oauth2 icon indicating copy to clipboard operation
oauth2 copied to clipboard

using wrong user and then retrying the correct user does not connect the desktop client

Open individual-it opened this issue 3 years ago • 2 comments

Steps to reproduce

  1. Connect to an oc10 server with oauth2 as admin
  2. Log out in the client
  3. Start login process in the client
  4. Open the browser
  5. Log in with an other existing user
  6. retry the process because you have used the wrong user
  7. re-login in the browser as the correct user

see also comment of @fmoc in https://github.com/owncloud/client/issues/10300#issuecomment-1329161751

Expected behaviour

When re-logging in as the correct user the oauth2 authentication should work

Actual behaviour

after using the wrong user in the browser, it tells you to switch the user :+1: image

after switching the user and authorizing the app an error is shown :-1: image

on the client the user can try again image

after re trying the authentication works

Server configuration

  • Operating system: Ubuntu 22-04
  • Web server: Apache
  • Database: MySQL
  • PHP version: 7.4
  • ownCloud version: 10.11.0 (git)
  • Updated from an older ownCloud or fresh install: fresh
  • Where did you install ownCloud from: git
  • The content of config/config.php:
{
    "system": {
        "instanceid": "ocuv4s8d5xsv",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "192.168.56.1"
        ],
        "datadirectory": "\/home\/artur\/www\/owncloud-core\/data",
        "overwrite.cli.url": "http:\/\/localhost\/owncloud-core",
        "htaccess.RewriteBase": "\/owncloud-core",
        "dbtype": "mysql",
        "version": "10.11.0.6",
        "logtimezone": "UTC",
        "theme": "",
        "loglevel": 0,
        "maintenance": false,
        "default_language": "en",
        "singleuser": false,
        "ldapIgnoreNamingRules": false,
        "sharing.federation.allowHttpFallback": true,
        "files_external_allow_create_new_local": "true",
        "enable_previews": false,
        "dbname": "owncloud_20211231",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "trusted_proxies": {
            "1": "10.4.1.248",
            "2": "127.0.0.1"
        },
        "apps_paths": [
            {
                "path": "\/home\/artur\/www\/owncloud-core\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/home\/artur\/www\/owncloud-core\/apps-external",
                "url": "\/apps-external",
                "writable": true
            }
        ],
        "cors.allowed-domains": [
            "http:\/\/localhost:9100",
            "http:\/\/localhost\/owncloud-web"
        ],
        "installed": true,
        "dav.enable.tech_preview": true,
        "license-key": "***REMOVED SENSITIVE VALUE***",
        "web.rewriteLinks": "true",
        "web.baseUrl": "http:\/\/localhost\/owncloud-web\/dist",
        "csrf.disabled": "true",
        "allow_user_to_change_mail_address": "",
        "mail_smtpport": "1025",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "log_type": "owncloud",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "grace_period.demo_key.show_popup": false,
        "skeletondirectory": "\/home\/artur\/www\/owncloud-core\/apps\/testing\/data\/tinySkeleton"
    }
}
  • List of activated apps:
  - activity:
    - Version: 2.7.0
    - Path: /home/artur/www/owncloud-core/apps/activity
  - comments:
    - Version: 0.3.0
    - Path: /home/artur/www/owncloud-core/apps/comments
  - dav:
    - Version: 0.7.0
    - Path: /home/artur/www/owncloud-core/apps/dav
  - diagnostics:
    - Version: 0.1.4
    - Path: /home/artur/www/owncloud-core/apps/diagnostics
  - federatedfilesharing:
    - Version: 0.5.0
    - Path: /home/artur/www/owncloud-core/apps/federatedfilesharing
  - federation:
    - Version: 0.1.0
    - Path: /home/artur/www/owncloud-core/apps/federation
  - files:
    - Version: 1.5.2
    - Path: /home/artur/www/owncloud-core/apps/files
  - files_external:
    - Version: 0.9.0
    - Path: /home/artur/www/owncloud-core/apps/files_external
  - files_mediaviewer:
    - Version: 1.0.5
    - Path: /home/artur/www/owncloud-core/apps-external/files_mediaviewer
  - files_sharing:
    - Version: 0.14.0
    - Path: /home/artur/www/owncloud-core/apps/files_sharing
  - files_texteditor:
    - Version: 2.3.0
    - Path: /home/artur/www/owncloud-core/apps/files_texteditor
  - files_trashbin:
    - Version: 0.9.1
    - Path: /home/artur/www/owncloud-core/apps/files_trashbin
  - files_versions:
    - Version: 1.3.0
    - Path: /home/artur/www/owncloud-core/apps/files_versions
  - gallery:
    - Version: 16.1.2
    - Path: /home/artur/www/owncloud-core/apps-external/gallery
  - market:
    - Version: 0.6.1
    - Path: /home/artur/www/owncloud-core/apps/market
  - oauth2:
    - Version: 0.5.2
    - Path: /home/artur/www/owncloud-core/apps-external/oauth2
  - provisioning_api:
    - Version: 0.5.0
    - Path: /home/artur/www/owncloud-core/apps/provisioning_api
  - systemtags:
    - Version: 0.3.0
    - Path: /home/artur/www/owncloud-core/apps/systemtags
  - testing:
    - Version: 0.1.0
    - Path: /home/artur/www/owncloud-core/apps/testing
  - updatenotification:
    - Version: 0.2.1
    - Path: /home/artur/www/owncloud-core/apps/updatenotification
Disabled:
  - brute_force_protection:
    - Path: /home/artur/www/owncloud-core/apps/brute_force_protection
  - contacts:
    - Path: /home/artur/www/owncloud-core/apps/contacts
  - customgroups:
    - Path: /home/artur/www/owncloud-core/apps/customgroups
  - encryption:
    - Path: /home/artur/www/owncloud-core/apps/encryption
  - files_primary_s3:
    - Path: /home/artur/www/owncloud-core/apps/files_primary_s3
  - guests:
    - Path: /home/artur/www/owncloud-core/apps/guests
  - more-fun-theme:
    - Path: /home/artur/www/owncloud-core/apps/more-fun-theme
  - multidirtest:
    - Path: /home/artur/www/owncloud-core/apps/multidirtest
  - notes:
    - Path: /home/artur/www/owncloud-core/apps/notes
  - notifications:
    - Path: /home/artur/www/owncloud-core/apps/notifications
  - password_policy:
    - Path: /home/artur/www/owncloud-core/apps/password_policy
  - ransomware_protection:
    - Path: /home/artur/www/owncloud-core/apps/ransomware_protection
  - search_elastic:
    - Path: /home/artur/www/owncloud-core/apps/search_elastic
  - security:
    - Path: /home/artur/www/owncloud-core/apps/security
  - theme-example:
    - Path: /home/artur/www/owncloud-core/apps/theme-example
  - twofactor_totp:
    - Path: /home/artur/www/owncloud-core/apps/twofactor_totp
  - user_ldap:
    - Path: /home/artur/www/owncloud-core/apps/user_ldap
  - user_management:
    - Path: /home/artur/www/owncloud-core/apps/user_management
  - windows_network_drive:
    - Path: /home/artur/www/owncloud-core/apps-external/windows_network_drive

