pulsejet
commented
3 years ago Can you trace where the error is coming from? Can't repro, but I suspect this isn't related to this plugin.
Open tekhnee opened 3 years ago
pulsejet
commented
3 years ago Can you trace where the error is coming from? Can't repro, but I suspect this isn't related to this plugin.
tekhnee
commented
3 years ago @pulsejet I suspect so myself. Nonetheless I'd be grateful for guidance on how to trace. The NextCloud logs aren't particularly informative. Maybe inject some PHP var_dump — but where?
tekhnee
commented
3 years ago UPDATE:
Unfortunately I don't have sufficient privileges to Xdebug this remotely. So rigorous tracing is not an option.
However I've been able to narrow down a little: the problem is triggered at the userinfo stage of the authentication process when the ownCloudGroups claim is included. There is no issue with ownCloudQuota.
The ownCloudGroups claim is added to the userinfo token only. (The id and access tokens are irrelevant to this; adding the claim to them is inconsequential.)
I am using space-delimited strings as ownCloudGroups field values.
Any ideas would be very much appreciated.
tekhnee
commented
3 years ago UPDATE 2
The exception is thrown by line line #388 of /lib/private/Activity/Manager.php.
tekhnee
commented
3 years ago UPDATE 3:
I might have traced the issue: the NextCloud Notifications app throws an exception whenever the OIDC plugin updates group membership.
Disabling the built-in Notifications app is the only solution I've found so far.
pulsejet
commented
3 years ago Maybe the issue is with the order of the user logging in and the groups changing? Strictly speaking, this is a bug somewhere upstream, though.
tekhnee
commented
3 years ago @pulsejet very likely upstream; to be honest I'm content with the current state of affairs. Feel free to investigate further or close if/as appropriate.
pulsejet
commented
3 years ago Let's keep it open, I want to investigate this when time permits.
cfenell
commented
10 months ago Hi, I get the same error on a test setup with Keycloak user management and furthermore, when I add a brand new user to Keycloak, I have to reload the login page up to three times in order to get in. I hope that the following log may help! OTOH this might be a network bridge issue since I run this on podman on my laptop.
Error index Exception: 2023-10-23T15:12:44+00:00 OCA\Circles\Tools\Model\Request::setHost():
Argument #1 ($host) must be
of type string, null given,
called in
/var/www/html/apps/circles/lib/Tools/Model/Request.php
on line 296 in file
'/var/www/html/apps/circles/lib/Tools/Model/Request.php'
line 206 at
lib/private/AppFramework/Http/Dispatcher.php
line 1690. .../App.php line 183 OC\AppFramework\Http\Dispatcher->dispatch( ["OCA\\OIDCLogin\\C ... "], ... c" ) 1. .../Router.php line 315 OC\AppFramework\App::main( "OCA\\OIDCLogin\\Controller\\Logi ... r", ... c", ["OC\\AppFramework\\DependencyInjection\\D ... "], ["oidc_login. ... "] ) 2. .../base.php line 1068 OC\Route\Router->match( "\/apps\/oidc_log ... c" ) 3. index.php line 36 OC::handleRequest( ) Caused by TypeError: OCA\Circles\Tools\Model\Request::setHost(): Argument #1 ($host) must be of type string, null given, called in /var/www/html/apps/circles/lib/Tools/Model/Request.php on line 296 at apps/circles/lib/Tools/Model/Request.php line 206 0. .../Request.php line 296 OCA\Circles\Tools\Model\Request->setHost( ... ll ) 1. .../ConfigService.php line 737 OCA\Circles\Tools\Model\Request->basedOnUrl( "http:\/apps\/circles\/async\/979d39f2 ... /" ) 2. .../FederatedEventService.php line 434 OCA\Circles\Service\ConfigService->configureLoopbackRequest( ... "], ... t", ... "] ) 3. .../FederatedEventService.php line 188 OCA\Circles\Service\FederatedEventService->initBroadcast( ["OCA\ ... "] ) 4. .../SyncService.php line 454 OCA\Circles\Service\FederatedEventService->newEvent( ["OCA\\Circ ... "] ) 5. .../GroupMemberAdded.php line 71 OCA\Circles\Service\SyncService->groupMemberAdded( ... a", ... u" ) 6. .../ServiceEventListener.php line 86 OCA\Circles\Listeners\GroupMemberAdded->handle( ["OC ... "] ) 7. .../EventDispatcher.php line 251 OC\EventDispatcher\ServiceEventListener->__invoke( [ ... "], ... t", ["Symfony\\Componen ... "] ) 8. .../EventDispatcher.php line 73 Symfony\Component\EventDispatcher\EventDispatcher->callListeners( ... ]], ... t", ... "] ) 9. .../EventDispatcher.php line 94 Symfony\Component\EventDispatcher\EventDispatcher->dispatch( ... "], ... t" ) 10. .../EventDispatcher.php line 106 OC\EventDispatcher\EventDispatcher->dispatch( "OCP ... t", ["OCP\ ... "] ) 11. .../Server.php line 530 OC\EventDispatcher\EventDispatcher->dispatchTyped( [ ... "] ) 12. <<closure>> OC\Server->OC\{closure}( "*** sensitive parameters re ... *" ) 13. .../EmitterTrait.php line 105 call_user_func_array( ["C ... "], ["*** sensitive parameters replaced ***","*** sensitive parameters replac ... "] ) 14. .../PublicEmitter.php line 40 OC\Hooks\BasicEmitter->emit( ... p", ... r", ["*** sensitive parameters replaced ***","*** sensitive parameters ... "] ) 15. .../Group.php line 202 OC\Hooks\PublicEmitter->emit( ... p", ... r", ["*** sensitive parameters replaced ***","*** sensitive parameter ... "] ) 16. .../LoginService.php line 527 OC\Group\Group->addUser( "*** sensitive parameters re ... *" ) 17. .../LoginService.php line 170 OCA\OIDCLogin\Service\LoginService->updateUserGroups( ... *" ) 18. .../LoginController.php line 147 OCA\OIDCLogin\Service\LoginService->login( "*** sensi ... *" ) 19. .../LoginController.php line 123 OCA\OIDCLogin\Controller\LoginController->login( "*** ... *" ) 20. .../LoginController.php line 102 OCA\OIDCLogin\Controller\LoginController->authSuccess( ... *" ) 21. .../Dispatcher.php line 230 OCA\OIDCLogin\Controller\LoginController->oidc( ) 22. .../Dispatcher.php line 137 OC\AppFramework\Http\Dispatcher->executeController( ["OCA\\OI ... "], ... c" ) 23. .../App.php line 183 OC\AppFramework\Http\Dispatcher->dispatch( ["OCA\\OIDCLogin\\ ... "], ... c" ) 24. .../Router.php line 315 OC\AppFramework\App::main( "OCA\\OIDCLogin\\Controller\\Log ... r", ... c", ["OC\\AppFramework\\DependencyInjection\\ ... "], ["oidc_login ... "] ) 25. .../base.php line 1068 OC\Route\Router->match( "\/apps\/oidc_lo ... c" ) 26. index.php line 36 OC::handleRequest( )
cfenell
commented
10 months ago Update: as indicated by the error message, it is the Circles app that conflicts with group management through Keycloak. I had to disable it.
Having followed the instructions in
README.md, and verified that the KeyCloak-generated access token includes a properly populatedownCloudGroupsattribute, here is the sequence of events:ownCloudGroupsattribute is modified on the KeyCloak backend.ownCloudGroupsattribute is modified again).Thoughts?