/Controller/LoginController.php",
          "line": 102,
          "function": "authSuccess",
          "class": "OCA\\OIDCLogin\\Controller\\LoginController",
          "type": "->",
          "args": [
            "*** sensitive parameters replaced ***"
          ]
        },
        {
          "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 230,
          "function": "oidc",
          "class": "OCA\\OIDCLogin\\Controller\\LoginController",
          "type": "->",
          "args": []
        },
        {
          "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 137,
          "function": "executeController",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->",
          "args": [
            [
              "OCA\\OIDCLogin\\Controller\\LoginController"
            ],
            "oidc"
          ]
        },
        {
          "file": "/var/www/html/lib/private/AppFramework/App.php",
          "line": 183,
          "function": "dispatch",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->",
          "args": [
            [
              "OCA\\OIDCLogin\\Controller\\LoginController"
            ],
            "oidc"
          ]
        },
        {
          "file": "/var/www/html/lib/private/Route/Router.php",
          "line": 315,
          "function": "main",
          "class": "OC\\AppFramework\\App",
          "type": "::",
          "args": [
            "OCA\\OIDCLogin\\Controller\\LoginController",
            "oidc",
            [
              "OC\\AppFramework\\DependencyInjection\\DIContainer"
            ],
            [
              "oidc_login.login.oidc"
            ]
          ]
        },
        {
          "file": "/var/www/html/lib/base.php",
          "line": 1055,
          "function": "match",
          "class": "OC\\Route\\Router",
          "type": "->",
          "args": [
            "/apps/oidc_login/oidc"
          ]
        },
        {
          "file": "/var/www/html/index.php",
          "line": 36,
          "function": "handleRequest",
          "class": "OC",
          "type": "::",
          "args": []
        }
      ],
      "File": "/var/www/html/lib/private/Authentication/Token/PublicKeyTokenProvider.php",
      "Line": 116
    },
    "CustomMessage": "--"
  }
}

In Keycloak the logs are fine. The tokens are created with the correct login.

We use NC 26 and oidc-login 2.6.0

If you need more informations or have some hints where we could find additional infos for debuging this error please let me know.

Greetings Tobias

pulsejet commented 1 year ago

This was fixed with NC 27 https://github.com/nextcloud/server/commit/6881d2f2f15976514cc52d6ea49ff09c5bb81d2b