search

the-djmaze / snappymail

Simple, modern & fast web-based email client
https://snappymail.eu
GNU Affero General Public License v3.0
1.04k stars 123 forks source link

Snappymail (nextcloud-app) forgets credentials after oidc-login #1728

Open SoleroTG opened 3 months ago

SoleroTG commented 3 months ago

Discussed in https://github.com/the-djmaze/snappymail/discussions/1713

Originally posted by **SoleroTG** August 17, 2024 **Description** As soon as I login in to nextcloud via an IdP instead of the internal nextcloud authentication stored email credentials to a mailbox vanish. **To Reproduce** 1. Login to nextcloud via nextcloud internal authentication. 2. Store credentials at `example.com/settings/user/additional` 3. Logout, login via nextcloud authentication and open snappymail → works 4. Logout, login via IdP. → Snappymail asks for password. **Expected behavior** Snappymail _remembers_ my credentials no matter how I log in. **Please complete the following information:** - Browser: firefox 129 - IMAP daemon: dovecot - PHP version: 8.2.2 - SnappyMail Version: 2.37.3 - Mode: nextcloud in docker - IdP: Authelia In order to provide more logs I did the following: 1. Log in without IdP and store credentials under `/settings/user/additional` 2. Verify the credentials work by starting the SnappyMail-nextcloud-app → works 3. Log out of nextcloud and login with IdP 4. Start the SnappyMail-nextcloud-app As before the login didn't work. I reproduced it with loglevel 4 and 7. In loglevel 4 ``` [2024-08-24 09:04:00.268][61951ff1] IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ResponseCollection.php:46 Stack trace: #0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate() #1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse() #2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings)) #3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager)) #4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application)) #5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true) #6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString)) #7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp() #8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index() #9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index') #10 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index') #11 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array) #12 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...') #13 /var/www/html/index.php(49): OC::handleRequest() #14 {main} [2024-08-24 09:04:00.272][61951ff1] Nextcloud[ERROR]: AuthError[102] ``` Same log but in level 7: ``` [2024-08-24 09:38:08.186][9f8f9ae8] [INFO]: [SM:2.37.2][IP:][PID:71][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/] [2024-08-24 09:38:08.188][9f8f9ae8] Nextcloud[DEBUG]: integrated [2024-08-24 09:38:08.190][9f8f9ae8] IMAP[INFO]: Start connection to "tcp://mda-dovecot:14300" [2024-08-24 09:38:08.191][9f8f9ae8] IMAP[INFO]: Connect (success) [2024-08-24 09:38:08.191][9f8f9ae8] IMAP[DEBUG]: 0.00075197219848633 (raw connection) [2024-08-24 09:38:08.197][9f8f9ae8] IMAP[INFO]: < * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.\r\n [2024-08-24 09:38:08.198][9f8f9ae8] IMAP[DEBUG]: 0.0077700614929199 (*) [2024-08-24 09:38:08.198][9f8f9ae8] PLUGIN[INFO]: Hook: imap.before-login [2024-08-24 09:38:08.198][9f8f9ae8] IMAP[INFO]: > TAG1 AUTHENTICATE PLAIN *******\r\n [2024-08-24 09:38:10.207][9f8f9ae8] IMAP[INFO]: < TAG1 NO [AUTHENTICATIONFAILED] Authentication failed.\r\n [2024-08-24 09:38:10.207][9f8f9ae8] IMAP[DEBUG]: 2.0089900493622 (TAG1) [2024-08-24 09:38:10.208][9f8f9ae8] IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ResponseCollection.php:46 Stack trace: #0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate() #1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse() #2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings)) #3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager)) #4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application)) #5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true) #6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString)) #7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp() #8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index() #9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index') #10 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index') #11 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array) #12 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...') #13 /var/www/html/index.php(49): OC::handleRequest() #14 {main} [2024-08-24 09:38:10.208][9f8f9ae8] IMAP[NOTICE]: MailSo\Imap\Exceptions\NegativeResponseException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ResponseCollection.php:46 Stack trace: #0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate() #1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse() #2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings)) #3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager)) #4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application)) #5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true) #6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString)) #7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp() #8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index() #9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index') #10 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index') #11 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array) #12 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...') #13 /var/www/html/index.php(49): OC::handleRequest() #14 {main} Next MailSo\Imap\Exceptions\LoginBadCredentialsException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php:232 Stack trace: #0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings)) #1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager)) #2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application)) #3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true) #4 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString)) #5 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp() #6 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index() #7 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index') #8 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index') #9 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array) #10 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...') #11 /var/www/html/index.php(49): OC::handleRequest() #12 {main} [2024-08-24 09:38:10.213][9f8f9ae8] Nextcloud[ERROR]: AuthError[102] [2024-08-24 09:38:10.213][9f8f9ae8] PLUGIN[INFO]: Hook: filter.language [2024-08-24 09:38:10.248][9f8f9ae8] [INFO]: Memory peak usage: 10MB [2024-08-24 09:38:10.248][9f8f9ae8] [INFO]: Time delta: 2.0985910892487 [2024-08-24 09:38:10.249][9f8f9ae8] IMAP[INFO]: Disconnected from "tcp://mda-dovecot:14300" (success) [2024-08-24 09:38:10.249][9f8f9ae8] IMAP[DEBUG]: 2.059406042099 (net session) [2024-08-24 09:38:10.365][464b38ac] [INFO]: [SM:2.37.2][IP:][PID:62][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/?/AppData/0/3481095053236738/] [2024-08-24 09:38:10.367][464b38ac] Nextcloud[DEBUG]: integrated [2024-08-24 09:38:10.367][464b38ac] Nextcloud[DEBUG]: snappymail-autologin is off [2024-08-24 09:38:10.368][464b38ac] PLUGIN[INFO]: Hook: filter.language [2024-08-24 09:38:10.368][464b38ac] PLUGIN[INFO]: Hook: filter.app-data [2024-08-24 09:38:10.368][464b38ac] Nextcloud[DEBUG]: snappymail-autologin is off [2024-08-24 09:38:10.369][464b38ac] [INFO]: Memory peak usage: 8MB [2024-08-24 09:38:10.369][464b38ac] [INFO]: Time delta: 0.039388179779053 [2024-08-24 09:38:10.839][ec227d7e] [INFO]: [SM:2.37.2][IP:][PID:1827][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/?/Plugins/0/User/5a2a69218199d20f8a577ebb45c69f37/] [2024-08-24 09:38:10.841][ec227d7e] Nextcloud[DEBUG]: integrated [2024-08-24 09:38:10.842][ec227d7e] Nextcloud[DEBUG]: snappymail-autologin is off [2024-08-24 09:38:10.844][ec227d7e] [INFO]: Memory peak usage: 10MB [2024-08-24 09:38:10.844][ec227d7e] [INFO]: Time delta: 0.12370896339417 [2024-08-24 09:38:10.955][51229ca6] [INFO]: [SM:2.37.2][IP:][PID:60][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/?/Css/0/User/-/NextcloudV25+/-/1724492290898/Hash/-/Json/] [2024-08-24 09:38:10.956][51229ca6] Nextcloud[DEBUG]: integrated [2024-08-24 09:38:10.957][51229ca6] Nextcloud[DEBUG]: snappymail-autologin is off [2024-08-24 09:38:10.959][51229ca6] [INFO]: Memory peak usage: 10MB [2024-08-24 09:38:10.959][51229ca6] [INFO]: Time delta: 0.042228937149048 ``` I tried to dig into the code, but my limited PHP skills didn't help much.
SoleroTG commented 3 months ago

I just validated that the behavior still exists in the current version 2.37.3 as nextcloud-app.

phoenixtechnam commented 2 months ago

Hi, I can confirm as well that this problem still exists for OIDC-provioned users (using the oidc_login plugin). I think the best way to go is to honor the credentials if set up in user settings and only try to use oauth2 when no credentials are saved.

I also deactivated "Attempt to automatically login with OIDC when active" in Snappymail Nextcloud settings, but it does not help.