Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tried to log in "user" but could not verify token #37492

Open
6 of 9 tasks
smart7324 opened this issue Mar 30, 2023 · 66 comments
Open
6 of 9 tasks

Tried to log in "user" but could not verify token #37492

smart7324 opened this issue Mar 30, 2023 · 66 comments
Labels
1. to develop Accepted and waiting to be taken care of 26-feedback 27-feedback bug feature: authentication needs review Needs review to determine if still applicable

Comments

@smart7324
Copy link

smart7324 commented Mar 30, 2023

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • Nextcloud Server is running on 64bit capable CPU, PHP and OS.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

As soon as I open Nextcloud in a new tab, I get redirected to login page and have to login again. Then always the first login fails/nothing happens, so I have to login twice. I am seeing lots of "Tried to log in "user" but could not verify token" errors in log.

It is only happening on Safari (macOS, iOS, iPadOS), tried several versions, also did a clean install of Nextcloud 26 and still the same. Also tried with another user account on a different Mac.

At first I thought it could be related to #33919, but it doesn't seem to be the case. I really spent many hours in trying to get this fixed, but I have no clue, why it is not working.

Steps to reproduce

  1. Login to Nextcloud in Safari
  2. Open another tab and open Nextcloud (alternatively close browser and open it again)
  3. You will be redirected to login page and the message "Tried to log in "user" but could not verify token" is in log file.

Expected behavior

The user should still be logged in and not be redirected to login page.

Installation method

Community Manual installation with Archive

Nextcloud Server version

26

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "26.0.0.11",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "mail_smtpsecure": "tls",
        "mail_sendmailmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "csrf.disabled": true,
        "integrity.check.disabled": true,
        "logfile": "\/var\/www\/cloud\/data\/nextcloud.log",
        "loglevel": 4,
        "enable_previews": true,
        "remember_login_cookie_lifetime": 31536000,
        "session_lifetime": 31536000,
        "session_relaxed_expiry": true,
        "session_keepalive": true,
        "simpleSignUpLink.shown": false,
        "htaccess.IgnoreFrontController": true,
        "default_phone_region": "DE",
        "default_language": "de",
        "force_language": "de",
        "theme": "***REMOVED SENSITIVE VALUE***",
        "defaultapp": "files",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "updater.release.channel": "stable"
    }
}

List of activated Apps

Enabled:
  - cloud_federation_api: 1.9.0
  - comments: 1.16.0
  - dav: 1.25.0
  - federatedfilesharing: 1.16.0
  - files: 1.21.1
  - files_pdfviewer: 2.7.0
  - files_rightclick: 1.5.0
  - files_sharing: 1.18.0
  - files_versions: 1.19.1
  - logreader: 2.11.0
  - lookup_server_connector: 1.14.0
  - notes: 4.7.2
  - notifications: 2.14.0
  - oauth2: 1.14.0
  - password_policy: 1.16.0
  - provisioning_api: 1.16.0
  - related_resources: 1.1.0-alpha1
  - settings: 1.8.0
  - sharebymail: 1.16.0
  - systemtags: 1.16.0
  - theming: 2.1.1
  - theming_customcss: 1.13.0
  - twofactor_backupcodes: 1.15.0
  - updatenotification: 1.16.0
  - viewer: 1.10.0
  - workflowengine: 2.8.0
Disabled:
  - activity: 2.18.0 (installed 2.14.3)
  - admin_audit: 1.16.0
  - bruteforcesettings: 2.6.0 (installed 2.3.0)
  - circles: 26.0.0 (installed 26.0.0)
  - contactsinteraction: 1.7.0 (installed 1.7.0)
  - dashboard: 7.6.0 (installed 7.1.0)
  - encryption: 2.14.0
  - extract: 1.3.5 (installed 1.3.5)
  - federation: 1.16.0 (installed 1.16.0)
  - files_external: 1.18.0
  - files_texteditor: 2.15.0 (installed 2.15.0)
  - files_trashbin: 1.16.0 (installed 1.11.0)
  - firstrunwizard: 2.15.0 (installed 2.15.0)
  - nextcloud_announcements: 1.15.0 (installed 1.15.0)
  - photos: 2.2.0 (installed 1.3.0)
  - privacy: 1.10.0 (installed 1.10.0)
  - recommendations: 1.5.0 (installed 1.0.0)
  - serverinfo: 1.16.0 (installed 1.12.0)
  - support: 1.9.0 (installed 1.9.0)
  - survey_client: 1.14.0 (installed 1.9.0)
  - suspicious_login: 4.4.0
  - text: 3.7.2 (installed 3.3.0)
  - twofactor_totp: 8.0.0-alpha.0
  - user_ldap: 1.16.0
  - user_status: 1.6.0 (installed 1.1.1)
  - weather_status: 1.6.0 (installed 1.1.0)

