Version 2.36.4 does not fix / can't upgrade Nextcloud

mmallejac commented 3 months ago

Hello !

I was excited to see the release of 2.36.4 but unfortunately it does not solve the #1602 issue :

on a Nextcloud + Snappy 2.36.1 instance, where Snappy login is fine (no need to fill in the main mail password)
upgraded Snappy to 2.36.4
Snappy mail password is now lost

I've tried to set back the password, both using Nextcloud (parameter / extra parameters) or using the occ snappymail:settings CLI, but it always fall down to the Snappy login screen, without the password.

The only way is then to fill in the mail password and check the 'remember me'. Problem is that most of our client's users do not have their mail password.

As a result we are unable to upgrade Nextcloud, since it would upgrade as well Snappymail. We could use a temp workaround: upgrade Nextcloud and all apps, then restore Snappymail to 2.36.1

I am also under the impression that upgrading Snappy from 2.36.3 to 2.36.4 brings the same issue: user has to fill in its main mail password.

What is the root cause of this ? I've read something about password decrypting key that gets lost, but I am not sure to fully understand.

the-djmaze commented 3 months ago

I've upgraded one instance from 25 way up to 29.0.3 and my logins always work.

Why SnappyMail removes the Nextcloud password setting has 1 main reason: Login fails

This prevents SnappyMail from attacking the IMAP server with failed login attempts (which could trigger fail2ban or other security implementations).

So to know why the login fails, you must analyze the logs for failed login attempts.

mmallejac commented 3 months ago

Thanks !

I've just done the following test on a demo/test instance :

instance is NC 27.1.9 with Snappy 2.36.1, using an account which has admin right
no mail configured yet, so I set up a domain, add a mail and activate debug
start Snappymail, all is fine, I have direct access to the mailbox, no login page
then using the NC app panel, I update only the Snappymail app 2.361 -> 2.36.4
back into Snappymail -> no more ok, I have the Snappymail login page

Then I wanted to see something in the Snappymail config panel -> blank page

In the log / debug file:

