Invalid password/updater.secret + Login UI broken #263

Closed
vanMacG opened this Issue Mar 5, 2016 · 10 comments

Projects

None yet

3 participants

@vanMacG
vanMacG commented Mar 5, 2016

Steps to reproduce

  1. Install oC 9.0 RC2
  2. Switch to Release-Channel "daily" to get an update notification
  3. Click on button to Update Center

Expected behaviour

When I directly access owncloud/updater/index.php login page looks as follow:
updater1

Actual behaviour

when clicking the link from admin-panel it looks like this:
updater2

It's both with Firefox and Chrome.

Server configuration

Operating system: Linux dd27002 3.2.0-98-generic #138-Ubuntu SMP Mon Jan 11 12:33:01 UTC 2016 x86_64

Web server: Apache

Database: SQLite

PHP version: 7.0.2

ownCloud version: ownCloud 9.0.0 RC2

Updated from an older ownCloud or fresh install: fresh install

Where did you install ownCloud from: RC2.zip

Client configuration

Browser: Firefox 44.0.2 & Chrome 49.0.2623.75 m

Operating system: Windows 7

@vanMacG
vanMacG commented Mar 5, 2016

Ok, this has something to do with a login-error.
When directly accessing the updater and page looks ok, after entering the secret I get the same broken site (and UI) as when accessing through admin-panel...

@vanMacG
vanMacG commented Mar 5, 2016

I removed some characters from updater.secret for security reason. I removed only letters and numbers, maybe the special-characters are the problem?

The content of config/config.php:

'ockrkkdcwj9i', 'passwordsalt' => 'xxx', 'secret' => 'xxx', 'trusted_domains' => array ( 0 => 'xxx.eu', ), 'datadirectory' => '/www/htdocs/w0069a6f/testing/oc9rc2/owncloud/data', 'overwrite.cli.url' => 'http://xxx.eu/testing/oc9rc2/owncloud', 'dbtype' => 'sqlite3', 'version' => '9.0.0.17', 'logtimezone' => 'UTC', 'installed' => true, 'updater.secret' => '$2y$10$S3.Hntw/Ylp[...]xO.Bn[...]eRIm', );
@vanMacG vanMacG changed the title from Login UI broken when link in admin panel is used to Invalid password/updater.secret + Login UI broken Mar 5, 2016
@vanMacG
vanMacG commented Mar 5, 2016

Sorry for spaming this issue with comments, but things are realy getting strange here...
Everytime I try to access the updater (aka click the link in admin-panel), the updater.secret value in config.php gets changed/overwritten.
Now it's: 'updater.secret' => '$2y$10$B0Szju.ubAI6o3ogby[...]QOq',

@karlitschek
Member
@LukasReschke
Member

Very strange. This works fine for me locally here. So what I did:

  1. Install http://download.owncloud.org/community/testing/owncloud-9.0.0RC2.tar.bz2
  2. Change to daily channel in admin menu
  3. Clear cookies and relogin so that the new version is certainly displayed
  4. Click open updater
  5. Updater is displayed properly here.

Everytime I try to access the updater (aka click the link in admin-panel), the updater.secret value in config.php gets changed/overwritten.

This is the expected behaviour.


Any chance that you could grant me administrative access to this instance of yours? That would help debugging a lot. You can find my mail address in my profile.

@LukasReschke LukasReschke self-assigned this Mar 5, 2016
@LukasReschke
Member

Ok. It's the famous "CGI does not pass HTTP_AUTHORIZATION header" issue we also always enjoy in core… Let me think of a workaround……

@LukasReschke LukasReschke added a commit that referenced this issue Mar 5, 2016
@LukasReschke LukasReschke Use custom header
PHP used in CGI mode will eat the Authorization header and thus the authentication never worked.

Fixes #263
9a7bfc4
@LukasReschke LukasReschke added a commit that referenced this issue Mar 5, 2016
@LukasReschke LukasReschke Use custom header
PHP used in CGI mode will eat the Authorization header and thus the authentication never worked.

Fixes #263
a7c2641
@LukasReschke LukasReschke added bug and removed needs info labels Mar 5, 2016
@LukasReschke
Member

Fixes are at:

Thanks a lot @vanMacG for the access to the affected instance. Helped a lot 🚀

@karlitschek I'd highly recommend 9.0 here as this affects the usability of the updater app for people using PHP in CGI mode.

@vanMacG
vanMacG commented Mar 5, 2016

@LukasReschke You're welcome!

@karlitschek
Member

Another one.
Please backport to 9.0.0 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment