Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticated ciphertext could not be decoded #468

Open
tobiasKaminsky opened this issue Dec 10, 2024 · 5 comments
Open

Authenticated ciphertext could not be decoded #468

tobiasKaminsky opened this issue Dec 10, 2024 · 5 comments

Comments

@tobiasKaminsky
Copy link
Member

tobiasKaminsky commented Dec 10, 2024

Describe the bug

{
  "reqId": "ObUipdnIDrRtHVTcJDyU",
  "level": 3,
  "time": "2024-12-10T09:51:59+00:00",
  "remoteAddr": "2a02:8071:64e0:7bc0:2f86:72c1:6a64:1cb5",
  "user": "admin",
  "app": "index",
  "method": "GET",
  "url": "/settings/apps",
  "message": "Authenticated ciphertext could not be decoded.",
  "userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0",
  "version": "31.0.0.6",
  "exception": {
    "Exception": "Exception",
    "Message": "Authenticated ciphertext could not be decoded.",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/html/lib/private/Security/Crypto.php",
        "line": 102,
        "function": "decryptWithoutSecret",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/apps/app_api/lib/DeployActions/DockerActions.php",
        "line": 626,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/html/apps/app_api/lib/Service/ExAppsPageService.php",
        "line": 46,
        "function": "initGuzzleClient",
        "class": "OCA\\AppAPI\\DeployActions\\DockerActions",
        "type": "->"
      },
      {
        "file": "/var/www/html/apps/settings/lib/Controller/AppSettingsController.php",
        "line": 97,
        "function": "provideAppApiState",
        "class": "OCA\\AppAPI\\Service\\ExAppsPageService",
        "type": "->"
      },
      {
        "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 200,
        "function": "viewApps",
        "class": "OCA\\Settings\\Controller\\AppSettingsController",
        "type": "->"
      },
      {
        "file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 114,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/html/lib/private/AppFramework/App.php",
        "line": 161,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/html/lib/private/Route/Router.php",
        "line": 306,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/html/lib/base.php",
        "line": 1019,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/html/index.php",
        "line": 24,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/html/lib/private/Security/Crypto.php",
    "Line": 114,
    "message": "Authenticated ciphertext could not be decoded.",
    "exception": {},
    "CustomMessage": "Authenticated ciphertext could not be decoded."
  }
}

Steps/Code to Reproduce

use latest master
access apps

Expected Results

no error

Actual Results

/

Setup configuration

/

@andrey18106
Copy link
Collaborator

@tobiasKaminsky I think it is related to the recent changes to encrypt the secrets, is this migration executed on your instance: https://github.com/nextcloud/app_api/blob/main/lib/Migration/Version5000Date20241120135411.php ( occ migrations:status app_api)?

@tobiasKaminsky
Copy link
Member Author

No. I did not migrated anything.
But also:

$ ./occ migrations:status app_api

                                               
  Command "migrations:status" is not defined.  
                                               
  Did you mean one of these?                   
      encryption:status                        
      migrations:preview                       
      twofactorauth:state   

@andrey18106
Copy link
Collaborator

andrey18106 commented Dec 10, 2024

No. I did not migrated anything. But also:

$ ./occ migrations:status app_api

                                               
  Command "migrations:status" is not defined.  
                                               
  Did you mean one of these?                   
      encryption:status                        
      migrations:preview                       
      twofactorauth:state   

This command is available only with debug => true, you can set it via NC_<config_name> environment: NC_debug=true php occ migrations:status app_api.

There is was missing app version bump so the migration is not triggered to execute with app update.
Since app_api shipped and main branch is dev currently for NC31 we don't bump version so just run: occ migrations:execute app_api 5000Date20241120135411 to execute new migration to encrypt secret values and it should work then.

@oleksandr-nc
Copy link
Contributor

oleksandr-nc commented Dec 10, 2024

We should do the same as in Spreed(Talk) - by default the current version in the main branch is with the "devХ" suffix and then we can bump it.

When releasing a new version of the server, we remove this prefix and start counting from the zero minor version, to be with server repo in sync.

We cannot bump version 5.0.0 here now (with the dev suffix it will be a smaller version, I think), initially we had to add the suffix.

Now we can only add the suffix when NC31 comes out, and the next version in the main branch here should be 6.0.0-dev.0

@tobiasKaminsky
Copy link
Member Author

Since app_api shipped and main branch is dev currently for NC31 we don't bump version so just run: occ migrations:execute app_api 5000Date20241120135411 to execute new migration to encrypt secret values and it should work then.

This solved it 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants