Open tekhnee opened 3 years ago
Can you trace where the error is coming from? Can't repro, but I suspect this isn't related to this plugin.
@pulsejet I suspect so myself. Nonetheless I'd be grateful for guidance on how to trace. The NextCloud logs aren't particularly informative. Maybe inject some PHP var_dump
— but where?
UPDATE:
Unfortunately I don't have sufficient privileges to Xdebug this remotely. So rigorous tracing is not an option.
However I've been able to narrow down a little: the problem is triggered at the userinfo stage of the authentication process when the ownCloudGroups
claim is included. There is no issue with ownCloudQuota
.
The ownCloudGroups
claim is added to the userinfo token only. (The id and access tokens are irrelevant to this; adding the claim to them is inconsequential.)
I am using space-delimited strings as ownCloudGroups
field values.
Any ideas would be very much appreciated.
UPDATE 2
The exception is thrown by line line #388 of /lib/private/Activity/Manager.php.
UPDATE 3:
I might have traced the issue: the NextCloud Notifications app throws an exception whenever the OIDC plugin updates group membership.
Disabling the built-in Notifications app is the only solution I've found so far.
Maybe the issue is with the order of the user logging in and the groups changing? Strictly speaking, this is a bug somewhere upstream, though.
@pulsejet very likely upstream; to be honest I'm content with the current state of affairs. Feel free to investigate further or close if/as appropriate.
Let's keep it open, I want to investigate this when time permits.
Hi, I get the same error on a test setup with Keycloak user management and furthermore, when I add a brand new user to Keycloak, I have to reload the login page up to three times in order to get in. I hope that the following log may help! OTOH this might be a network bridge issue since I run this on podman on my laptop.
Error index Exception: 2023-10-23T15:12:44+00:00 OCA\Circles\Tools\Model\Request::setHost():
Argument #1 ($host) must be
of type string, null given,
called in
/var/www/html/apps/circles/lib/Tools/Model/Request.php
on line 296 in file
'/var/www/html/apps/circles/lib/Tools/Model/Request.php'
line 206 at
lib/private/AppFramework/Http/Dispatcher.php
line 1690. .../App.php line 183 OC\AppFramework\Http\Dispatcher->dispatch( ["OCA\\OIDCLogin\\C ... "], ... c" ) 1. .../Router.php line 315 OC\AppFramework\App::main( "OCA\\OIDCLogin\\Controller\\Logi ... r", ... c", ["OC\\AppFramework\\DependencyInjection\\D ... "], ["oidc_login. ... "] ) 2. .../base.php line 1068 OC\Route\Router->match( "\/apps\/oidc_log ... c" ) 3. index.php line 36 OC::handleRequest( ) Caused by TypeError: OCA\Circles\Tools\Model\Request::setHost(): Argument #1 ($host) must be of type string, null given, called in /var/www/html/apps/circles/lib/Tools/Model/Request.php on line 296 at apps/circles/lib/Tools/Model/Request.php line 206 0. .../Request.php line 296 OCA\Circles\Tools\Model\Request->setHost( ... ll ) 1. .../ConfigService.php line 737 OCA\Circles\Tools\Model\Request->basedOnUrl( "http:\/apps\/circles\/async\/979d39f2 ... /" ) 2. .../FederatedEventService.php line 434 OCA\Circles\Service\ConfigService->configureLoopbackRequest( ... "], ... t", ... "] ) 3. .../FederatedEventService.php line 188 OCA\Circles\Service\FederatedEventService->initBroadcast( ["OCA\ ... "] ) 4. .../SyncService.php line 454 OCA\Circles\Service\FederatedEventService->newEvent( ["OCA\\Circ ... "] ) 5. .../GroupMemberAdded.php line 71 OCA\Circles\Service\SyncService->groupMemberAdded( ... a", ... u" ) 6. .../ServiceEventListener.php line 86 OCA\Circles\Listeners\GroupMemberAdded->handle( ["OC ... "] ) 7. .../EventDispatcher.php line 251 OC\EventDispatcher\ServiceEventListener->__invoke( [ ... "], ... t", ["Symfony\\Componen ... "] ) 8. .../EventDispatcher.php line 73 Symfony\Component\EventDispatcher\EventDispatcher->callListeners( ... ]], ... t", ... "] ) 9. .../EventDispatcher.php line 94 Symfony\Component\EventDispatcher\EventDispatcher->dispatch( ... "], ... t" ) 10. .../EventDispatcher.php line 106 OC\EventDispatcher\EventDispatcher->dispatch( "OCP ... t", ["OCP\ ... "] ) 11. .../Server.php line 530 OC\EventDispatcher\EventDispatcher->dispatchTyped( [ ... "] ) 12. <<closure>> OC\Server->OC\{closure}( "*** sensitive parameters re ... *" ) 13. .../EmitterTrait.php line 105 call_user_func_array( ["C ... "], ["*** sensitive parameters replaced ***","*** sensitive parameters replac ... "] ) 14. .../PublicEmitter.php line 40 OC\Hooks\BasicEmitter->emit( ... p", ... r", ["*** sensitive parameters replaced ***","*** sensitive parameters ... "] ) 15. .../Group.php line 202 OC\Hooks\PublicEmitter->emit( ... p", ... r", ["*** sensitive parameters replaced ***","*** sensitive parameter ... "] ) 16. .../LoginService.php line 527 OC\Group\Group->addUser( "*** sensitive parameters re ... *" ) 17. .../LoginService.php line 170 OCA\OIDCLogin\Service\LoginService->updateUserGroups( ... *" ) 18. .../LoginController.php line 147 OCA\OIDCLogin\Service\LoginService->login( "*** sensi ... *" ) 19. .../LoginController.php line 123 OCA\OIDCLogin\Controller\LoginController->login( "*** ... *" ) 20. .../LoginController.php line 102 OCA\OIDCLogin\Controller\LoginController->authSuccess( ... *" ) 21. .../Dispatcher.php line 230 OCA\OIDCLogin\Controller\LoginController->oidc( ) 22. .../Dispatcher.php line 137 OC\AppFramework\Http\Dispatcher->executeController( ["OCA\\OI ... "], ... c" ) 23. .../App.php line 183 OC\AppFramework\Http\Dispatcher->dispatch( ["OCA\\OIDCLogin\\ ... "], ... c" ) 24. .../Router.php line 315 OC\AppFramework\App::main( "OCA\\OIDCLogin\\Controller\\Log ... r", ... c", ["OC\\AppFramework\\DependencyInjection\\ ... "], ["oidc_login ... "] ) 25. .../base.php line 1068 OC\Route\Router->match( "\/apps\/oidc_lo ... c" ) 26. index.php line 36 OC::handleRequest( )
Update: as indicated by the error message, it is the Circles app that conflicts with group management through Keycloak. I had to disable it.
Having followed the instructions in
README.md
, and verified that the KeyCloak-generated access token includes a properly populatedownCloudGroups
attribute, here is the sequence of events:ownCloudGroups
attribute is modified on the KeyCloak backend.ownCloudGroups
attribute is modified again).Thoughts?