New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

After upgrade from 8.2 to 9.1: plain password in owncloud.log #25895

Closed
kostas707 opened this Issue Aug 22, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@kostas707

kostas707 commented Aug 22, 2016

OwnCloud version 9.1. When enter login on web page, plain pass is showing in owncloud.log

Steps to reproduce

Open OwnCloud web page, enter login on web page and enter:
user: aaaaa
password: bbbbb

user: aaaaa
password: bbbbb

{"reqId":"tAboChzhlAec4q9vgwvN","remoteAddr":"192.168.100.15","app":"user_ldap","message":"Exception: {"Exception":"Exception","Message":"No user available for the given login name on 10.90.2.23:10389","Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120): OCA \User_LDAP \User_LDAP->getLDAPUserByLoginName('aaaaa') n
#1 [internal function]: OCA \User_LDAP \User_LDAP->checkPassword(*** sensitive parameters replaced *) n
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array) n
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139): OCA \User_LDAP \User_Proxy->walkBackends('aaaaa', 'checkPassword', Array) n
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182): OCA \User_LDAP \Proxy->handleRequest('aaaaa', 'checkPassword', Array) n
#5 /var/www/owncloud/lib/private/User/Manager.php(190): OCA \User_LDAP \User_Proxy->checkPassword(
* sensitive parameters replaced *) n
#6 /var/www/owncloud/core/Controller/LoginController.php(177): OC \User \Manager->checkPassword(
* sensitive parameters replaced ***) n
#7 [internal function]: OC \Core \Controller \LoginController->

tryLogin('aaaaa', 'bbbbb', NULL) n
#8 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(159): call_user_func_array(Array, Array) n
#9 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(89): OC \AppFramework \Http \Dispatcher->executeController(Object(OC \Core \Controller \LoginController), 'tryLogin') n
#10 /var/www/owncloud/lib/private/AppFramework/App.php(110): OC \AppFramework \Http \Dispatcher->dispatch(Object(OC \Core \Controller \LoginController), 'tryLogin') n
#11 /var/www/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46): OC \AppFramework \App::main('LoginController', 'tryLogin', Object(OC \AppFramework \DependencyInjection \DIContainer), Array) n
#12 [internal function]: OC \AppFramework \Routing \RouteActionHandler->__invoke(Array) n
#13 /var/www/owncloud/lib/private/Route/Router.php(280): call_user_func(Object(OC \AppFramework \Routing \RouteActionHandler), Array) n
#14 /var/www/owncloud/lib/base.php(891): OC \Route \Router->match('/login') n
#15 /var/www/owncloud/index.php(39): OC::handleRequest() n
#16 {main}","File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php","Line":104}","level":3,"time":

"2016-08-22T10:53:35+00:00",
"method":"POST",
"url":"/index.php/login?user=aaaaa","user":"--"}
{"reqId":"tAboChzhlAec4q9vgwvN",
"remoteAddr":"192.168.100.15",
"app":"user_ldap",
"message":"Exception: {"Exception":"Exception","Message":
"No user available for the given login name on 192.168.1.14:3268","Code":0,"Trace":"

Expected behaviour

in OwnCloud 8.2 version with same loglevel there was none plain passwords.

Server configuration

Debian 8
Apache/2.4.10 (Debian)
mysql Ver 14.14 Distrib 5.5.44, for debian-linux-gnu (x86_64) using readline 6.3
PHP 5.6.9-0+deb8u1 (cli) (built: Jun 5 2015 11:03:27)
OwnCloud 9.1
version updated:

  1. sudo -u www-data php occ maintenance:mode --on
  2. /etc/init.d/apache2 stop
  3. gunzip owncloud-files_9.1.0.orig.tar.gz | tar xvf -
  4. chown -hR www-data:www-data owncloud/
  5. bkp: config/ and data/ directory.
  6. rm -rf old files and copy new one (except config/config.php)
  7. /etc/init.d/apache2 restart
  8. cd /var/www/owncloud
  9. sudo -u www-data php occ upgrade

Where did you install ownCloud from:
http://download.owncloud.org/download/repositories/9.1.0/Debian_8.0/owncloud-files_9.1.0.orig.tar.gz

Signing status (ownCloud 9.0 and above):

http://example.com/index.php/settings/integrity/failed - paste the results here:
No errors have been found.

**List of activated apps:**

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder

Enabled:
- dav: 0.2.5
- federatedfilesharing: 0.3.0
- files: 1.5.1
- user_ldap: 0.9.0

Disabled:
- activity
- comments
- encryption
- external
- federation
- files_antivirus
- files_external
- files_pdfviewer
- files_sharing
- files_texteditor
- files_trashbin
- files_versions
- files_videoplayer
- firstrunwizard
- gallery
- notifications
- provisioning_api
- systemtags
- templateeditor
- updatenotification
- user_external

**The content of config/config.php:**
# cat config.php

<?php
$CONFIG = array (
  'instanceid' => 'instance_id',
  'passwordsalt' => 'pAsSwOrDsAlT',
  'secret' => 'SeCrEt',
  'trusted_domains' => 
  array (
    0 => 'domain.domain.org',
  ),
  'datadirectory' => '/var/www/owncloud/data',
  'overwrite.cli.url' => 'http://files.files.org/owncloud',
  'dbtype' => 'mysql',
  'version' => '9.1.0.15',
  'installed' => true,
  'mail_smtpmode' => 'smtp',
  'forcessl' => true,
  'forceSSLforSubdomains' => true,
  'session_lifetime' => 28800,
  'mail_from_address' => 'owncloud',
  'mail_domain' => 'domain.org',
  'mail_smtphost' => 'smtp.smtp.org',
  'mail_smtpport' => '25',
  'ldapIgnoreNamingRules' => false,
  'preview_libreoffice_path' => '/usr/bin/libreoffice',
  'loglevel' => '4',
  'maintenance' => false,
  'dbname' => 'owncloud',
  'dbhost' => '127.0.0.1',
  'dbuser' => 'username',
  'dbpassword' => 'pass',
  'theme' => '',
  'trashbin_retention_obligation' => 'auto',
);

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder
root@sfiles:/var/www/owncloud# sudo -u www-data php occ config:list system
{
"system": {
"instanceid": "instanceid",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"sfiles.sfiles.org"
],
"datadirectory": "/var/www/owncloud/data",
"overwrite.cli.url": "http:/\files.files.org/owncloud",
"dbtype": "mysql",
"version": "9.1.0.15",
"installed": true,
"mail_smtpmode": "smtp",
"forcessl": true,
"forceSSLforSubdomains": true,
"session_lifetime": 28800,
"mail_from_address": "owncloud",
"mail_domain": "files.org",
"mail_smtphost": "smtp.smtp.org",
"mail_smtpport": "25",
"ldapIgnoreNamingRules": false,
"preview_libreoffice_path": "/usr/bin/libreoffice",
"loglevel": "4",
"maintenance": false,
"dbname": "owncloud",
"dbhost": "127.0.0.1",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"theme": "",
"trashbin_retention_obligation": "auto"
}
}
root@files:/var/www/owncloud#
or

Are you using external storage, if yes which one: local/smb/sftp/...
no

Are you using encryption: yes/no
no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
Ldap and Active Directory

@DeepDiver1975 DeepDiver1975 self-assigned this Aug 22, 2016

@DeepDiver1975 DeepDiver1975 added this to the 9.2 milestone Aug 22, 2016

DeepDiver1975 added a commit that referenced this issue Aug 22, 2016

@kostas707

This comment has been minimized.

Show comment
Hide comment
@kostas707

kostas707 Aug 23, 2016

hanks, for quick response. I've checked #25902. When login with fake user, no password is showing. But when connect with exist Domain userna me and password is correct, then password is still in log.

{"reqId":"MTRK5tqbshYzakztCAoW","remoteAddr":"192.168.100.15",
"app":"user_ldap",
"message":"Exception: {
"Exception":"Exception",
"Message":"No user available for the given login name on 10.90.2.23:10389",
"Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120):
OCA-User_LDAP-User_LDAP->getLDAPUserByLoginName('domain.username...')
#1 [internal function]: OCA-User_LDAP-User_LDAP->checkPassword(*** sensitive parameters replaced )
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array)
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139):
OCA-User_LDAP-User_Proxy->walkBackends('domain.username...', 'checkPassword', Array)
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182):
OCA-User_LDAP-Proxy->handleRequest('domain.username...', 'checkPassword', Array)
#5 /var/www/owncloud/lib/private/User/Manager.php(190):
OCA-User_LDAP-User_Proxy->checkPassword( sensitive parameters replaced )
#6 /var/www/owncloud/core/Controller/LoginController.php(177):
OC-User-Manager->checkPassword( sensitive parameters replaced )
#7 [internal function]: OC-Core-Controller-LoginController->tryLogin( sensitive parameters replaced ***)
#8 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(159): call_user_func_array(Array, Array)
#9 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(89):
OC-AppFramework-Http-Dispatcher->
executeController(Object(OC-Core-Controller-LoginController), 'tryLogin')
#10 /var/www/owncloud/lib/private/AppFramework/App.php(110):
OC-AppFramework-Http-Dispatcher->dispatch(Object(OC-Core-Controller-LoginController), 'tryLogin')
#11 /var/www/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46):

OC-AppFramework-App::main('LoginController', 'tryLogin',
Object(OC-AppFramework-DependencyInjection-DIContainer), Array)
#12 [internal function]: OC-AppFramework-Routing-RouteActionHandler->__invoke(Array)
#13 /var/www/owncloud/lib/private/Route/Router.php(280):
call_user_func(Object(OC-AppFramework-Routing-RouteActionHandler), Array)
#14 /var/www/owncloud/lib/base.php(891): OC-Route-Router->match('/login')
#15 /var/www/owncloud/index.php(39): OC::handleRequest()
#16 {main}","File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php","Line":104}",
"level":3,
"time":"2016-08-23T06:03:08+00:00",
"method":"POST",
"url":"/index.php/login",
"user":"--"}

{
"reqId":"MTRK5tqbshYzakztCAoW",
"remoteAddr":"192.168.100.15",
"app":"user_ldap",
"message":"Exception:
{"Exception":"Exception",
"Message":"No user available for the given login name on 10.90.2.23:10389",
"Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120):
OCA-User_LDAP-User_LDAP->getLDAPUserByLoginName('domain.username...')
#1 [internal function]: OCA-User_LDAP-User_LDAP->checkPassword(*** sensitive parameters replaced )
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array)
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139):
OCA-User_LDAP-User_Proxy->walkBackends('domain.username...', 'checkPassword', Array)
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182):
OCA-User_LDAP-Proxy->handleRequest('domain.username...', 'checkPassword', Array)
#5 /var/www/owncloud/lib/private/User/Manager.php(190):
OCA-User_LDAP-User_Proxy->checkPassword( sensitive parameters replaced )
#6 /var/www/owncloud/lib/private/User/Session.php(427):
OC-User-Manager->checkPassword( sensitive parameters replaced ***)
#7 /var/www/owncloud/lib/private/User/Session.php(287):
OC-User-Session->loginWithPassword('domain.username...',

---> 'plain_password!!!') ---<

#8 /var/www/owncloud/core/Controller/LoginController.php(196):
OC-User-Session->login(*** sensitive parameters replaced )
#9 [internal function]: OC-Core-Controller-LoginController->tryLogin( sensitive parameters replaced )
#10 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(159): call_user_func_array(Array, Array)
#11 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(89):
OC-AppFramework-Http-Dispatcher-> executeController(Object(OC-Core-Controller-LoginController), 'tryLogin')
#12 /var/www/owncloud/lib/private/AppFramework/App.php(110):
OC-AppFramework-Http-Dispatcher->dispatch(Object(OC-Core-Controller-LoginController), 'tryLogin')
#13 /var/www/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46):

OC-AppFramework-App::main('LoginController', 'tryLogin', Object
(OC-AppFramework-DependencyInjection-DIContainer), Array)
#14 [internal function]: OC-AppFramework-Routing-RouteActionHandler->__invoke(Array)
#15 /var/www/owncloud/lib/private/Route/Router.php(280):
call_user_func(Object(OC-AppFramework-Routing-RouteActionHandler), Array)
#16 /var/www/owncloud/lib/base.php(891): OC-Route-Router->match('/login')
#17 /var/www/owncloud/index.php(39): OC::handleRequest()
#18 {main}",
"File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php",
"Line":104
}",
"level":3,
"time":"2016-08-23T06:03:08+00:00",
"method":"POST",
"url":"/index.php/login","user":"--"}
{"reqId":"PEaoW0KkIpTbe3dR3OT7",
"remoteAddr":"192.168.100.15"
,"app":"user_ldap",
"message":"Exception: {
Exception":"Exception",
"Message":"No user available for the given login name on 10.90.2.23:10389",
"Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120):
OCA-User_LDAP-User_LDAP->getLDAPUserByLoginName('domain.username...')
#1 [internal function]: OCA-User_LDAP-User_LDAP->checkPassword( sensitive parameters replaced )
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array)
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139): OCA-User_LDAP-User_Proxy->walkBackends('domain.username...', 'checkPassword', Array)
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182):
OCA-User_LDAP-Proxy->handleRequest('domain.username...', 'checkPassword', Array)
#5 /var/www/owncloud/lib/private/User/Manager.php(190):
OCA-User_LDAP-User_Proxy->checkPassword( sensitive parameters replaced )
#6 /var/www/owncloud/lib/private/User/Session.php(591):
OC-User-Manager->checkPassword( sensitive parameters replaced )
#7 /var/www/owncloud/lib/private/User/Session.php(626):
OC-User-Session->checkTokenCredentials(Object(OC-Authentication-Token-DefaultToken), 'vphb8idv8kgpc4i...')
#8 /var/www/owncloud/lib/private/User/Session.php(221):
OC-User-Session->validateToken( sensitive parameters replaced ***)
#9 /var/www/owncloud/lib/private/User/Session.php(196): OC-User-Session->validateSession()
#10 /var/www/owncloud/lib/private/App/AppManager.php(152): OC-User-Session->getUser()
#11 /var/www/owncloud/lib/private/legacy/app.php(313): OC-App-AppManager->isEnabledForUser('user_webdavauth')
#12 /var/www/owncloud/lib/public/App.php(131): OC_App::isEnabled('user_webdavauth')
#13 /var/www/owncloud/apps/user_ldap/appinfo/app.php(72): OCP-App::isEnabled('user_webdavauth')
#14 /var/www/owncloud/lib/private/legacy/app.php(186): require_once('/var/www/ownclo...')
#15 /var/www/owncloud/lib/private/legacy/app.php(149): OC_App::requireAppFile('user_ldap')
#16 /var/www/owncloud/lib/private/legacy/app.php(119): OC_App::loadApp('user_ldap')
#17 /var/www/owncloud/lib/base.php(861): OC_App::loadApps(Array)
#18 /var/www/owncloud/index.php(39): OC::handleRequest()
#19 {main}","File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php","Line":104}",
"level":3,
"time":"2016-08-23T06:03:08+00:00",
"method":"GET",
"url":"/index.php/apps/files/",
"user":"domain.username"}

kostas707 commented Aug 23, 2016

hanks, for quick response. I've checked #25902. When login with fake user, no password is showing. But when connect with exist Domain userna me and password is correct, then password is still in log.

{"reqId":"MTRK5tqbshYzakztCAoW","remoteAddr":"192.168.100.15",
"app":"user_ldap",
"message":"Exception: {
"Exception":"Exception",
"Message":"No user available for the given login name on 10.90.2.23:10389",
"Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120):
OCA-User_LDAP-User_LDAP->getLDAPUserByLoginName('domain.username...')
#1 [internal function]: OCA-User_LDAP-User_LDAP->checkPassword(*** sensitive parameters replaced )
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array)
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139):
OCA-User_LDAP-User_Proxy->walkBackends('domain.username...', 'checkPassword', Array)
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182):
OCA-User_LDAP-Proxy->handleRequest('domain.username...', 'checkPassword', Array)
#5 /var/www/owncloud/lib/private/User/Manager.php(190):
OCA-User_LDAP-User_Proxy->checkPassword( sensitive parameters replaced )
#6 /var/www/owncloud/core/Controller/LoginController.php(177):
OC-User-Manager->checkPassword( sensitive parameters replaced )
#7 [internal function]: OC-Core-Controller-LoginController->tryLogin( sensitive parameters replaced ***)
#8 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(159): call_user_func_array(Array, Array)
#9 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(89):
OC-AppFramework-Http-Dispatcher->
executeController(Object(OC-Core-Controller-LoginController), 'tryLogin')
#10 /var/www/owncloud/lib/private/AppFramework/App.php(110):
OC-AppFramework-Http-Dispatcher->dispatch(Object(OC-Core-Controller-LoginController), 'tryLogin')
#11 /var/www/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46):

