White screen for admin login after enabling encryption app

[bugabinga]

After enabling the encryption app as the admin, I can no longer login as said user. The login screen shows the "Initializing encryption" message, spins around for a moment, and then the web page becomes and stays white.

I have disabled the extension in the mysql database directly, and then login works as expected.

Trying now to decrypt the previously encrypted data under Personal settings leads to following errors:

Error encryption library No keys available to decrypt the file: bugabinga/files/Screenshot_2014-11-20-10-05-08.png.part 2014-11-25T10:31:19+00:00 Error Encryption library Private key for user "bugabinga" is not valid! Maybe the user password was changed from outside if so please change it back to gain access 2014-11-25T10:30:24+00:00 Error PHP Call to a member function getUID() on a non-object at /var/www/owncloud/lib/private/user.php#241 2014-11-25T10:27:53+00:00 Error PHP Call to a member function getUID() on a non-object at /var/www/owncloud/lib/private/user.php#241 2014-11-25T10:25:52+00:00 Error PHP Call to a member function getUID() on a non-object at /var/www/owncloud/lib/private/user.php#241 2014-11-25T09:42:12+00:00 Error PHP Call to a member function getUID() on a non-object at /var/www/owncloud/lib/private/user.php#241 2014-11-25T09:39:45+00:00 Error PHP Call to a member function getUID() on a non-object at /var/www/owncloud/lib/private/user.php#241 2014-11-25T09:38:55+00:00 Error PHP shell_exec(): Unable to execute 'command -v smbclient 2> /dev/null' at /var/www/owncloud/apps/files_external/lib/smb.php#143 2014-11-25T09:37:15+00:00 Error Encryption library Could not delete shareKey; does not exist: "/oliver/files_encryption/share-keys/memex/Blog design/Picture.jpeg.zbigniew.shareKey" 2014-11-25T09:31:06+00:00 Error Encryption library Could not delete shareKey; does not exist: "/oliver/files_encryption/share-keys/memex/Blog design/Picture.jpeg.sonja.shareKey" 2014-11-25T09:31:06+00:00 Error Encryption library Could not delete shareKey; does not exist: "/oliver/files_encryption/share-keys/memex/Blog design/Picture.jpeg.nina.shareKey" 2014-11-25T09:31:06+00:00 Error Encryption library Could not delete shareKey; does not exist: "/oliver/files_encryption/share-keys/memex/Blog design/Picture.jpeg.micha.shareKey" 2014-11-25T09:31:06+00:00 Error Encryption library Could not delete shareKey; does not exist: "/oliver/files_encryption/share-keys/memex/Blog design/Picture.jpeg.kristin.shareKey" 2014-11-25T09:31:06+00:00

One of those messages probably resulted in me initially providing the wrong password. "bugabinga" is the admin account. I have since double-checked the pw and am sure its correct. It is relatively long (~30chars) with german umlauts.
For all other accounts, encryption seems to work as expected, and login works.

Is there anything in my setup I need to fix? Change permissions on some folders?

O.

[DeepDiver1975]

@schiesbn

[schiessle]

Do you have anything in the log file which indicated why the initial encryption failed?

[bugabinga]

I am not sure? Here is the log file:

http://hastebin.com/ikomahunoc

Hopefully this is not giving away too much information :).

[PVince81]

Hmm, are you using external storage ? I see SMB in your logs.
Did you also enable the recovery key for encryption ?

I suggest to try applying these patches which might help:

• Show warning when invalid user was passed #12175
• [stable7] Fix file upload to ext storage when recovery key is enabled #12131

[bugabinga]

Samba is not activated. I have configured Dropbox and Google Drive as
external storage, but that was after the fact.

The external storage app was active, but no provider was configured.

I will try the patches soon.

[Carlgo11]

I have the same problem.
In my log I get [:error] [pid 3249] [client 46.246.2.109:64700] PHP Fatal error: Call to a member function getUID() on a non-object in /var/www/owncloud/lib/private/user.php on line 241, referer: https://alpha.carlgo11.com/owncloud/

[PVince81]

Try the patches, or better, try OC 7.0.4 RC 1 😄

[Carlgo11]

But OC 7.0.4 isn't out yet?

[PVince81]

the first release candidate is out: https://mailman.owncloud.org/pipermail/announcements/2014-December/000059.html (aka testing version)

[PVince81]

Hmmm, I have seen this error happeneing for a newly created uer. After login a white page appears with only the same error message like @Carlgo11, and it was on master.

But this cannot be reproduced consistently. Newly created users work. Only that one seemed to be the unlucky one.

[PVince81]

CC @dttpy

[PVince81]

Tried and debug the case I had here, I see that the code says "encryption still running, so force logout": https://github.com/owncloud/core/blob/master/apps/files_encryption/hooks/hooks.php#L91

When the code here is reached after the force-login: https://github.com/owncloud/core/blob/master/lib/private/user.php#L236

$result is still true, which means it considers the login as successful and tries to work with the session, which isn't there. That will cause the error above.

Note, I have this case on master c5ee95a

From what I see the migration seem to have stuck itself for that user:

sqlite> select * from oc_preferences where userid='xyz';
userid|appid|configkey|configvalue
xyz|files_encryption|migration_status|-1
xyz|files_encryption|recovery_enabled|0
xyz|login|lastLogin|1417721105

This is the folder's contents:

xyz
xyz/files
xyz/files/welcome.txt
xyz/files_encryption
xyz/files_encryption/xyz.privateKey
xyz/files_encryption/keys
xyz/cache

And "welcome.txt" is not encrypted.

Not sure why the migration managed to stuck itself this way for such a simple situation.

So, two bugs:

• migration stuck for some mysterious reasons for a new user (only happened once, cannot reproduce with more users)
• "migration in progress" error message should be shown properly instead of that exception

@schiesbn comments ?

[PVince81]

I didn't find anything in the logs apart from some older messages about that user having the wrong password. But the messages are from months ago and that user got deleted and then added again today.

I verified that when a user is deleted the matching "oc_preferences" are properly reset (in case it would be an older stray migration status)

[jpiles]

I'm facing the same problem, and in my case the issue was the encryption of the already existent files took more than 3600 seconds, and the PHP maximum execution time kicked in (I should probably have increased this timeout beforehand, but I only know it know). So some files were left unencrypted, and that seems to be the issue now.

For me the proper path would be to resume the encryption where it stopped, since an interrupted migration might happen because of a number of reasons, like the user closing / refreshing the window, etc.

[Florian01]

I'm having the same Issue: after enabling the encryption app I cannot login again - other user accounts work, however. how do I stop the encryption manually? Can this be done somehow via myPHPadmin or any other workaround? sincere thanks!

[DeepDiver1975]

the migration status for a user is stored in the table oc_preferences.

@schiesbn we should think about a recovery mechanism for an failed/bombed encryption process

[Florian01]

got it! I'm back in! Thanks!!!
to all other non-coders like myself: The Status in myPHPadmin has to be changed from "-1" to "1" (i.e. the same value other successfully encrypted users should list in the table).

Looking forward to ne next update on the encryption app before trying that one again :)

[PVince81]

Let's use this ticket for all issues that caused that "getUID()" exception.
The minimum that needs to be done is making sure we don't see that exception that doesn't mean anything, but show a proper error message for the stuck encryption (or even an exception that mentions the migration).

As described above, this "getUID()" exception is due to the code path that tries to log out the user due to running migration.

[PVince81]

To make it even cleared, the steps to reproduce:

1. Upload lots of files
2. Enable encryption
3. Open two browser tabs
4. Login in the first browser tab: migration starts
5. While the migration is running, try and login in the second browser tab

Step 5 will first show a message "encryption is already running". But then after a little while it will refresh the page and show the exception.

Expected is that it shows a message "migration is currently running" with a spinner and stay like this.

Observed on master (dc86cbd)

[TarekTaha]

@PVince81 same problem here, pretty much I've done the same steps you mentioned above (without the two browsers) what's the appropriate action to fix my problem here ?

• Applying the patches: Show warning when invalid user was passed #12175 [stable7] Fix file upload to ext storage when recovery key is enabled #12131
• Updating my oc to 7.04rc1
• Follow @Florian01 tip and change from -1 to 1 (not sure how will this effect the encryption)

I just don't want to lose any data, or end up in a situation where some of my data is encrypted and the other is not.

Please advise ...

[frafra]

Same problem here. I have a lot of files and it seems that encryption process stopped as described in the previous posts.

@PVince81 Patches are already present in 7.0.4 (which is the latest stable).

Any suggestion on how to resume the process or revert changes?

[PVince81]

I believe you should be able to change that migration flag to 0 in the database.
It will reset the migration and at the next login it will restart the migration and encrypt the remaining files.

The reason why the migration flag is there is to avoid having to check for unencrypted files for every login, which would be quite unefficient. That's why when it's done ownCloud will set it to 1.

If you have lots of files, there's a chance that PHP will run into a timeout and kill itself / aborting the process. So you might to reset the flag again.

There is a discussion about how to prevent timeout issues here: #10657

[TarekTaha]

@PVince81 I did that, this allowed me to login, then I tried to decrypt the file in the personal settings but I keep on getting : Couldn't decrypt your files, please check your owncloud.log or ask your administrator

I am afraid that I am left in a state where some of my files are still encrypted, is there a way to fix this? Or at least find out which files are still encrypted and try to recover them ?

[frafra]

This is what I've done:

1. Logout
2. update oc_preferences set configvalue=0 where (appid='files_encription' and configvalue='-1');
3. Login
4. Wait until error appears
5. update oc_preferences set configvalue=1 where (appid='files_encription' and configvalue='-1');
6. Repeat from 1 until every file is encrypted

Now everything works, thank you.

