Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Creating App Password not possible when using SAML Auth #44822

Open
5 of 8 tasks
MasterPuffin opened this issue Apr 14, 2024 · 3 comments
Open
5 of 8 tasks

[Bug]: Creating App Password not possible when using SAML Auth #44822

MasterPuffin opened this issue Apr 14, 2024 · 3 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 28-feedback bug

Comments

@MasterPuffin
Copy link

⚠️ This issue respects the following points: ⚠️

Bug description

When SAML is configured to be the only possible option for login, it is not possible to create an app password.
When trying to crate an app password the server responds with a 503, however no error is displayed in the webinterface.
The log states
Call to undefined method OCA\User_SAML\UserBackend::checkPassword()

Steps to reproduce

  1. Click on create app password

Expected behavior

An app password is created or at least an error is shown

Installation method

Community Web installer on a VPS or web space

Nextcloud Server version

28

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

Error
Call to undefined method OCA\User_SAML\UserBackend::checkPassword()
/var/www/hostname/lib/private/User/Session.php
line 627
OC\User\Manager->checkPasswordNoLogging(
  "*** sensitive parameters replaced ***"
)
/var/www/hostname/lib/private/User/Session.php
line 356
OC\User\Session->loginWithPassword(
  "*** sensitive parameters replaced ***"
)
/var/www/hostname/lib/private/User/Session.php
line 453
OC\User\Session->login(
  "*** sensitive parameters replaced ***"
)
/var/www/hostname/apps/dav/lib/Connector/Sabre/Auth.php
line 113
OC\User\Session->logClientIn(
  "*** sensitive parameters replaced ***"
)
/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php
line 103
OCA\DAV\Connector\Sabre\Auth->validateUserPass(
  "*** sensitive parameters replaced ***"
)
/var/www/hostname/apps/dav/lib/Connector/Sabre/Auth.php
line 231
Sabre\DAV\Auth\Backend\AbstractBasic->check(
  [
    "Sabre\\HTTP\\Request"
  ],
  [
    "Sabre\\HTTP\\Response"
  ]
)
/var/www/hostname/apps/dav/lib/Connector/Sabre/Auth.php
line 138
OCA\DAV\Connector\Sabre\Auth->auth(
  [
    "Sabre\\HTTP\\Request"
  ],
  [
    "Sabre\\HTTP\\Response"
  ]
)
/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php
line 179
OCA\DAV\Connector\Sabre\Auth->check(
  [
    "Sabre\\HTTP\\Request"
  ],
  [
    "Sabre\\HTTP\\Response"
  ]
)
/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php
line 135
Sabre\DAV\Auth\Plugin->check(
  [
    "Sabre\\HTTP\\Request"
  ],
  [
    "Sabre\\HTTP\\Response"
  ]
)
/var/www/hostname/3rdparty/sabre/event/lib/WildcardEmitterTrait.php
line 89
Sabre\DAV\Auth\Plugin->beforeMethod(
  [
    "Sabre\\HTTP\\Request"
  ],
  [
    "Sabre\\HTTP\\Response"
  ]
)
/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Server.php
line 456
Sabre\DAV\Server->emit(
  "beforeMethod:OPTIONS",
  [
    [
      "Sabre\\HTTP\\Request"
    ],
    [
      "Sabre\\HTTP\\Response"
    ]
  ]
)
/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Server.php
line 253
Sabre\DAV\Server->invokeMethod(
  [
    "Sabre\\HTTP\\Request"
  ],
  [
    "Sabre\\HTTP\\Response"
  ]
)
/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Server.php
line 321
Sabre\DAV\Server->start()
/var/www/hostname/apps/dav/lib/Server.php
line 370
Sabre\DAV\Server->exec()
/var/www/hostname/apps/dav/appinfo/v2/remote.php
line 35
OCA\DAV\Server->exec()
/var/www/hostname/remote.php
line 172
undefinedundefinedrequire_once(
  "/var/www/hostname/apps/dav/appinfo/v2/remote.php"
)
Raw log entry
{
  "reqId": "aG2wEPA7jJK5VHAkwgqn",
  "level": 3,
  "time": "2024-04-14T19:52:25+00:00",
  "remoteAddr": "IP",
  "user": "--",
  "app": "webdav",
  "method": "OPTIONS",
  "url": "/remote.php/dav/files/Username",
  "message": "Call to undefined method OCA\\User_SAML\\UserBackend::checkPassword()",
  "userAgent": "gvfs/1.52.2",
  "version": "28.0.2.5",
  "exception": {
    "Exception": "Error",
    "Message": "Call to undefined method OCA\\User_SAML\\UserBackend::checkPassword()",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/hostname/lib/private/User/Session.php",
        "line": 627,
        "function": "checkPasswordNoLogging",