Nextcloud Signing status

No response

Nextcloud Logs

{"reqId":"***REMOVED SENSITIVE VALUE***","level":1,"time":"2023-03-30T11:50:23+00:00","remoteAddr":"***REMOVED SENSITIVE VALUE***","user":"--","app":"core","method":"GET","url":"/login","message":"Tried to log in user but could not verify token","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15","version":"26.0.0.11","data":{"app":"core"}}

Additional info

No response

@smart7324 smart7324 added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Mar 30, 2023
@TheCrimsonLady
Copy link

TheCrimsonLady commented Apr 4, 2023

I also had this issue today and I could only fix it with a database maintenance run (command below).
my environment infos:

root@Nextcloud:# apache2 -v
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2023-03-08T17:32:54
root@Nextcloud:# php --version
PHP 8.1.17 (cli) (built: Mar 16 2023 14:38:17) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.17, Copyright (c) Zend Technologies
with Zend OPcache v8.1.17, Copyright (c), by Zend Technologies
root@Nextcloud:# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal
root@Nextcloud:# cat /var/www/nextcloud/version.php
$OC_Version = array(26,0,0,11);
$OC_VersionString = '26.0.0';
$OC_Edition = '';
$OC_Channel = 'stable';
$OC_VersionCanBeUpgradedFrom = array (
'nextcloud' =>
array (
'25.0' => true,
'26.0' => true,
),
'owncloud' =>
array (
'10.11' => true,
),
);
$OC_Build = '2023-03-21T09:23:03+00:00 62cfd3b';
$vendor = 'nextcloud';

(PostgreSQL) 12.14 (Ubuntu 12.14-0ubuntu0.20.04.1)

How I fix the loop:
alias FIX_LOOP='cd /var/www/nextcloud && sudo -u www-data php ./occ maintenance:repair'
and then wait 30 minutes for the rate limiting to cool down.

iOS is the latest 16.04 (20E247)

here is an excerpt from my logs when I tried to log in with my admin account:
Screenshot 2023-04-04 at 21 22 02

Please answer to this if I should provide more info

@smart7324
Copy link
Author

I gave it a try, but this didn't work for me. Same issue. It also happened to me on a clean new install. So we definitely need help here. At this time NC is completely unusable on Safari no matter what apple device...

@Yetangitu
Copy link

Yetangitu commented Apr 6, 2023

(moved from #33919)

This problem does not seem to have been solved in v26.0.0.11 - even though #35419 was merged - seeing how as I'm currently unable to login using Firefox/Android on a device which had a single tab open yesterday. Deleting site data does not change this, nor does running occ maintenance:repair.

I can login using a different browser but not with Firefox, all I get is an empty page showing the site logo and the footer - there is no error message but no login/password request either.

This does not work:

  • deleting all site data and cookies for the domain
  • force-stopping and restarting Firefox/Android
  • rebooting the device
  • trying different network connections - wifi, 4G, VPN
  • deleting browsing history for the affected domain
  • using another open session to delete all sessions for the affected device (in Settings->Security->Devices & Sessions)
  • updating Firefox/Android (to 111.0)
  • running occ maintenance:repair
  • burning black candles in a fairy ring in the forest while chanting obscure incantations (well, did not try but I don't think it would work)

This does work:

  • using a different browser
  • using private mode in Firefox

The error message in the log is the one which has been shown countless times already: Tried to log in "username" but could not verify token:

{"reqId":"aupvuif3Msicz86FxhbY","level":1,"time":"April 06, 2023 06:06:04","remoteAddr":"192.168.9.2","user":"--","app":"core","method":"GET","url":"/login","message":"Tried to log in frank but could not verify token","userAgent":"Mozilla/5.0 (Android 9; Mobile; rv:109.0) Gecko/112.0 Firefox/112.0","version":"26.0.0.11","data":{"app":"core"}}
{"reqId":"q8JEudtB0oT3gfNqLYye","level":1,"time":"April 06, 2023 06:06:04","remoteAddr":"192.168.9.2","user":"--","app":"core","method":"GET","url":"/apps/theming/image/background?v=27","message":"Tried to log in frank but could not verify token","userAgent":"Mozilla/5.0 (Android 9; Mobile; rv:109.0) Gecko/112.0 Firefox/112.0","version":"26.0.0.11","data":{"app":"core"}}

The really annoying thing is that I do not get a chance to login at all since the login/password request does not show up - only the site logo and the footer on an otherwise empty page.

@ChristophWurst ChristophWurst changed the title [Bug]: Safari: Tried to log in "user" but could not verify token [Bug]: Tried to log in "user" but could not verify token Apr 6, 2023
@ChristophWurst ChristophWurst added 1. to develop Accepted and waiting to be taken care of and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Apr 6, 2023
@Yetangitu
Copy link

Yetangitu commented Apr 6, 2023

Another thing which does work:

  1. enable USB debugging in Firefox/Android
  2. connect it to another machine though USB
  3. open the debugger on the Nextcloud tab
  4. go to the Network section
  5. make sure that 'Disable cache' is checked
  6. reload the tab

This way I do get a login/password request. It seems that Firefox' Clear cookies and site data is not enough to actually clear everything related to the page.

@TheCrimsonLady
Copy link

Update: This now happens multiple times per day, which is a lot worse than it was before updating to NC 26

@smart7324
Copy link
Author

This is really a serious issue. Right now, I can't use NC with Safari... I am getting logged out every page refresh, so it's completely unusable. Are there any updates? :)

@mafjensengithub
Copy link

Some of the new issues could be related to a safari bug: https://bugs.webkit.org/show_bug.cgi?id=255524

@TheCrimsonLady
Copy link

Maybe iOS 17 brings a change or the root cause is found somewhere else, either way I hope this will soon be solved because sometimes I can’t log into my NC for days

@smart7324
Copy link
Author

Seems to be fixed for me with iOS 16.5 and macOS 13.4.

@TheCrimsonLady
Copy link

Updated a few days ago and for me it seems to be just as bad as before. Haven’t replied earlier because I wanted to gather some data.

@smart7324
Copy link
Author

smart7324 commented Jun 14, 2023

I'm no longer experiencing any issues, also on NC 27.0.0. We can close here.

@TheCrimsonLady
Copy link

TheCrimsonLady commented Jun 16, 2023

I updated ~12h ago and just had this issue reappear. Setup is NC in a Ubuntu 20.04 LXC run on Proxmox 7.4-3.

Kernel: 5.15.107-2-pve
Ubuntu: Ubuntu 20.04.6 LTS
PHP: PHP 8.1.17 (cli) (built: Mar 16 2023 14:38:17) (NTS) Copyright (c) The PHP Group Zend Engine v4.1.17, Copyright (c) Zend Technologies with Zend OPcache v8.1.17, Copyright (c), by Zend Technologies
Apache Server version: Apache/2.4.41 (Ubuntu)
NC version: 27.0.0.8

Reverse Proxy: Nginx-Proxy-Manager
RP version: 2.10.3

Client: iOS 16.5 - Safari
Screenshot 2023-06-16 at 07 51 26
Screenshot 2023-06-16 at 07 52 19
Screenshot 2023-06-16 at 07 50 11

Did you do anything else than simply updating NC to fix this? It is getting more and more frustrating to use NC since I can't access it ~50% of the time I need to

@smart7324
Copy link
Author

Okay hm, I also didn’t experience the bug on NC 26 since iOS 16.5… I did not change anything, but it’s just working.

So I reopen this issue for you.

@smart7324 smart7324 reopened this Jun 16, 2023
@TheCrimsonLady
Copy link

Thanks a lot

that’s weird… Do you think my or any reverse proxy could be an issue since my TLS connection is terminated there?
I can’t really think of anything else that could cause this in my setup

@smart7324
Copy link
Author

Honestly I don't think so, as I also had this issue and don't have a reverse proxy. I also did some debugging, but I haven't found anything...
Is it working with other browsers for you?

@TheCrimsonLady
Copy link

TheCrimsonLady commented Jun 16, 2023

I rarely use other devices to access my NC, but I had a few situations where this error occurred with my employer provided laptop.
On my Debian laptop with Firefox, I had a kinda similar error where i was kinda logged in, but was repeatedly kicked out of NC with the error message in the browser „you are not logged in“. Even when I logged out and back in, this error would persist. I blamed a weird cookie issue and just let it be.

Another possibility that just came to mind: I’m basically always connected to my VPN server at home, which gives my phone, my Mac and NC the same public IP address. Could this be an issue?

(Just for clarification: the issue for me is almost exclusively in iOS, macOS only caused this error once since NC 24 plus the rare occurrences on windows or Linux with Firefox)

@smart7324
Copy link
Author

Hm very interesting… Sorry, but I don’t know if your ip can be a source of the issue. Maybe someone else can help?

@TheCrimsonLady
Copy link

Yeah me neither, I’m just throwing guesses at the wall here to see what sticks haha

To anyone reading this: all suggestions are welcome

Btw, I played around on my work phone (also iPhone and safari) and was able to provoke the error relatively quickly with two open tabs and some reloads/NC-App switching
The error occurred but I was not logged out however, that also happens a lot

@MrRies
Copy link

MrRies commented Jul 20, 2023

Hi,
We have also been struggling with this problem for about two months. Even an update to version 27 has not brought any improvement. On the contrary, we have the feeling that the bug has increased significantly in recent weeks.
In the meantime, our power users can no longer use Nextcloud on certain days.

Even deleting the cookies only helps to a limited extent. After deleting them, they are simply set again and the problem is back.

Our Nextcloud is connected to a very large LDAP directory of our institution. We have about 70 active users (once a week) and about 20 power users (every day, several hours). We are thinking that a connection to the LDAP could be increasing the problem, but probably the trigger is somewhere else.

Access is via a reverse proxy (nginx). There, too, we have already changed some settings for header modification, but without any noticeable effect.
In addition, the token errors are occurring more and more frequently with reports of a brute force attack. For this reason, we have to deactivate the brute force detection in the meantime in order not to be locked out all the time. Apparently, Nextcloud counts every expired cookie as a failed login.

It is frustrating. The error pattern is so varied that it is difficult for us to identify the origin of the error.

@TheCrimsonLady
Copy link

Yes, that’s also my experience
And that’s on a very small instance with only me as a user.
what client devices do your users use? Maybe we have an overlap and can help narrow down the scope for the devs

@MrRies
Copy link

MrRies commented Jul 20, 2023

Yes, great idea.
We have tested our way through various browsers: Chrome, Edge, Firefox and Opera. The problem is the same everywhere. Most users use Windows machines.
However, the problem also occurs with our iOS, iPadOS and Android users. Also with Safari, Brave, Opera, Chrome...
We haven't had a chance to test it on MacOS yet.

Sometimes our users are even logged out of the Nextcloud apps (iOS+Android). Talk in particular (which we use a lot).

We initially thought there was a connection with the use of Nextcloud calendars via CardDAV or in connection with app passwords, which a handful of our users are using. However, we could not find any further evidence for this.

@ChristophWurst
Copy link
Member

Could you please apply https://github.com/nextcloud/server/commit/02591953bc488aa424f058035ad39fa7b3beb723.patch as well? It's an amendment to #40628 so that it logs the request that wins the race for the token.

@TheCrimsonLady
Copy link

Will do when I’m home

@TheCrimsonLady
Copy link

All-Messages-search-result-part-1.csv
All-Messages-search-result-part-2.csv

I applied the patch and played around a bit (I redacted any tokens, IPs and domains).
Is this format helpful for you? Should I test specific scenarios or filter for certain keywords? Because right now this is basically the full log after the patch apply and reboot on debug level.

@ChristophWurst
Copy link
Member

The format is fine. Thanks!

First:

2023-09-27T22:25:56.086+02:00;Nextcloud;Remember-me token TOKEN1/some_extras?/ for root replaced by TOKEN2

Later:

2023-09-27T22:28:02.133+02:00;Nextcloud;Tried to log in root but could not find token TOKEN3 in database
2023-09-27T22:28:02.133+02:00;Nextcloud;Tried to log in root but could not find token TOKEN3 in database
2023-09-27T22:28:02.133+02:00;Nextcloud;Tried to log in root but could not find token TOKEN3 in database
2023-09-27T22:28:02.133+02:00;Nextcloud;Tried to log in root but could not find token TOKEN3 in database

But then also

2023-09-27T22:28:02.133+02:00;Nextcloud;Remember-me token TOKEN3 for root replaced by TOKEN4

so token2 is never used. token3 appears out of nowhere.

Did you have more than one browser or devices connected? e.g. desktop+phone.

