Nextcloud 14.0.1.1 login is broken for passwords longer than 214 bytes

[bodograumann]

This morning I did an update of nextcloud with php updater.phar --no-interaction.
Unfortunately since then nextcloud only returns an internal server error. The log says:

{
	"reqId":"N7p0B9Sx8jkHbjXyT6IO",
	"level":3,
	"time":"2018-09-28T15:24:45+00:00",
	"remoteAddr":"92.116.121.156",
	"user":"--",
	"app":"index",
	"method":"GET",
	"url":"\/",
	"message":{
		"Exception":"TypeError",
		"Message":"base64_encode() expects parameter 1 to be string, null given",
		"Code":0,
		"Trace":[
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":241,"function":"base64_encode","args":[null]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":307,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":270,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","bodo","bodo","*** sensitive parameter replaced ***","Mozilla\/5.0 (Windows NT 10.0; Win64; x64 AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/52.0.2743.116 Safari\/537.36 Edge\/15.15063",0,0]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":2015,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":578,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":763,"function":"loginWithToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/base.php","line":1031,"function":"tryTokenLogin","class":"OC\\User\\Session","type":"->","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/base.php","line":976,"function":"handleLogin","class":"OC","type":"::","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}
		],
		"File":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php",
		"Line":241,
		"CustomMessage":"--"
	},
	"userAgent":"Mozilla\/5.0 (Windows NT 6.3) AppleWebKit\/537.36 (KHTML, like Gecko Chrome\/70.0.3538.5 Safari\/537.36",
	"version":"14.0.1.1"
}

Server configuration

Operating system:
Ubuntu 16.04 LTS

Web server:
Apache 2.4.18

Database:
MariaDB

PHP version:
php-7.0.32-0ubuntu0.16.04.1

Nextcloud version: (see Nextcloud admin page)
14.0.1.1

List of activated apps:

App list

Enabled: - accessibility: 1.0.1 - activity: 2.7.0 - bookmarks: 0.13.0 - bruteforcesettings: 1.1.0 - calendar: 1.6.2 - cloud_federation_api: 0.0.1 - comments: 1.4.0 - contacts: 2.1.6 - dav: 1.6.0 - federatedfilesharing: 1.4.0 - federation: 1.4.0 - files: 1.9.0 - files_pdfviewer: 1.3.2 - files_sharing: 1.6.2 - files_texteditor: 2.6.0 - files_trashbin: 1.4.1 - files_versions: 1.7.1 - files_videoplayer: 1.3.0 - firstrunwizard: 2.3.0 - gallery: 18.1.0 - logreader: 2.0.0 - lookup_server_connector: 1.2.0 - mail: 0.10.0 - news: 13.0.1 - nextcloud_announcements: 1.3.0 - notifications: 2.2.1 - oauth2: 1.2.1 - password_policy: 1.4.0 - provisioning_api: 1.4.0 - serverinfo: 1.4.0 - sharebymail: 1.4.0 - support: 1.0.0 - survey_client: 1.2.0 - systemtags: 1.4.0 - theming: 1.5.0 - twofactor_backupcodes: 1.3.1 - updatenotification: 1.4.1 - workflowengine: 1.4.0 Disabled: - admin_audit - encryption - files_external - tasks - user_external - user_ldap

Nextcloud configuration:

