Re-Login doesn't work with (old) ownCloud servers

[csware]

Expected behaviour

I use the Nextcloud Client to sync with my nextcloud instance and onother old owncloud instance.

Recently the app token for the owncloud instance was revoked or got lost. Not I cannot log in again to that instance.

I expect that a dialog opens where I can enter my credentials (the very same dialog which appears when I add a new account for an old owncloud server).

Actual behaviour

When I click on Log-in I get a dialog where I see the error "Error acceccing the token endpoint: ... server replied: Precondition failed". Below there are two options "Open browser again" and "Copy link", both are not working.

When I try to add another account for that server I am correctly asked for my credentials by the nextcloud client.

How can I log in to that account again? (even very hacky methods are welcome)

Steps to reproduce

1. Expire/revoke/delete an app token.
2. Nextcloud client recognizes that the user is logged out.
3. Click on Log-in in Nextcloud client

Client configuration

Client version: 2.6.4stable-Win64 (build 20200303)

Operating system: Win10 1909 x64

OS language: German

Server configuration

Owncloud version: 9.1.6 (stable) (yes, that'S very old, but not under my control)

Logs

Please use Gist (https://gist.github.com/) or a similar code paster for longer
logs.

1. Client logfile:

[OCC::AccountState::setState 	AccountState state change:  "Abgemeldet" -> "Getrennt"
[OCC::WebFlowCredentials::createQNAM 	Get QNAM
[OCC::FolderMan::slotAccountStateChanged 	Account "USERNAME@SERVER" disconnected or paused, terminating or descheduling sync folders
[OCC::AccessManager::createRequest 	2 "" "https://SERVER/status.php" has X-Request-ID "4c2e28e2-a887-4e36-8caf-ff6d1a48174b"
[OCC::AbstractNetworkJob::start 	OCC::CheckServerJob created for "https://SERVER" + "status.php" "OCC::ConnectionValidator"
[OCC::WebFlowCredentials::slotFinished 	request finished
[OCC::CheckServerJob::finished 	status.php returns:  QJsonDocument({"edition":"","installed":true,"maintenance":false,"version":"9.1.6.2","versionstring":"9.1.6"})   QNetworkReply::NoError  Reply:  QNetworkReplyHttpImpl(0x1efe1e61c10)
[OCC::ConnectionValidator::slotStatusFound 	** Application: ownCloud found:  QUrl("https://SERVER")  with version  "9.1.6" ( "9.1.6.2" )
[OCC::ConnectionValidator::setAndCheckServerVersion 	QUrl("https://SERVER") has server version "9.1.6.2"
[OCC::AccountState::slotConnectionValidatorResult 	AccountState connection status change:  OCC::ConnectionValidator::Undefined -> OCC::ConnectionValidator::CredentialsNotReady
[OCC::AccountState::handleInvalidCredentials 	Invalid credentials for "https://SERVER" asking user
[OCC::AccountState::setState 	AccountState state change:  "Getrennt" -> "Zugangsdaten werden abgefragt"
[OCC::FolderMan::slotAccountStateChanged 	Account "USERNAME@SERVER" disconnected or paused, terminating or descheduling sync folders
[OCC::DetermineAuthTypeJob::start 	Determining auth type for QUrl("https://SERVER/remote.php/webdav/")
[OCC::AccessManager::createRequest 	2 "" "https://SERVER/remote.php/webdav/" has X-Request-ID "d18a825a-cf7c-43c0-bdc3-d5109a575504"
[OCC::AbstractNetworkJob::start 	OCC::SimpleNetworkJob created for "https://SERVER" + "" "OCC::Account"
[OCC::AccessManager::createRequest 	6 "PROPFIND" "https://SERVER/remote.php/webdav/" has X-Request-ID "8a891e7c-4e47-459c-8309-348f9bba53f9"
[OCC::AbstractNetworkJob::start 	OCC::SimpleNetworkJob created for "https://SERVER" + "" "OCC::Account"
[OCC::AccessManager::createRequest 	2 "" "https://SERVER/ocs/v2.php/cloud/capabilities?format=json" has X-Request-ID "c7447bf9-87aa-4ecd-9972-f82dee9afa08"
[OCC::AbstractNetworkJob::start 	OCC::JsonApiJob created for "https://SERVER" + "/ocs/v2.php/cloud/capabilities" "OCC::DetermineAuthTypeJob"
[OCC::WebFlowCredentials::slotFinished 	request finished
[OCC::WebFlowCredentials::stillValid 	QNetworkReply::AuthenticationRequiredError
[OCC::WebFlowCredentials::stillValid 	"Der Host verlangt eine Authentifizierung"
[OCC::WebFlowCredentials::slotFinished 	request finished
[OCC::WebFlowCredentials::stillValid 	QNetworkReply::AuthenticationRequiredError
[OCC::WebFlowCredentials::stillValid 	"Der Host verlangt eine Authentifizierung"
[OCC::WebFlowCredentials::slotFinished 	request finished
[OCC::WebFlowCredentials::stillValid 	QNetworkReply::AuthenticationRequiredError
[OCC::WebFlowCredentials::stillValid 	"Der Host verlangt eine Authentifizierung"
[OCC::JsonApiJob::finished 	JsonApiJob of QUrl("https://SERVER/ocs/v2.php/cloud/capabilities?format=json") FINISHED WITH STATUS "AuthenticationRequiredError Der Host verlangt eine Authentifizierung"
[OCC::JsonApiJob::finished 	Network error:  "/ocs/v2.php/cloud/capabilities" "Der Host verlangt eine Authentifizierung" QVariant(int, 401)
[OCC::DetermineAuthTypeJob::checkAllDone 	Auth type for QUrl("https://SERVER/remote.php/webdav/") is 0
[unknown 	QLayout: Attempting to add QLayout "" to OCC::WebFlowCredentialsDialog "", which already has a layout
[OCC::AccessManager::createRequest 	4 "" "https://SERVER/index.php/login/v2" has X-Request-ID "befaaaab-da10-4baf-87ca-b3258982203d"
[OCC::AbstractNetworkJob::start 	OCC::SimpleNetworkJob created for "https://SERVER" + "" "OCC::Account"
[OCC::WebFlowCredentials::slotFinished 	request finished
[OCC::AbstractNetworkJob::slotFinished 	Redirecting "POST" QUrl("https://SERVER/index.php/login/v2") QUrl("https://SERVER/index.php/login")
[OCC::AccessManager::createRequest 	4 "" "https://SERVER/index.php/login" has X-Request-ID "e57df2de-e361-4d3b-9c20-cccd3ba0cd5a"
[OCC::WebFlowCredentials::slotFinished 	request finished
[OCC::AbstractNetworkJob::slotFinished 	QNetworkReply::UnknownContentError "Server hat \"412 Precondition failed\" auf \"POST https://SERVER/index.php/login\" geantwortet" QVariant(int, 412)
[OCC::WebFlowCredentials::stillValid 	QNetworkReply::UnknownContentError
[OCC::WebFlowCredentials::stillValid 	"Error transferring https://SERVER/index.php/login - server replied: Precondition failed"
[OCC::Flow2Auth::fetchNewToken::::operator() 	Error when getting the loginUrl QJsonObject({"error":null,"message":"CSRF check failed"}) "Fehler beim Zugriff auf den 'Token'-Endpunkt: <br><em>Error transferring https://SERVER/index.php/login - server replied: Precondition failed</em>"