@TheCrimsonLady
Copy link

TheCrimsonLady commented Sep 28, 2023

Ah yes, my bad

I was just focused on provoking the error and didn't think about multiple devices. I just recreated the situation with just one device but the overall situation seems to be the same:

Screenshot 2023-09-28 at 09 00 47

What I did:
closed the NC app on my Mac and closed tabs on my work phone. Then after some minutes I opened Safari on my private phone, closed an inactive tab and opened a new one. Only when I opened the new tab, logs started appearing.
Once the new tab loaded, I logged in (twice, as noted yesterday) and you see the logs above.

Edit:
Due to the time stamps all reading the same, I just want to point out that the newest entry is on top and the oldest at the bottom

@ChristophWurst
Copy link
Member

I have a new idea. What if the remember-me logic does its job but the concurrent requests cause the web session to be deleted from the database? that would also end a session. I'll prepare some more logging patches 😩

@TheCrimsonLady

This comment was marked as off-topic.

@ChristophWurst
Copy link
Member

password reset is off-topic. look for existing tickets or create a new one if there is none. Attached the log entries as text please to make it searchable.

@TheCrimsonLady
Copy link

Thought this may be a related issue or a symptom of the same root cause
Sorry for the extra message, please ignore

@KenBW2
Copy link

KenBW2 commented Nov 16, 2023

I am experiencing frequent logouts, but I don't believe it's the same issue reported here, since I don't get the "Tried to login but couldn't verify token" error

In fact I don't get an error at all. I did open a new ticket nextcloud/all-in-one#3674 but that's been closed and directed here.

I've noticed that sometimes I get this issue where the header is logged in, and the content is logged out:

Screenshot from 2023-11-16 00-24-30

I just clicked the Files icon in the header in a new tab and I am still logged in

@KenBW2
Copy link

KenBW2 commented Nov 16, 2023

Today I was logged out and saw the login page without the header being logged in.

Opening a new tab didn't have me logged in again

@ChristophWurst
Copy link
Member

We can't pinpoint it but #40879, #41318 or a related change must have helped with this problem because it now happens seldom. The theory is that we use session_regenerate_id less often, which is documented to be problematic at https://www.php.net/manual/en/function.session-regenerate-id.php

Warning: Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

@ChristophWurst ChristophWurst removed their assignment Dec 27, 2023
@ChristophWurst ChristophWurst added 1. to develop Accepted and waiting to be taken care of and removed 2. developing Work in progress labels Dec 27, 2023
@cdauth
Copy link

cdauth commented Feb 11, 2024

Wanted to mention that I'm seeing exactly the symptoms described here, but in Chromium and only after waking up from standby. I always have a few Nextcloud tabs open in my browser, and I assume at least some of them are polling the server and keep me logged in. When my computer goes to standby and wakes up again, the different Nextcloud apps that are open show error notifications or misbehave in different ways, and when I reload the page I get forwarded to the login page. The log shows a Tried to log in but could not verify token error for every resource that the browser tried to load.

On the login page I have to log in twice. After the first attempt, the login page simply shows up again without any error. The second attempt works properly. It does not make a difference whether I type the right password on the first attempt. Reloading the login page does not count as an attempt. After the first attempt, I see IP address throttled because it reached the attempts limit in the last 30 minutes [action: login, delay: 200, ip: ...] on the log and Bruteforce attempt from \"...\" detected for action \"login\".

@TheCrimsonLady
Copy link

What NC version are you on which and reverse proxy are you using with what settings?
I’m asking because with the latest version, the issue is way less frequent, but not fully gone.

Also, in the past few days after updating, I’ve had a basic http login pop up sometimes while on mobile when I’m opening a new NC tab. I wanted to investigate further before I comment again here, so if anyone else has this problem, maybe we could crowd source how to reliably reproduce this

@cdauth
Copy link

cdauth commented Feb 11, 2024

I'm running the stable docker image, which seem to be version 27.1.4. If there have been any relevant changes recently, I could also upgrade to latest.

I'm running the docker image with APACHE_DISABLE_REWRITE_IP=1 (to let Nextcloud rather than Apache handle the proxy headers). In my Nextcloud config I have

  'trusted_proxies' =>
  array (
    0 => '127.0.0.0/8',
    1 => '172.16.0.0/12',
    2 => '192.168.0.0/16',
    3 => '10.0.0.0/8',
    4 => 'fc00::/7',
  ),

Requests are coming in from a traefik reverse proxy running on 10.10.2.1.

Also, I have 'session_lifetime' => 1209600, configured, but the issue happens reproducibly every time my laptop was in standby for a few hours.

@joshtrichards
Copy link
Member

joshtrichards commented Feb 12, 2024

Every one on this thread that thinks they're experiencing this issue:

  • Please make sure your proxy is not configured to do any caching (e.g. NPM's Cache Assets must be disabled - it's not appropriate for use with Nextcloud Server, if you are using your own proxy configuration please review how you've configured caching in the proxy itself)

This variable (which is an invalid configuration) needs to be eliminated first so that only the logs/symptoms/code paths of any underlying bug(s) are visible.

@cdauth
Copy link

cdauth commented Feb 13, 2024

For my case, I'm pretty sure that traefik doesn't do any caching. (I'm not sure what you mean by NPM's Cache Assets.)

@GNU-Plus-Windows-User
Copy link

I'm not sure if this is relevant or the best place to post, but I'm posting this here since this is the best thread I can find on the issue. I used to see this exact error in my log on occasion(While also being logged out), but now I do not see it anymore, and my issue has gotten worse (being logged out multiple times a day) ever since upgrading to 28.0.5. I also used to have to log in twice when I was logged out with a "Temporary error please try again" but now I sometimes won't even see that error.

I originally thought it may have to do with having Nextcloud Mail(Since I had this happen multiple times with mail open), but it doesn't always happen with Nextcloud Mail so I think it's just a coincidence.

I get errors like these in my logs, but an error isn't always logged when I get logged out.

Exception
HMAC does not match.
Could not decrypt or decode encrypted session data

I've been also getting these new errors since very recently:

InvalidTokenException
Token does not exist: redacted
Renewing session token failed: Token does not exist: redacted

This issue doesn't happen with the desktop client or mobile client, only with browsers. I've encountered this issue on both Brave and Graphene OS's Vanadium, but I haven't tested other browsers so I'm not sure if it's all browsers or just specific browsers.

@yan12125
Copy link
Contributor

yan12125 commented May 1, 2024

I have been affected the "could not verify token" error for at least months, and such errors seem more common recently. Those errors happen with Firefox on either Arch Linux or Windows.

I tried the latest patch from #40628 (https://github.com/nextcloud/server/commit/908c381018ba95ee1c13d11d35414db3248782d8.patch) with Nextcloud 28.0.4, and got two errors:

Tried to log in yen but ran into concurrent session revival
OC\\Http\\CookieHelper::setCookie(): Argument #2 ($value) must be of type string, null given, called in /usr/share/webapps/nextcloud/lib/private/User/Session.php on line 1062

The second error is from:

\OC\Http\CookieHelper::setCookie(
'nc_token',
$token,
$maxAge,
$webRoot,
'',
$secureCookie,
true,
\OC\Http\CookieHelper::SAMESITE_LAX
);

which is understandable as $token is null due to the first error.

As a record, I use nginx and I believe cache is disabled with the following configuration: (from NginxProxyManager/nginx-proxy-manager#389 (comment))

      proxy_no_cache 1;
      proxy_cache_bypass 1;
      proxy_cache off;

@yan12125
Copy link
Contributor

yan12125 commented May 3, 2024

Got a different error message (redacted)

Tried to log in xxx but could not find token yyy in database

In the database, the token yyy is indeed missing. I got no results with:

select * from nextcloud.oc_preferences where appid = 'login_token' and configKey = 'yyy';

@yan12125
Copy link
Contributor

I have a new idea. What if the remember-me logic does its job but the concurrent requests cause the web session to be deleted from the database? that would also end a session. I'll prepare some more logging patches 😩

Concurrent requests may not be the (only) issue. I still get the following error after disabling HTTP/2 altogether. I assume there are no concurrent requests with HTTP/1.1.

Tried to log in <redacted> but could not find token  in database

@joshtrichards joshtrichards added the needs review Needs review to determine if still applicable label Sep 25, 2024
@nvskamesh
Copy link

I had this same issue for almost a month now. It would happen sporadically. Restarting the Nextcloud server didn't make a difference. It would not work on Safari, but work on Firefox and Safari private window. I bumped into this thread via Google search and taking queues from here, I tried disabling "Cache Assets"option in my Nginx Proxy Manager. I didn't even clear the safari cookies and website data and the login started working now. I don't get this error anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1. to develop Accepted and waiting to be taken care of 26-feedback 27-feedback bug feature: authentication needs review Needs review to determine if still applicable
Projects
Status: 🏗️ In progress
Development

Successfully merging a pull request may close this issue.

15 participants