        "class": "OC\\User\\Manager",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/hostname/lib/private/User/Session.php",
        "line": 356,
        "function": "loginWithPassword",
        "class": "OC\\User\\Session",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/hostname/lib/private/User/Session.php",
        "line": 453,
        "function": "login",
        "class": "OC\\User\\Session",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/hostname/apps/dav/lib/Connector/Sabre/Auth.php",
        "line": 113,
        "function": "logClientIn",
        "class": "OC\\User\\Session",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php",
        "line": 103,
        "function": "validateUserPass",
        "class": "OCA\\DAV\\Connector\\Sabre\\Auth",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/hostname/apps/dav/lib/Connector/Sabre/Auth.php",
        "line": 231,
        "function": "check",
        "class": "Sabre\\DAV\\Auth\\Backend\\AbstractBasic",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/hostname/apps/dav/lib/Connector/Sabre/Auth.php",
        "line": 138,
        "function": "auth",
        "class": "OCA\\DAV\\Connector\\Sabre\\Auth",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",
        "line": 179,
        "function": "check",
        "class": "OCA\\DAV\\Connector\\Sabre\\Auth",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",
        "line": 135,
        "function": "check",
        "class": "Sabre\\DAV\\Auth\\Plugin",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
        "line": 89,
        "function": "beforeMethod",
        "class": "Sabre\\DAV\\Auth\\Plugin",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 456,
        "function": "emit",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          "beforeMethod:OPTIONS",
          [
            [
              "Sabre\\HTTP\\Request"
            ],
            [
              "Sabre\\HTTP\\Response"
            ]
          ]
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 253,
        "function": "invokeMethod",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/hostname/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 321,
        "function": "start",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/hostname/apps/dav/lib/Server.php",
        "line": 370,
        "function": "exec",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/hostname/apps/dav/appinfo/v2/remote.php",
        "line": 35,
        "function": "exec",
        "class": "OCA\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/hostname/remote.php",
        "line": 172,
        "args": [
          "/var/www/hostname/apps/dav/appinfo/v2/remote.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/hostname/lib/private/User/Manager.php",
    "Line": 265,
    "message": "Call to undefined method OCA\\User_SAML\\UserBackend::checkPassword()",
    "exception": [],
    "CustomMessage": "Call to undefined method OCA\\User_SAML\\UserBackend::checkPassword()"
  },
  "id": "661c33fc04507"
}

Additional info

No response
@MasterPuffin MasterPuffin added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Apr 14, 2024
@solracsf
Copy link
Member

Possible duplicate of nextcloud/user_saml#826

@adsche
Copy link

adsche commented Jun 4, 2024

Possible duplicate of nextcloud/user_saml#826

I don't think it is. Our user_saml has the fixed version of lib/UserBackend.php but we still cannot create app passwords. There are no error messages for the user nor in the Nextcloud or php_fpm logs. Devtools shows a 503 response to the POST request to /settings/personal/authtokens (request only containing the "name" for the new app, JSON encoded).

@Naia-love
Copy link

I can confirm adsche comment
No log in nextcloud.log
the button just dosent do anything, and in webbrowser's console it just show a 503 for a POST request to https://diopbox.fr/settings/personal/authtokens

It appear that loggin off and back in fix it, I suppose its linked to this patch? https://github.com/nextcloud/server/pull/7487/files
which appear to set a timer for it (30m, i can try to wait rn and see)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 28-feedback bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@adsche @solracsf @MasterPuffin @Naia-love @szaimen