OC-AppFramework-App::main('LoginController', 'tryLogin',
Object(OC-AppFramework-DependencyInjection-DIContainer), Array)
#12 [internal function]: OC-AppFramework-Routing-RouteActionHandler->__invoke(Array)
#13 /var/www/owncloud/lib/private/Route/Router.php(280):
call_user_func(Object(OC-AppFramework-Routing-RouteActionHandler), Array)
#14 /var/www/owncloud/lib/base.php(891): OC-Route-Router->match('/login')
#15 /var/www/owncloud/index.php(39): OC::handleRequest()
#16 {main}","File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php","Line":104}",
"level":3,
"time":"2016-08-23T06:03:08+00:00",
"method":"POST",
"url":"/index.php/login",
"user":"--"}

{
"reqId":"MTRK5tqbshYzakztCAoW",
"remoteAddr":"192.168.100.15",
"app":"user_ldap",
"message":"Exception:
{"Exception":"Exception",
"Message":"No user available for the given login name on 10.90.2.23:10389",
"Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120):
OCA-User_LDAP-User_LDAP->getLDAPUserByLoginName('domain.username...')
#1 [internal function]: OCA-User_LDAP-User_LDAP->checkPassword(*** sensitive parameters replaced )
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array)
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139):
OCA-User_LDAP-User_Proxy->walkBackends('domain.username...', 'checkPassword', Array)
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182):
OCA-User_LDAP-Proxy->handleRequest('domain.username...', 'checkPassword', Array)
#5 /var/www/owncloud/lib/private/User/Manager.php(190):
OCA-User_LDAP-User_Proxy->checkPassword( sensitive parameters replaced )
#6 /var/www/owncloud/lib/private/User/Session.php(427):
OC-User-Manager->checkPassword( sensitive parameters replaced ***)
#7 /var/www/owncloud/lib/private/User/Session.php(287):
OC-User-Session->loginWithPassword('domain.username...',

---> 'plain_password!!!') ---<

#8 /var/www/owncloud/core/Controller/LoginController.php(196):
OC-User-Session->login(*** sensitive parameters replaced )
#9 [internal function]: OC-Core-Controller-LoginController->tryLogin( sensitive parameters replaced )
#10 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(159): call_user_func_array(Array, Array)
#11 /var/www/owncloud/lib/private/AppFramework/Http/Dispatcher.php(89):
OC-AppFramework-Http-Dispatcher-> executeController(Object(OC-Core-Controller-LoginController), 'tryLogin')
#12 /var/www/owncloud/lib/private/AppFramework/App.php(110):
OC-AppFramework-Http-Dispatcher->dispatch(Object(OC-Core-Controller-LoginController), 'tryLogin')
#13 /var/www/owncloud/lib/private/AppFramework/Routing/RouteActionHandler.php(46):