[er-vin]

I suspect that's because your very old ownCloud instance doesn't support the new login flow... even the ownCloud client stopped supporting it. I doubt much can be done about that. For the time being you could try to make you own build of the client with shibboleth support but that code will be canned soon (has its own implication on install payload and so on).

[csware]

When I connect to the very same ownCloud instance using "Add account" it still works. That's the reason why I consider this a regression.

[csware]

Some new findings:
When I add a new connection I see 0\authType=http and 0\http_user=XXX in %APPDATA%\Nextcloud\Nextcloud.cf and on my system where the issues arises authType is currently set to webflow.

What bothers me is that even if I manually change webflow to http the Nextcloud client automatically reverts to webflow. So this does not help, any idea why?

On my testmachine I can successfully logout and login again in the Nextcloud client.

[csware]

This issue only seems to occurr if at least one account with webflow is configured.

What does not work:

1. Stop Nextcloud client
2. Change webflow to http in Nextcloud.cfg
3. Manually create an entry in Windows Credential Manager using the format Nextcloud_USERNAME:https://SERVERNAME/:1 (because the username needs to be empty, this cannot be done using the Windows UI)?!

What does work, however, really evil:

1. Stop Nextcloud client
2. Backup Nextcloud.cfg
3. Delete Nextcloud.cfg
4. Add accounts as needed (until you get the right ID in Nextcloud.cfg, I always used the very same account w/o setting up any sync folders)
5. Drop unneeded accounts in the client again
6. Close Nextcloud client
7. Restore backup of Nextcloud.cfg and voila

[csware]

Easier fix:

1. Stop Nextcloud client
2. Delete the authType line for the affected account
3. Start Nextcloud client
4. Re-Login to the account

Also, when I click on Logout and try to re-login again the authType is set to webflow again.