Config report

{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "next.grmnn.de" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "14.0.1.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "maintenance": false, "theme": "", "loglevel": 0, "mysql.utf8mb4": true, "mail_smtpmode": "php", "mail_smtpauthtype": "LOGIN", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***" }, "apps": { "accessibility": { "enabled": "yes", "installed_version": "1.0.1", "types": "" }, "activity": { "enabled": "yes", "installed_version": "2.7.0", "types": "filesystem" }, "backgroundjob": { "lastjob": "255" }, "bookmarks": { "enabled": "yes", "installed_version": "0.13.0", "types": "" }, "bruteforcesettings": { "enabled": "yes", "installed_version": "1.1.0", "types": "" }, "calendar": { "enabled": "yes", "installed_version": "1.6.2", "types": "" }, "cloud_federation_api": { "enabled": "yes", "installed_version": "0.0.1", "types": "filesystem" }, "comments": { "enabled": "yes", "installed_version": "1.4.0", "types": "logging" }, "contacts": { "enabled": "yes", "installed_version": "2.1.6", "types": "" }, "core": { "backgroundjobs_mode": "cron", "installed.bundles": "[\"CoreBundle\"]", "installedat": "1494521336.5784", "lastcron": "1538148633", "lastupdateResult": "[]", "lastupdatedat": "1538115343", "moveavatarsdone": "yes", "oc.integritycheck.checker": "{\"news\":{\"FILE_MISSING\":{\"vendor\\\/ezyang\\\/htmlpurifier\\\/maintenance\\\/.htaccess\":{\"expected\":\"4d51270ac56b1600199cd52c4f0fc34171bb306db59761863c87978049b771a053ebb80c8dda03b4d98bf5e43361ec0e1e1d2ad4b01fc315fb809b40acd23843\",\"current\":\"\"}}}}", "previewsCleanedUp": "1", "public_files": "files_sharing\/public.php", "public_webdav": "dav\/appinfo\/v1\/publicwebdav.php", "scss.variables": "84cfcb9d5861e1f5620e38d6f8245843", "updater.secret.created": "1521675954", "vendor": "nextcloud" }, "dav": { "buildCalendarSearchIndex": "yes", "enabled": "yes", "installed_version": "1.6.0", "types": "filesystem" }, "direct_menu": { "enabled": "no", "installed_version": "0.10.2", "types": "" }, "federatedfilesharing": { "enabled": "yes", "installed_version": "1.4.0", "types": "" }, "federation": { "enabled": "yes", "installed_version": "1.4.0", "types": "authentication" }, "files": { "cronjob_scan_files": "500", "enabled": "yes", "installed_version": "1.9.0", "types": "filesystem" }, "files_pdfviewer": { "enabled": "yes", "installed_version": "1.3.2", "types": "" }, "files_sharing": { "enabled": "yes", "installed_version": "1.6.2", "types": "filesystem" }, "files_texteditor": { "enabled": "yes", "installed_version": "2.6.0", "types": "" }, "files_trashbin": { "enabled": "yes", "installed_version": "1.4.1", "types": "filesystem,dav" }, "files_versions": { "enabled": "yes", "installed_version": "1.7.1", "types": "filesystem,dav" }, "files_videoplayer": { "enabled": "yes", "installed_version": "1.3.0", "types": "" }, "firstrunwizard": { "enabled": "yes", "installed_version": "2.3.0", "types": "logging" }, "gallery": { "enabled": "yes", "installed_version": "18.1.0", "types": "" }, "logreader": { "enabled": "yes", "installed_version": "2.0.0", "levels": "11111", "ocsid": "170871", "types": "" }, "lookup_server_connector": { "enabled": "yes", "installed_version": "1.2.0", "types": "authentication" }, "mail": { "enabled": "yes", "installed_version": "0.10.0", "types": "" }, "news": { "enabled": "yes", "installed_version": "13.0.1", "types": "" }, "nextcloud_announcements": { "enabled": "yes", "installed_version": "1.3.0", "pub_date": "Sat, 10 Dec 2016 00:00:00 +0100", "types": "logging" }, "notifications": { "enabled": "yes", "installed_version": "2.2.1", "types": "logging" }, "oauth2": { "enabled": "yes", "installed_version": "1.2.1", "types": "authentication" }, "password_policy": { "enabled": "yes", "installed_version": "1.4.0", "types": "" }, "provisioning_api": { "enabled": "yes", "installed_version": "1.4.0", "types": "prevent_group_restriction" }, "serverinfo": { "enabled": "yes", "installed_version": "1.4.0", "types": "" }, "sharebymail": { "enabled": "yes", "installed_version": "1.4.0", "types": "filesystem" }, "support": { "enabled": "yes", "installed_version": "1.0.0", "types": "" }, "survey_client": { "enabled": "yes", "installed_version": "1.2.0", "types": "" }, "systemtags": { "enabled": "yes", "installed_version": "1.4.0", "types": "logging" }, "tasks": { "enabled": "no", "installed_version": "0.9.6", "ocsid": "164356", "types": "" }, "theming": { "enabled": "yes", "installed_version": "1.5.0", "types": "logging" }, "twofactor_backupcodes": { "enabled": "yes", "installed_version": "1.3.1", "types": "" }, "updatenotification": { "bookmarks": "0.12.2", "bruteforcesettings": "1.1.0", "calendar": "1.6.1", "contacts": "2.1.5", "core": "13.0.6.1", "enabled": "yes", "files_pdfviewer": "1.2.1", "installed_version": "1.4.1", "mail": "0.8.3", "news": "12.0.4", "notify_groups": "[\"admin\",\"maintenance\"]", "tasks": "0.9.7", "theming": "1.4.5", "types": "", "update_check_errors": "0" }, "workflowengine": { "enabled": "yes", "installed_version": "1.4.0", "types": "filesystem" } } }

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

[nextcloud-bot]

GitMate.io thinks possibly related issues are #9204 (Nextcloud upgrade to version 13.0.1), #3119 (Default calendar not showing after Upgrade to Nextcloud 11.0.1), #8768 (oc_phonetrack_points crash Nextcloud after update), #10429 (All contacts disappears after 4.0.0 Beta 1 update), and #5092 (Calendar and contact synchronisation with Thunderbird broken after migration to Nextcloud 12.0.0).