[TarekTaha]

@frafra Ok, I will try this, but I have a lot of files and I have feeling that I will have to repeat this 100 times. Is there a way to automate the login ? Or trigger the encryption process, I can then write a script that monitors the file_encryption flag in the database and re-triggers the encryption when it fails.

[frafra]

You could write a bash script and use curl, or write a php script for this. I think that there could be a better solution. Maybe you could backup your files and your database, and try to disable encryption.

[TarekTaha]

I already backed up my files and database.
I tried to disable the encryption and decrypt my data, but kept on getting this error message : Couldn't decrypt your files, please check your owncloud.log or ask your administrator

Ideally I would like to keep the encryption, but at this stage I want to get my owncloud instance functional !
If I was to write a script to do so, how can I trigger the encryption procedure that starts when you login ?

[frafra]

It's automatically triggered when you login, so you need to write a script to do it. You could use curl, javascript... There are many ways, but probably someone has a better solution.

[PVince81]

Did you check owncloud.log ? What errors were there ? (to find out why it couldn't decrypt)

[MorrisJobke]

I run into that issue today for 7 out of 8 times setting up encryption (I only have the getUID() error in the logs and I only have the plain welcome.txt)

$ ./occ app:list
Enabled:
 - files
 - files_encryption
 - files_sharing
 - files_trashbin
Disabled:
 - files_external
 - files_versions
 - user_ldap
 - user_webdavauth

$ tree data
data
├── index.html
├── mjob
│   ├── cache
│   ├── files
│   │   └── welcome.txt
│   ├── files_encryption
│   │   ├── keyfiles
│   │   │   └── welcome.txt.key
│   │   ├── mjob.private.key
│   │   └── share-keys
│   │       └── welcome.txt.mjob.shareKey
│   └── thumbnails
│       └── 4
│           └── 36-36.png
├── owncloud.db
├── owncloud.log
├── owncloud_private_key
│   └── pubShare_9c8c3631.private.key
└── public-keys
    ├── mjob.public.key
    └── pubShare_9c8c3631.public.key

10 directories, 11 files

[MorrisJobke]

After applying #13314 (and backporting the method isLoggedIn()) the white page doesn't occur anymore. It simply redirect after a few seconds to the login page with the message "Forgot your password? Reset it!". On every login the same message appears again.

[MorrisJobke]

I setup v7.0.4

[schiessle]

@MorrisJobke but in your case you doesn't try to login twice like described here #12412 (comment), right?

[MorrisJobke]

@schiesbn No. Just a single browser. Just login and after ~5s I got redirected to the login page (with the patch I got the "forgot password" and without the blank page with the getUID() error in logs)

[MorrisJobke]

I tried with chromium and firefox

[MorrisJobke]

I have a dump of my instance here. Whoever wants to have a look at it.

My architecture:

Apache 2.4.10
PHP 5.6.4
PHP-FPM
SQLite 3.8.7.4

ArchLinux

[MorrisJobke]

I didn't can reproduce my issue from two days ago, but #13314 was merged. Can you try it again (either with #13314 applied or by waiting for ownCloud 8.0)

[PVince81]

Should we keep this open or was the problem solved through the linked PR ?

[bugabinga]

I can confirm this issue resolved as of 8.0.1. At least the case I originally posted ;).

[JoKeyser]

I just ran into the same issue in ownCloud 8.0.2 on Debian wheezy.
After resetting migration_status from -1 to 1 login works again, and all files seem encrypted on the file system. Maybe I should post some logs?

PS: For those wondering how to fix the MySQL database entry:
Login as root via mysql -u root -p, then USE owncloud;, or whatever your databases name is (you can list all with show databases;).
Then SELECT * FROM oc_preferences WHERE configkey="migration_status"; to see whether that it is indeed the problem, e.g.

+--------+------------------+------------------+-------------+
| userid | appid            | configkey        | configvalue |
+--------+------------------+------------------+-------------+
| joke   | files_encryption | migration_status | -1          |
+--------+------------------+------------------+-------------+

And finally set it to 1 with UPDATE oc_preferences SET configvalue="1" WHERE configkey="migration_status";

[PVince81]

@JoKeyser can you post your log from the white screen moment ? Because this is supposed to be fixed already, but maybe you bumped into another error that triggered similar symptoms.

[JoKeyser]

@PVince81 actually I didn't get a white screen, just a well-formatted message "Initial encryption running… Please try again later." I thought it fits here nevertheless, please correct if it's better somewhere else.

Here's all I've got from /var/www/owncloud/data/owncloud.log, at https://gist.github.com/JoKeyser/33a23b0ded860c08d8c1. Anything else?

[PVince81]

I think you should set the configvalue to 0 to make sure it retries to encrypt your files. If you set it to "1" it will just believe that it was done.