Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nextcloud 14.0.1.1 login is broken for passwords longer than 214 bytes #11438

Open
bodograumann opened this issue Sep 28, 2018 · 20 comments

Comments

Projects
None yet
10 participants
@bodograumann
Copy link

commented Sep 28, 2018

This morning I did an update of nextcloud with php updater.phar --no-interaction.
Unfortunately since then nextcloud only returns an internal server error. The log says:

{
	"reqId":"N7p0B9Sx8jkHbjXyT6IO",
	"level":3,
	"time":"2018-09-28T15:24:45+00:00",
	"remoteAddr":"92.116.121.156",
	"user":"--",
	"app":"index",
	"method":"GET",
	"url":"\/",
	"message":{
		"Exception":"TypeError",
		"Message":"base64_encode() expects parameter 1 to be string, null given",
		"Code":0,
		"Trace":[
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":241,"function":"base64_encode","args":[null]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":307,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":270,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","bodo","bodo","*** sensitive parameter replaced ***","Mozilla\/5.0 (Windows NT 10.0; Win64; x64 AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/52.0.2743.116 Safari\/537.36 Edge\/15.15063",0,0]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":2015,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":578,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":763,"function":"loginWithToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/base.php","line":1031,"function":"tryTokenLogin","class":"OC\\User\\Session","type":"->","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/base.php","line":976,"function":"handleLogin","class":"OC","type":"::","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}
		],
		"File":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php",
		"Line":241,
		"CustomMessage":"--"
	},
	"userAgent":"Mozilla\/5.0 (Windows NT 6.3) AppleWebKit\/537.36 (KHTML, like Gecko Chrome\/70.0.3538.5 Safari\/537.36",
	"version":"14.0.1.1"
}

Server configuration

Operating system:
Ubuntu 16.04 LTS

Web server:
Apache 2.4.18

Database:
MariaDB

PHP version:
php-7.0.32-0ubuntu0.16.04.1

Nextcloud version: (see Nextcloud admin page)
14.0.1.1

List of activated apps:

App list Enabled: - accessibility: 1.0.1 - activity: 2.7.0 - bookmarks: 0.13.0 - bruteforcesettings: 1.1.0 - calendar: 1.6.2 - cloud_federation_api: 0.0.1 - comments: 1.4.0 - contacts: 2.1.6 - dav: 1.6.0 - federatedfilesharing: 1.4.0 - federation: 1.4.0 - files: 1.9.0 - files_pdfviewer: 1.3.2 - files_sharing: 1.6.2 - files_texteditor: 2.6.0 - files_trashbin: 1.4.1 - files_versions: 1.7.1 - files_videoplayer: 1.3.0 - firstrunwizard: 2.3.0 - gallery: 18.1.0 - logreader: 2.0.0 - lookup_server_connector: 1.2.0 - mail: 0.10.0 - news: 13.0.1 - nextcloud_announcements: 1.3.0 - notifications: 2.2.1 - oauth2: 1.2.1 - password_policy: 1.4.0 - provisioning_api: 1.4.0 - serverinfo: 1.4.0 - sharebymail: 1.4.0 - support: 1.0.0 - survey_client: 1.2.0 - systemtags: 1.4.0 - theming: 1.5.0 - twofactor_backupcodes: 1.3.1 - updatenotification: 1.4.1 - workflowengine: 1.4.0 Disabled: - admin_audit - encryption - files_external - tasks - user_external - user_ldap

Nextcloud configuration:

Config report { "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "next.grmnn.de" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "14.0.1.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "maintenance": false, "theme": "", "loglevel": 0, "mysql.utf8mb4": true, "mail_smtpmode": "php", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***" }, "apps": { "accessibility": { "enabled": "yes", "installed_version": "1.0.1", "types": "" }, "activity": { "enabled": "yes", "installed_version": "2.7.0", "types": "filesystem" }, "backgroundjob": { "lastjob": "255" }, "bookmarks": { "enabled": "yes", "installed_version": "0.13.0", "types": "" }, "bruteforcesettings": { "enabled": "yes", "installed_version": "1.1.0", "types": "" }, "calendar": { "enabled": "yes", "installed_version": "1.6.2", "types": "" }, "cloud_federation_api": { "enabled": "yes", "installed_version": "0.0.1", "types": "filesystem" }, "comments": { "enabled": "yes", "installed_version": "1.4.0", "types": "logging" }, "contacts": { "enabled": "yes", "installed_version": "2.1.6", "types": "" }, "core": { "backgroundjobs_mode": "cron", "installed.bundles": "[\"CoreBundle\"]", "installedat": "1494521336.5784", "lastcron": "1538148633", "lastupdateResult": "[]", "lastupdatedat": "1538115343", "moveavatarsdone": "yes", "oc.integritycheck.checker": "{\"news\":{\"FILE_MISSING\":{\"vendor\\\/ezyang\\\/htmlpurifier\\\/maintenance\\\/.htaccess\":{\"expected\":\"4d51270ac56b1600199cd52c4f0fc34171bb306db59761863c87978049b771a053ebb80c8dda03b4d98bf5e43361ec0e1e1d2ad4b01fc315fb809b40acd23843\",\"current\":\"\"}}}}", "previewsCleanedUp": "1", "public_files": "files_sharing\/public.php", "public_webdav": "dav\/appinfo\/v1\/publicwebdav.php", "scss.variables": "84cfcb9d5861e1f5620e38d6f8245843", "updater.secret.created": "1521675954", "vendor": "nextcloud" }, "dav": { "buildCalendarSearchIndex": "yes", "enabled": "yes", "installed_version": "1.6.0", "types": "filesystem" }, "direct_menu": { "enabled": "no", "installed_version": "0.10.2", "types": "" }, "federatedfilesharing": { "enabled": "yes", "installed_version": "1.4.0", "types": "" }, "federation": { "enabled": "yes", "installed_version": "1.4.0", "types": "authentication" }, "files": { "cronjob_scan_files": "500", "enabled": "yes", "installed_version": "1.9.0", "types": "filesystem" }, "files_pdfviewer": { "enabled": "yes", "installed_version": "1.3.2", "types": "" }, "files_sharing": { "enabled": "yes", "installed_version": "1.6.2", "types": "filesystem" }, "files_texteditor": { "enabled": "yes", "installed_version": "2.6.0", "types": "" }, "files_trashbin": { "enabled": "yes", "installed_version": "1.4.1", "types": "filesystem,dav" }, "files_versions": { "enabled": "yes", "installed_version": "1.7.1", "types": "filesystem,dav" }, "files_videoplayer": { "enabled": "yes", "installed_version": "1.3.0", "types": "" }, "firstrunwizard": { "enabled": "yes", "installed_version": "2.3.0", "types": "logging" }, "gallery": { "enabled": "yes", "installed_version": "18.1.0", "types": "" }, "logreader": { "enabled": "yes", "installed_version": "2.0.0", "levels": "11111", "ocsid": "170871", "types": "" }, "lookup_server_connector": { "enabled": "yes", "installed_version": "1.2.0", "types": "authentication" }, "mail": { "enabled": "yes", "installed_version": "0.10.0", "types": "" }, "news": { "enabled": "yes", "installed_version": "13.0.1", "types": "" }, "nextcloud_announcements": { "enabled": "yes", "installed_version": "1.3.0", "pub_date": "Sat, 10 Dec 2016 00:00:00 +0100", "types": "logging" }, "notifications": { "enabled": "yes", "installed_version": "2.2.1", "types": "logging" }, "oauth2": { "enabled": "yes", "installed_version": "1.2.1", "types": "authentication" }, "password_policy": { "enabled": "yes", "installed_version": "1.4.0", "types": "" }, "provisioning_api": { "enabled": "yes", "installed_version": "1.4.0", "types": "prevent_group_restriction" }, "serverinfo": { "enabled": "yes", "installed_version": "1.4.0", "types": "" }, "sharebymail": { "enabled": "yes", "installed_version": "1.4.0", "types": "filesystem" }, "support": { "enabled": "yes", "installed_version": "1.0.0", "types": "" }, "survey_client": { "enabled": "yes", "installed_version": "1.2.0", "types": "" }, "systemtags": { "enabled": "yes", "installed_version": "1.4.0", "types": "logging" }, "tasks": { "enabled": "no", "installed_version": "0.9.6", "ocsid": "164356", "types": "" }, "theming": { "enabled": "yes", "installed_version": "1.5.0", "types": "logging" }, "twofactor_backupcodes": { "enabled": "yes", "installed_version": "1.3.1", "types": "" }, "updatenotification": { "bookmarks": "0.12.2", "bruteforcesettings": "1.1.0", "calendar": "1.6.1", "contacts": "2.1.5", "core": "13.0.6.1", "enabled": "yes", "files_pdfviewer": "1.2.1", "installed_version": "1.4.1", "mail": "0.8.3", "news": "12.0.4", "notify_groups": "[\"admin\",\"maintenance\"]", "tasks": "0.9.7", "theming": "1.4.5", "types": "", "update_check_errors": "0" }, "workflowengine": { "enabled": "yes", "installed_version": "1.4.0", "types": "filesystem" } } }