[jollaman999]

Same here :(
Same issue & Same log

Using nginx with MariaDB

[kesselb]

Ref #11227 (not exactly the same problem but looks like another issue with openssl configuration)

[darkrain88]

add dump 'var_dump(openssl_error_string()); exit();'

result

[darkrain88]

log file:

{"reqId":"Psaz1uPHdaqR9Tg4Dg2k","level":3,"time":"2018-10-02T13:01:41+00:00","remoteAddr":"2409:8920:8813:843:24c5:422e:7418:6018","user":"--","app":"index","method":"GET","url":"\/","message":{"Exception":"TypeError","Message":"Argument 1 passed to OC\\Authentication\\Token\\PublicKeyTokenProvider::encrypt() must be of the type string, null given, called in \/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php on line 307","Code":0,"Trace":[{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":307,"function":"encrypt","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":270,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","admin","admin","$$$abs$$$","Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36",0,1]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":70,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","$$$abs$$$"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/User\/Session.php","line":578,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/User\/Session.php","line":763,"function":"loginWithToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/base.php","line":1031,"function":"tryTokenLogin","class":"OC\\User\\Session","type":"->","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/base.php","line":976,"function":"handleLogin","class":"OC","type":"::","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},{"file":"\/opt\/wwwroot\/Nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":220,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36","version":"14.0.1.1"}

[darkrain88]

almost。the same。problem

[bodograumann]

Just had a look at the code where the error occurs and it seems that the PublicKeyToken implementation is brand new in version 14. So unfortunately no way to bisect.
The main problem is that the line openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING); does not fill $encryptedPassword, but leaves it at null.

[kesselb]

@bodograumann #11227 (check this thread for possible solutions)

[bodograumann]

I checked there, but to no avail.

• openssl_error_string only gives error:0E06D06C:configuration file routines:NCONF_get_string:no value, which supposedly is no real error
• /etc/ssl/openssl.cnf is readable by nextcloud just fine
• My suspicion is correct, that openssl_public_encrypt in PublicKeyTokenProvider::encryptPassword returns false. I.e. the encryption failed.

But then I found the following: it works if the password is short enough! Try this:

$password = 'gidatsrgaintdrsginatdsrigantdgrsiantdsriagntdsrgainatdsgriantdsgirantdsigarntdsgiarntdsgiarntdsgiarntdsgiarntdsrgiantdsgriantdsgiarntgdrsgiantdsgrinatdsraintdsgriantdsrgiantdsrgiantdsrgiantdsrgiantdsrgniadstrngiadsrntgdsriantdsgirantqflnzxdflozdtvzgiadstrtntztdsgiarzntdfsoglianztvdsgriaznvtdslgaizntvdslgiazwdvfzgnaidfltznoqxudfgltnzdgailnzratqdgisalzvtdfgialzvtdfgliztdflaizntdflgiznoadftvslzngiadfslatzdgafilztndfgaiztdsglianztdfslaginztdflgaizdftvlzngaifdlsant';
$config = ['digest_alg' => 'sha512', 'private_key_bits' => 2048];
$res = openssl_pkey_new($config);
var_dump(openssl_pkey_export($res, $privateKey));
$publicKey = openssl_pkey_get_details($res)['key'];
var_dump(openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING));

:Facepalm: Of course. The message string, i.e. the password, can not be longer than the key, which only has 2048 bits...

[rullzer]

@bodograumann thanks for the tests in #11619

However, I do not expect to soon find the time to look into this. As for 214 characters (while I'm against upper limits in general) does seem like a very reasonable password length.

Of course if somebody has a PR to fix this it is more than welcome.

[bodograumann]

I also don’t see an easy way to fix this.
For now I have reset my password to one with “only” 214 characters ;-)

occ user:resetpassword bodo

[rullzer]

@bodograumann still thanks for looking into this. I'll try to get this into the docs so it is at least documented.