  • Are you using encryption: no

Logs

ownCloud log (data/owncloud.log)

{"reqId":"163540ae-2afe-4c4d-ba6f-363f80407412","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/capabilities?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"163540ae-2afe-4c4d-ba6f-363f80407412","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/capabilities?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"72d0eaf4-603d-4c49-b07e-51c5c0d28d4b","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/user?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"72d0eaf4-603d-4c49-b07e-51c5c0d28d4b","level":0,"time":"2022-11-30T04:22:32+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/ocs\/v2.php\/cloud\/user?format=json","message":"updating token 620, last check is now 1669782026"}
{"reqId":"29b66069-e87a-4584-bdda-65dcd79c3106","level":0,"time":"2022-11-30T04:22:33+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"GET","url":"\/owncloud-core\/remote.php\/dav\/avatars\/admin\/128.png","message":"updating token 620, last check is now 1669782026"}
{"reqId":"29b66069-e87a-4584-bdda-65dcd79c3106","level":0,"time":"2022-11-30T04:22:33+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"webdav","method":"GET","url":"\/owncloud-core\/remote.php\/dav\/avatars\/admin\/128.png","message":"Exception: HTTP\/1.1 404 Not Found: {\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotFound\",\"Message\":\"\",\"Code\":0,\"Trace\":\"#0 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Tree.php(78): OCA\\\\DAV\\\\Avatars\\\\AvatarHome->getChild()\\n#1 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Tree.php(51): Sabre\\\\DAV\\\\Tree->getNodeForPath()\\n#2 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(76): OCA\\\\DAV\\\\Tree->getNodeForPath()\\n#3 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/event\\\/lib\\\/WildcardEmitterTrait.php(89): Sabre\\\\DAV\\\\CorePlugin->httpGet()\\n#4 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(472): Sabre\\\\DAV\\\\Server->emit()\\n#5 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/lib\\\/composer\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(253): Sabre\\\\DAV\\\\Server->invokeMethod()\\n#6 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Server.php(348): Sabre\\\\DAV\\\\Server->start()\\n#7 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(31): OCA\\\\DAV\\\\Server->exec()\\n#8 \\\/home\\\/artur\\\/www\\\/owncloud-core\\\/remote.php(165): require_once('\\\/home\\\/artur\\\/www...')\\n#9 {main}\",\"File\":\"\\\/home\\\/artur\\\/www\\\/owncloud-core\\\/apps\\\/dav\\\/lib\\\/Avatars\\\/AvatarHome.php\",\"Line\":66}"}
{"reqId":"20f674e3-efb8-4559-abad-3f0344f3b4fd","level":0,"time":"2022-11-30T04:22:35+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
{"reqId":"e01c89af-98f5-4fba-9777-78a93457c041","level":0,"time":"2022-11-30T04:22:57+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
{"reqId":"f8ce576a-e979-4d2b-ad81-cf652510e183","level":0,"time":"2022-11-30T04:23:16+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}
{"reqId":"e6bdfa8d-695d-4e9d-8432-2a86605e3095","level":0,"time":"2022-11-30T04:23:27+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"OC\\Authentication\\Token\\DefaultTokenProvider::updateToken","method":"PROPFIND","url":"\/owncloud-core\/remote.php\/dav\/files\/admin\/","message":"updating token 620, last check is now 1669782026"}

individual-it avatar Nov 30 '22 04:11 individual-it

Duplicate for https://github.com/owncloud/oauth2/issues/309 ?

michaelstingl avatar Nov 30 '22 08:11 michaelstingl

I don't think so. This is absolutely reproducible, and handled completely on the server side. The client doesn't even get told there's an error.

fmoc avatar Nov 30 '22 10:11 fmoc