[csware]

The reason might be https://github.com/nextcloud/desktop/blob/712869d/src/gui/accountmanager.cpp#L257

[er-vin]

I see now I understand better. Indeed it looks related to the migration you spotted... I guess we could complete that by not migrating if the server version is too old. Would have to look for which versions of both servers support webflow or not. Indeed we really only have the version and not the server type.

[jangop]

Should I open an additional issue for “Open browser again” and “Copy link” being unresponsive, or it that considered part of this issue? @er-vin

To clarify. Clicking either of the two options brings up a note “Starting authorization...” that stays on screen for but a moment, but then nothing happens. This also means that no “link” is being copied:

Btw, this issue is related to #1915.

[er-vin]

Should I open an additional issue for “Open browser again” and “Copy link” being unresponsive, or it that considered part of this issue? @er-vin

To clarify. Clicking either of the two options brings up a note “Starting authorization...” that stays on screen for but a moment, but then nothing happens. This also means that no “link” is being copied:

Btw, this issue is related to #1915.

I don't think a new ticket is needed for this. It's pretty much due to the Bad Request so there's nothing to open or copy in such a case.

[jangop]

I don't think a new ticket is needed for this. It's pretty much due to the Bad Request so there's nothing to open or copy in such a case.

I agree. However, the interface is mishandling the communication of said request with regards to the user. A buttons that does nothing is a bug in its own right.

[er-vin]

Yes, it is clearly misleading in that case. Still in that case it would go away if the root cause was handled.

[hoehnp]

sorry for bumping, but is there any activity in this issue? I think for students at German universities it would be very valuable.

[paroj]

I guess we could complete that by not migrating if the server version is too old.

that would be an improvement, as currently one needs to edit nextcloud.cfg after each restart..

[ifrh]

Did not work with Nextcloud client version 3.8.0, too.

Adding as new account after deleting the account, shows that the server is running Version 10.12.0.6.

[ifrh]

Did not work with Nextcloud client version 3.8.0, too.

Workaround, that is deleting authtype line from nextcloud.cfg, mentioned in June 2020 in #2111 (comment) , allows re-using SCIEBO-cloud between two starts of nextcloud client 3.8.0.

It seems to me, that setting authtype=webflow is not allowed for clients to communicate with SCIEBO-Server

[bernd-wechner]

I'm getting this message too on a virgin install of Nextcloud 27, and newly downloaded desktop client (appImage)

"Could not parse the JSON returned from the server: illegal value"

here is my nextcloud.cfg, no account info at all or authtype.

[General]
clientVersion=3.10.0 (build 17672)
confirmExternalStorage=true
isVfsEnabled=false
logToTemporaryLogDir=true
newBigFolderSizeLimit=500
optionalDesktopNotifications=true
optionalServerNotifications=true
showInExplorerNavigationPane=true
updateSegment=45
useNewBigFolderSizeLimit=false

[Accounts]
version=2

[ActivityListHeader]
geometry=@ByteArray(\0\0\0\xff\0\0\0\0\0\0\0\x1\0\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x6\xfa\0\0\0\x5\x1\0\0\x1\0\0\0\0\0\0\0\0\0\0\0\0\x64\xff\xff\xff\xff\0\0\0\x81\0\0\0\0\0\0\0\x5\0\0\0\x81\0\0\0\x1\0\0\0\0\0\0\x4h\0\0\0\x1\0\0\0\0\0\0\x1M\0\0\0\x1\0\0\0\0\0\0\0\x64\0\0\0\x1\0\0\0\0\0\0\0`\0\0\0\x1\0\0\0\0\0\0\x3\xe8\0\xff\xff\xff\xff)

[LogBrowser]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x6\xb9\0\0\x3\xc1\0\0\n\xf0\0\0\x4\xf0\0\0\x6\xba\0\0\x3\xd7\0\0\n\xef\0\0\x4\xef\0\0\0\0\0\0\0\0\a\x80\0\0\x6\xba\0\0\x3\xd7\0\0\n\xef\0\0\x4\xef)

[Proxy]
type=2

[Settings]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x1\xbd\0\0\x1\xfa\0\0\b\xaa\0\0\x6$\0\0\x1\xbd\0\0\x2\x16\0\0\b\xaa\0\0\x6$\0\0\0\0\0\0\0\0\xf\0\0\0\x1\xbd\0\0\x2\x16\0\0\b\xaa\0\0\x6$)

[SharingDialog]
geometry=@ByteArray(\x1\xd9\xd0\xcb\0\x3\0\0\0\0\x6\x44\0\0\x3o\0\0\a\xc8\0\0\x4V\0\0\x6\x45\0\0\x3\x85\0\0\a\xc7\0\0\x4U\0\0\0\0\0\0\0\0\a\x80\0\0\x6\x45\0\0\x3\x85\0\0\a\xc7\0\0\x4U)