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

@nextcloud-bot

This comment has been minimized.

Copy link
Member

commented Sep 28, 2018

GitMate.io thinks possibly related issues are #9204 (Nextcloud upgrade to version 13.0.1), #3119 (Default calendar not showing after Upgrade to Nextcloud 11.0.1), #8768 (oc_phonetrack_points crash Nextcloud after update), #10429 (All contacts disappears after 4.0.0 Beta 1 update), and #5092 (Calendar and contact synchronisation with Thunderbird broken after migration to Nextcloud 12.0.0).

@jollaman999

This comment has been minimized.

Copy link

commented Oct 1, 2018

Same here :(
Same issue & Same log

Using nginx with MariaDB

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Oct 1, 2018

Ref #11227 (not exactly the same problem but looks like another issue with openssl configuration)

@darkrain88

This comment has been minimized.

Copy link

commented Oct 2, 2018

image

add dump 'var_dump(openssl_error_string()); exit();'

image

result
image

@darkrain88

This comment has been minimized.

Copy link

commented Oct 2, 2018

log file:

{"reqId":"Psaz1uPHdaqR9Tg4Dg2k","level":3,"time":"2018-10-02T13:01:41+00:00","remoteAddr":"2409:8920:8813:843:24c5:422e:7418:6018","user":"--","app":"index","method":"GET","url":"\/","message":{"Exception":"TypeError","Message":"Argument 1 passed to OC\\Authentication\\Token\\PublicKeyTokenProvider::encrypt() must be of the type string, null given, called in \/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php on line 307","Code":0,"Trace":[{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":307,"function":"encrypt","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":270,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","admin","admin","$$$abs$$$","Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36",0,1]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":70,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","$$$abs$$$"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/User\/Session.php","line":578,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/User\/Session.php","line":763,"function":"loginWithToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/base.php","line":1031,"function":"tryTokenLogin","class":"OC\\User\\Session","type":"->","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/base.php","line":976,"function":"handleLogin","class":"OC","type":"::","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},{"file":"\/opt\/wwwroot\/Nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":220,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36","version":"14.0.1.1"}

@darkrain88

This comment has been minimized.

Copy link

commented Oct 3, 2018

almost。the same。problem

@bodograumann

This comment has been minimized.

Copy link
Author

commented Oct 4, 2018

Just had a look at the code where the error occurs and it seems that the PublicKeyToken implementation is brand new in version 14. So unfortunately no way to bisect.
The main problem is that the line openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING); does not fill $encryptedPassword, but leaves it at null.

@kesselb

This comment has been minimized.

Copy link
Contributor

commented Oct 4, 2018

@bodograumann #11227 (check this thread for possible solutions)

@bodograumann

This comment has been minimized.

Copy link
Author

commented Oct 4, 2018

I checked there, but to no avail.

  • openssl_error_string only gives error:0E06D06C:configuration file routines:NCONF_get_string:no value, which supposedly is no real error
  • /etc/ssl/openssl.cnf is readable by nextcloud just fine
  • My suspicion is correct, that openssl_public_encrypt in PublicKeyTokenProvider::encryptPassword returns false. I.e. the encryption failed.

But then I found the following: it works if the password is short enough! Try this:

$password = 'gidatsrgaintdrsginatdsrigantdgrsiantdsriagntdsrgainatdsgriantdsgirantdsigarntdsgiarntdsgiarntdsgiarntdsgiarntdsrgiantdsgriantdsgiarntgdrsgiantdsgrinatdsraintdsgriantdsrgiantdsrgiantdsrgiantdsrgiantdsrgniadstrngiadsrntgdsriantdsgirantqflnzxdflozdtvzgiadstrtntztdsgiarzntdfsoglianztvdsgriaznvtdslgaizntvdslgiazwdvfzgnaidfltznoqxudfgltnzdgailnzratqdgisalzvtdfgialzvtdfgliztdflaizntdflgiznoadftvslzngiadfslatzdgafilztndfgaiztdsglianztdfslaginztdflgaizdftvlzngaifdlsant';
$config = ['digest_alg' => 'sha512', 'private_key_bits' => 2048];
$res = openssl_pkey_new($config);
var_dump(openssl_pkey_export($res, $privateKey));
$publicKey = openssl_pkey_get_details($res)['key'];
var_dump(openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING));

:Facepalm: Of course. The message string, i.e. the password, can not be longer than the key, which only has 2048 bits...

@bodograumann bodograumann changed the title Nextcloud broken after update to 14.0.1.1 Nextcloud 14.0.1.1 login is broken for passwords longer than 214 bytes Oct 4, 2018

bodograumann added a commit to bodograumann/server that referenced this issue Oct 4, 2018

Check public key token generator for long password
As seen in issue nextcloud#11438, since version 14, logging in with long passwords is not possible anymore.
This tests checks whether the issue has been fixed.
@rullzer

This comment has been minimized.

Copy link
Member

commented Oct 4, 2018

@bodograumann thanks for the tests in #11619

However, I do not expect to soon find the time to look into this. As for 214 characters (while I'm against upper limits in general) does seem like a very reasonable password length.

Of course if somebody has a PR to fix this it is more than welcome.

@bodograumann

This comment has been minimized.

Copy link
Author

commented Oct 4, 2018

I also don’t see an easy way to fix this.
For now I have reset my password to one with “only” 214 characters ;-)

occ user:resetpassword bodo
@rullzer

This comment has been minimized.

Copy link
Member

commented Oct 4, 2018

@bodograumann still thanks for looking into this. I'll try to get this into the docs so it is at least documented.

@bodograumann

This comment has been minimized.

Copy link
Author

commented Oct 5, 2018

It seems this also affects all my previously created app-passwords. E.g. with webdav:

{
	"reqId":"vUdS6JCFQy463t9CbeDs",
	"level":3,
	"time":"2018-10-05T05:14:22+00:00",
	"remoteAddr":"92.116.70.156",
	"user":"--",
	"app":"remote",
	"method":"PROPFIND",
	"url":"\/remote.php\/dav\/calendars\/bodo\/personal\/",
	"message":{
		"Exception":"TypeError",
		"Message":"base64_encode() expects parameter 1 to be string, null given",
		"Code":0,
		"Trace":[
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":242,"function":"base64_encode","args":[null]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":308,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":271,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","fairphone-davdroid",1,0]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":1882,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":480,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":404,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":130,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php","line":105,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":252,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":155,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":201,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":150,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Server.php","line":293,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/remote.php","line":163,"args":["\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php"],"function":"require_once"}
		],
		"File":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":242,"CustomMessage":"--"},
		"userAgent":"DAVdroid\/2.0.4-ose (2018\/09\/10; dav4android; okhttp\/3.11.0) Android\/6.0.1",
		"version":"14.0.1.1"
	}

Do I really have to regenerate and redistribute all of them?

@darkrain88

This comment has been minimized.

Copy link

commented Oct 5, 2018

i have to use 13.0.6 again

this folder add. more key files make it failed

@rullzer

This comment has been minimized.

Copy link
Member

commented Oct 5, 2018

@bodograumann ah so before 14 a password change made all your tokens invalid. Now with 14 we try to migrate to the new keys. But this then of course fails for you :( So unfortunatly yes. I'm sorry for that.

@ozinfotech

This comment has been minimized.

Copy link

commented Dec 5, 2018

I had a similar error message as shown below. My password was only 200 characters but had, however, high ANSI characters in it. I performed a password reset via
occ user:resetpassword username
and was able to log in and recover the files.

{"reqId":"faBUZ5AgZ332JkFMgvcj","level":3,"time":"2018-12-04T16:37:57-06:00","remoteAddr":"[internal_ip]","user":"[username]","app":"remote","method":"HEAD","url":"\/remote.php\/webdav\/","message":{"Exception":"TypeError","Message":"base64_encode() expects parameter 1 to be string, null given","Code":0,"Trace":[{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":242,"function":"base64_encode","args":[null]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":308,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":70,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":69,"function":"generateToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":641,"function":"generateToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":440,"function":"createSessionToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":130,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php","line":105,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":253,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":155,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":201,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":150,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/remote.php","line":163,"args":["\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":242,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows) mirall\/2.3.2 (build 1) (Nextcloud)","version":"14.0.4.2"}
{"reqId":"8W0PVtdKiZp9jkDyCtyy","level":4,"time":"2018-12-04T16:41:06-06:00","remoteAddr":"[internal_ip]","user":"[username]","app":"webdav","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"TypeError: base64_encode() expects parameter 1 to be string, null given","Code":0,"Trace":[{"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/remote.php","line":72,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/remote.php","line":168,"function":"handleException","args":[{"__class__":"TypeError"}]}],"File":"\/var\/www\/nextcloud\/remote.php","Line":70,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows) mirall\/2.3.2 (build 1) (Nextcloud)","version":"14.0.4.2"}
@bodograumann

This comment has been minimized.

Copy link
Author

commented Dec 5, 2018

@ozinfotech That is to be expected. I probably should have said bytes instead of characters ;-) The encryption algorithm ultimately acts on bytes

@ozinfotech

This comment has been minimized.

Copy link

commented Dec 5, 2018

@bodograumann ah so before 14 a password change made all your tokens invalid. Now with 14 we try to migrate to the new keys. But this then of course fails for you :( So unfortunatly yes. I'm sorry for that.

At least you've got an idea of what's going on. Thanks for working on it.

@ozinfotech That is to be expected. I probably should have said bytes instead of characters ;-) The encryption algorithm ultimately acts on bytes

I suspected as much, but didn't dig in to the code. I'm glad you had posted your solution as that was helpful for me to get back up and going.

@0xb0ba

This comment has been minimized.

Copy link

commented Feb 7, 2019

use openssl_pkey_export($res, $privateKey, NULL, $config)

@jomo

This comment has been minimized.

Copy link

commented Apr 25, 2019

I just ran into this issue after updating from 13 to 14. I have per-user encryption enabled. Running occ user:resetpassword <user> as suggested above prints:

Warning: Resetting the password when using encryption will result in data loss!

How can I change the password without losing data?


Edit: After resetting the password and logging in, I was able to change the private key password to match my login password:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.