[bodograumann]

It seems this also affects all my previously created app-passwords. E.g. with webdav:

{
	"reqId":"vUdS6JCFQy463t9CbeDs",
	"level":3,
	"time":"2018-10-05T05:14:22+00:00",
	"remoteAddr":"92.116.70.156",
	"user":"--",
	"app":"remote",
	"method":"PROPFIND",
	"url":"\/remote.php\/dav\/calendars\/bodo\/personal\/",
	"message":{
		"Exception":"TypeError",
		"Message":"base64_encode() expects parameter 1 to be string, null given",
		"Code":0,
		"Trace":[
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":242,"function":"base64_encode","args":[null]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":308,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":271,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","fairphone-davdroid",1,0]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":1882,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":480,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":404,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":130,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php","line":105,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":252,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":155,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":201,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":150,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Server.php","line":293,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
			{"file":"\/home\/users\/bodo\/www\/nextcloud\/remote.php","line":163,"args":["\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php"],"function":"require_once"}
		],
		"File":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":242,"CustomMessage":"--"},
		"userAgent":"DAVdroid\/2.0.4-ose (2018\/09\/10; dav4android; okhttp\/3.11.0) Android\/6.0.1",
		"version":"14.0.1.1"
	}

Do I really have to regenerate and redistribute all of them?

[darkrain88]

i have to use 13.0.6 again

this folder add. more key files make it failed

[rullzer]

@bodograumann ah so before 14 a password change made all your tokens invalid. Now with 14 we try to migrate to the new keys. But this then of course fails for you :( So unfortunatly yes. I'm sorry for that.

[ozinfotech]

I had a similar error message as shown below. My password was only 200 characters but had, however, high ANSI characters in it. I performed a password reset via
occ user:resetpassword username
and was able to log in and recover the files.

{"reqId":"faBUZ5AgZ332JkFMgvcj","level":3,"time":"2018-12-04T16:37:57-06:00","remoteAddr":"[internal_ip]","user":"[username]","app":"remote","method":"HEAD","url":"\/remote.php\/webdav\/","message":{"Exception":"TypeError","Message":"base64_encode() expects parameter 1 to be string, null given","Code":0,"Trace":[{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":242,"function":"base64_encode","args":[null]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":308,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":70,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":69,"function":"generateToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":641,"function":"generateToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":440,"function":"createSessionToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":130,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php","line":105,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":253,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":155,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":201,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":150,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/remote.php","line":163,"args":["\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":242,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows) mirall\/2.3.2 (build 1) (Nextcloud)","version":"14.0.4.2"}
{"reqId":"8W0PVtdKiZp9jkDyCtyy","level":4,"time":"2018-12-04T16:41:06-06:00","remoteAddr":"[internal_ip]","user":"[username]","app":"webdav","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"TypeError: base64_encode() expects parameter 1 to be string, null given","Code":0,"Trace":[{"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/remote.php","line":72,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/remote.php","line":168,"function":"handleException","args":[{"__class__":"TypeError"}]}],"File":"\/var\/www\/nextcloud\/remote.php","Line":70,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows) mirall\/2.3.2 (build 1) (Nextcloud)","version":"14.0.4.2"}

[bodograumann]

@ozinfotech That is to be expected. I probably should have said bytes instead of characters ;-) The encryption algorithm ultimately acts on bytes

[ozinfotech]

@bodograumann ah so before 14 a password change made all your tokens invalid. Now with 14 we try to migrate to the new keys. But this then of course fails for you :( So unfortunatly yes. I'm sorry for that.

At least you've got an idea of what's going on. Thanks for working on it.

@ozinfotech That is to be expected. I probably should have said bytes instead of characters ;-) The encryption algorithm ultimately acts on bytes

I suspected as much, but didn't dig in to the code. I'm glad you had posted your solution as that was helpful for me to get back up and going.

[0xb0ba]

use openssl_pkey_export($res, $privateKey, NULL, $config)

[jomo]

I just ran into this issue after updating from 13 to 14. I have per-user encryption enabled. Running occ user:resetpassword <user> as suggested above prints:

Warning: Resetting the password when using encryption will result in data loss!

How can I change the password without losing data?

---

Edit: After resetting the password and logging in, I was able to change the private key password to match my login password:

[Ancillius]

Can confirm: Still an issue in 17.0.3

Can this at least be fixed by limiting the input field for passwords and within the JS Check?

Log entry is:
{"Exception":"Exception","Message":"base64_encode() expects parameter 1 to be string, null given"...

Trigger: A user set the password to a 256 char string.

[szaimen]

Hi, please update to 24.0.8 or better 25.0.2 and report back if it fixes the issue. Thank you!

[bodograumann]

Had to update my server first before nextcloud.
Also installed the latest nextcloud 25 and using longer passwords now works.
Thanks for the fix :-)