Invalid Token page is not shown when creating a new user via mail with some configuration

[davitol]

Following the steps written in this ticket: #32672

- Create `admin` user
- Create `user1` with `foo@gmail.com`
- Received the email to set the password for `user1`. Now delete `user1`
- Create `user1` again with a different email address, lets say `bar@gmail.com`
- Received the email for setting up the password.
- Now try to access the link from `foo@gmail.com`, user sees that token is invalid. Correct behaviour.
- Try to access link from `bar@gmail.com`, user sees password setting page, where new password can be set. Correct behaviour.

In the step Now try to access the link from foo@gmail.com, user sees that token is invalid. Correct behaviour. => The invalid token page is not shown and a blank page is shown

Note: the exception log is spotted in owncloud.log (Right behavior)

{"reqId":"V0zvSvmE2z2iWgsbLRTt","level":3,"time":"2018-09-12T11:27:52+00:00","remoteAddr":"172.18.0.1","user":"admin","app":"settings","method":"GET","url":"\/settings\/users\/setpassword\/form\/778541946200999515415\/diego","message":"Exception: {\"Exception\":\"OCP\\\\UserTokenMismatchException\",\"Message\":\"The token provided is invalid.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/settings\\\/Controller\\\/UsersController.php(523): OC\\\\Settings\\\\Controller\\\\UsersController->checkPasswordSetToken('778541946200999...', 'diego')\\n#1 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(153): OC\\\\Settings\\\\Controller\\\\UsersController->setPasswordForm('778541946200999...', 'diego')\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(85): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(100): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(46): OC\\\\AppFramework\\\\App::main('UsersController', 'setPasswordForm', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(342): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(909): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#7 \\\/var\\\/www\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#8 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/settings\\\/Controller\\\/UsersController.php\",\"Line\":578}"}

@sharidas JFYI

[davitol]

Some pals reported it worked fine in their oC instances using 10.0.10.RC2 tarball but it did not work for me

[ownclouders]

GitMate.io thinks the contributor most likely able to help you is @PVince81.

Possibly related issues are #30853 (A log is shown when we create a regular user), #222 (Creating new users not possible), #739 (Can't create user), #18070 (Unable to create new user), and #32224 (Missing DisplayName when creating new user).

[PVince81]

At this step "Now try to access the link from foo@gmail.com, user sees that token is invalid. Correct behaviour." my browser page keeps loading, 100% CPU on Apache and I also see

{"reqId":"nEbbYz4gwl1IcfYYukm9","level":3,"time":"2018-09-12T16:03:56+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"settings","method":"GET","url":"\/owncloudtest\/index.php\/settings\/users\/setpassword\/form\/488468357490152559649\/user1","message":"Exception: {\"Exception\":\"OCP\\\\UserTokenMismatchException\",\"Message\":\"The token provided is invalid.\",\"Code\":0,\"Trace\":\"
#0 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/settings\\\/Controller\\\/UsersController.php(523): OC\\\\Settings\\\\Controller\\\\UsersController->checkPasswordSetToken('488468357490152...', 'user1')\\n
#1 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(153): OC\\\\Settings\\\\Controller\\\\UsersController->setPasswordForm('488468357490152...', 'user1')\\n
#2 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(85): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n
#3 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/App.php(100): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n
#4 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(46): OC\\\\AppFramework\\\\App::main('UsersController', 'setPasswordForm', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n
#5 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/Route\\\/Router.php(342): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n
#6 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/base.php(909): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n
#7 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/index.php(54): OC::handleRequest()\\n
#8 {main}\",\"File\":\"\\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/settings\\\/Controller\\\/UsersController.php\",\"Line\":575}"}

There is likely some kind of infinite loop.

[PVince81]

@sharidas please investigate. Let me know if you're not able to reproduce as I had a setup with that.

[sharidas]

@PVince81 I am able to get the token invalid page, for the token which is invalid. Perhaps few more details would be helpful here to reproduce the setup.

[PVince81]

Ok, this happens because both @davitol and I have the sentry app enabled.
It is iterating over all $exception->getPrevious() and from what I see getPrevious() is the same instance, so there's an infinite loop.

[PVince81]

@sharidas please fix all the UserTokenException* to properly handle the $previous argument. Don't ever pass $this there as it would cause infinite loop.

While debugging through the catch blocks I noticed that in one location you have an if statement that checks getPrevious(), so you'll likely need to also adjust all handlers. Better grep for all locations then.