[2024-07-02 12:42:45.232][b802458b] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:313][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/]
[2024-07-02 12:42:45.236][b802458b] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:45.238][b802458b] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:45.250][b802458b] IMAP[INFO]: Start connection to "ssl://mail.infomaniak.com:993"
[2024-07-02 12:42:45.313][b802458b] IMAP[INFO]: Connect (success)
[2024-07-02 12:42:45.313][b802458b] IMAP[DEBUG]: 0.063448905944824 (raw connection)
[2024-07-02 12:42:45.354][b802458b] IMAP[INFO]: < * OK IMAP4 ready\r\n
[2024-07-02 12:42:45.355][b802458b] IMAP[DEBUG]: 0.10514187812805 (*)
[2024-07-02 12:42:45.355][b802458b] PLUGIN[INFO]: Hook: imap.before-login
[2024-07-02 12:42:45.355][b802458b] IMAP[INFO]: > TAG1 CAPABILITY\r\n
[2024-07-02 12:42:45.378][b802458b] IMAP[INFO]: < * CAPABILITY IMAP4rev1 UIDPLUS IDLE LITERAL + QUOTA AUTH=PLAIN AUTH=LOGIN\r\n
[2024-07-02 12:42:45.379][b802458b] IMAP[INFO]: < TAG1 OK completed\r\n
[2024-07-02 12:42:45.379][b802458b] IMAP[DEBUG]: 0.023704051971436 (TAG1)
[2024-07-02 12:42:45.380][b802458b] IMAP[INFO]: > TAG2 AUTHENTICATE PLAIN\r\n
[2024-07-02 12:42:45.404][b802458b] IMAP[INFO]: < + \r\n
[2024-07-02 12:42:45.404][b802458b] IMAP[DEBUG]: 0.024233102798462 (TAG2)
[2024-07-02 12:42:45.404][b802458b] IMAP[INFO]: > *******\r\n
[2024-07-02 12:42:46.445][b802458b] IMAP[INFO]: < TAG2 NO Invalid login or password\r\n
[2024-07-02 12:42:46.446][b802458b] IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException:  Invalid login or password in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(455): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('support@4next.c...', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1068): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(38): OC::handleRequest()
#14 {main}
[2024-07-02 12:42:46.446][b802458b] IMAP[NOTICE]: MailSo\Imap\Exceptions\NegativeResponseException:  Invalid login or password in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(455): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('support@4next.c...', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1068): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(38): OC::handleRequest()
#14 {main}
Next MailSo\Imap\Exceptions\LoginBadCredentialsException:  Invalid login or password in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php:232
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(455): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#4 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('support@4next.c...', Object(SnappyMail\SensitiveString))
#5 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#6 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OCA\SnappyMail\Controller\PageController->index()
#7 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#8 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#9 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#10 /var/www/html/lib/base.php(1068): OC\Route\Router->match('/apps/snappymai...')
#11 /var/www/html/index.php(38): OC::handleRequest()
#12 {main}
[2024-07-02 12:42:46.453][b802458b] Nextcloud[ERROR]: AuthError[102]
[2024-07-02 12:42:46.455][b802458b] PLUGIN[INFO]: Hook: filter.language
[2024-07-02 12:42:46.572][b802458b] [INFO]: Memory peak usage: 12MB
[2024-07-02 12:42:46.572][b802458b] [INFO]: Time delta: 1.3976299762726
[2024-07-02 12:42:46.573][b802458b] IMAP[INFO]: Disconnected from "ssl://mail.infomaniak.com:993" (success)
[2024-07-02 12:42:46.573][b802458b] IMAP[DEBUG]: 1.3227789402008 (net session)
[2024-07-02 12:42:49.261][40403699] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:328][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/?/AppData/0/6581952038827443/]
[2024-07-02 12:42:49.262][40403699] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:49.262][40403699] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:49.262][40403699] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:49.265][40403699] PLUGIN[INFO]: Hook: filter.language
[2024-07-02 12:42:49.265][40403699] PLUGIN[INFO]: Hook: filter.app-data
[2024-07-02 12:42:49.265][40403699] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:49.265][40403699] APPDATA[INFO]: {"Auth":false,"title":"Demo 4Next webmail 📫","loadingDescription":"Demo 4Next webmail 📫","Plugins":{"avatars":{"service":true,"delay":true}},"System":{"version":"2.36.4","token":"897fa5f148081def02c793312471cfa88c4f255d","languages":["ar","be","bg","cs","da","de","el","en","eo","es","et","eu","fa","fi","fr","hu","id","is","it","ja","ko","lt","lv","nb","nl","pl","pt","pt-BR","ro","ru","sk","sl","sv","tr","uk","vi","zh","zh-TW"],"webPath":"\/custom_apps\/snappymail\/app\/","webVersionPath":"\/custom_apps\/snappymail\/app\/snappymail\/v\/2.36.4\/"},"allowLanguagesOnLogin":true,"DevEmail":"support@4next.ch","DevPassword":"","signMe":0,"Theme":"NextcloudV25+","language":"fr","clientLanguage":"fr","PluginsLink":"Plugins\/0\/User\/1df7b12f0adf8b2143cc5c5feca5e8c1\/","StaticLibsJs":"\/custom_apps\/snappymail\/app\/snappymail\/v\/2.36.4\/static\/js\/libs.js","Nextcloud":{"UID":"adm4next","WebDAV":"https:\/\/demo.cloud.4next.ch\/remote.php\/dav","CalDAV":true}}
[2024-07-02 12:42:49.265][40403699] [INFO]: Memory peak usage: 6MB
[2024-07-02 12:42:49.265][40403699] [INFO]: Time delta: 0.041769027709961
[2024-07-02 12:42:51.337][a8981823] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:328][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/?/Plugins/0/User/1df7b12f0adf8b2143cc5c5feca5e8c1/]
[2024-07-02 12:42:51.338][a8981823] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:51.338][a8981823] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:51.338][a8981823] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:51.339][a8981823] [INFO]: Memory peak usage: 6MB
[2024-07-02 12:42:51.339][a8981823] [INFO]: Time delta: 0.028696060180664
[2024-07-02 12:42:51.501][64e3ea77] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:328][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/?/Css/0/User/-/NextcloudV25+/-/1719924171381/Hash/-/Json/]
[2024-07-02 12:42:51.501][64e3ea77] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:51.501][64e3ea77] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:51.502][64e3ea77] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:51.502][64e3ea77] [INFO]: Memory peak usage: 6MB
[2024-07-02 12:42:51.502][64e3ea77] [INFO]: Time delta: 0.024658918380737
^C

So maybe Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key ??

I see also that log time is in UTC timezone, not sure if this is a problem or not.

mmallejac commented 2 months ago

Hello !

Did you have any chance to look at this ? We just can't upgrade our Snappymail installations since all our users would loose their email authentication.

the-djmaze commented 1 month ago

The invalid $data or $key could be caused by changed .cryptkey values.

Maybe you can test:

rename _data_/_default_/storage to _data_/_default_/storage.bak
upgrade SnappyMail
try login

If it still fails i like to see the new logs.

the-djmaze / snappymail

Version 2.36.4 does not fix / can't upgrade Nextcloud #1648