OC-AppFramework-App::main('LoginController', 'tryLogin', Object
(OC-AppFramework-DependencyInjection-DIContainer), Array)
#14 [internal function]: OC-AppFramework-Routing-RouteActionHandler->__invoke(Array)
#15 /var/www/owncloud/lib/private/Route/Router.php(280):
call_user_func(Object(OC-AppFramework-Routing-RouteActionHandler), Array)
#16 /var/www/owncloud/lib/base.php(891): OC-Route-Router->match('/login')
#17 /var/www/owncloud/index.php(39): OC::handleRequest()
#18 {main}",
"File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php",
"Line":104
}",
"level":3,
"time":"2016-08-23T06:03:08+00:00",
"method":"POST",
"url":"/index.php/login","user":"--"}
{"reqId":"PEaoW0KkIpTbe3dR3OT7",
"remoteAddr":"192.168.100.15"
,"app":"user_ldap",
"message":"Exception: {
Exception":"Exception",
"Message":"No user available for the given login name on 10.90.2.23:10389",
"Code":0,"Trace":"
#0 /var/www/owncloud/apps/user_ldap/lib/User_LDAP.php(120):
OCA-User_LDAP-User_LDAP->getLDAPUserByLoginName('domain.username...')
#1 [internal function]: OCA-User_LDAP-User_LDAP->checkPassword( sensitive parameters replaced )
#2 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(67): call_user_func_array(Array, Array)
#3 /var/www/owncloud/apps/user_ldap/lib/Proxy.php(139): OCA-User_LDAP-User_Proxy->walkBackends('domain.username...', 'checkPassword', Array)
#4 /var/www/owncloud/apps/user_ldap/lib/User_Proxy.php(182):
OCA-User_LDAP-Proxy->handleRequest('domain.username...', 'checkPassword', Array)
#5 /var/www/owncloud/lib/private/User/Manager.php(190):
OCA-User_LDAP-User_Proxy->checkPassword( sensitive parameters replaced )
#6 /var/www/owncloud/lib/private/User/Session.php(591):
OC-User-Manager->checkPassword( sensitive parameters replaced )
#7 /var/www/owncloud/lib/private/User/Session.php(626):
OC-User-Session->checkTokenCredentials(Object(OC-Authentication-Token-DefaultToken), 'vphb8idv8kgpc4i...')
#8 /var/www/owncloud/lib/private/User/Session.php(221):
OC-User-Session->validateToken( sensitive parameters replaced ***)
#9 /var/www/owncloud/lib/private/User/Session.php(196): OC-User-Session->validateSession()
#10 /var/www/owncloud/lib/private/App/AppManager.php(152): OC-User-Session->getUser()
#11 /var/www/owncloud/lib/private/legacy/app.php(313): OC-App-AppManager->isEnabledForUser('user_webdavauth')
#12 /var/www/owncloud/lib/public/App.php(131): OC_App::isEnabled('user_webdavauth')
#13 /var/www/owncloud/apps/user_ldap/appinfo/app.php(72): OCP-App::isEnabled('user_webdavauth')
#14 /var/www/owncloud/lib/private/legacy/app.php(186): require_once('/var/www/ownclo...')
#15 /var/www/owncloud/lib/private/legacy/app.php(149): OC_App::requireAppFile('user_ldap')
#16 /var/www/owncloud/lib/private/legacy/app.php(119): OC_App::loadApp('user_ldap')
#17 /var/www/owncloud/lib/base.php(861): OC_App::loadApps(Array)
#18 /var/www/owncloud/index.php(39): OC::handleRequest()
#19 {main}","File":"/var/www/owncloud/apps/user_ldap/lib/User_LDAP.php","Line":104}",
"level":3,
"time":"2016-08-23T06:03:08+00:00",
"method":"GET",
"url":"/index.php/apps/files/",
"user":"domain.username"}

@DeepDiver1975

This comment has been minimized.

Show comment
Hide comment
@DeepDiver1975

DeepDiver1975 Aug 23, 2016

Member

THX. Will take care

Member

DeepDiver1975 commented Aug 23, 2016

THX. Will take care

@PVince81 PVince81 closed this in #25902 Aug 24, 2016

PVince81 added a commit that referenced this issue Aug 24, 2016

Don't log credentials of LoginController::tryLogin (#25902)
* Don't log credentials of LoginController::tryLogin - fixes #25895

* Don't log password in loginWithPassword

DeepDiver1975 added a commit that referenced this issue Aug 24, 2016

[stable9.1] Don't log credentials of LoginController::tryLogin (#25902)
* Don't log credentials of LoginController::tryLogin - fixes #25895

* Don't log password in loginWithPassword

DeepDiver1975 added a commit that referenced this issue Aug 29, 2016

[stable9.1] Don't log credentials of LoginController::tryLogin (#25902)…
… (#25935)

* Don't log credentials of LoginController::tryLogin - fixes #25895

* Don't log password in loginWithPassword
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment