Android: Multiple sessions for same device

The whole concept of app password (you call it "session") is that if you change your main password the app password remain valid.
I tested this on latest master:

• login with android client
• change password on web
• still working android client

@rullzer is this something know with old servers? He is running 13.07?

Sorry, my bad, I'm on 15.07

Is there anything in your server log? If you see "Renewing session token failed" please try https://github.com/nextcloud/server/issues/13431#issuecomment-520350497 and post the log here.

Seeing the same since the last App-Update (3.7.2). Note that I am not chaning my password or the app-password. I just re-login because the App asks me to.

As mentioned in #3623, there is nothing in my Server logs and only one type of entry in the Nextcloud-Log:

openssl_sign(): supplied key param cannot be coerced into a private key at _XXX_/apps/notifications/lib/Controller/PushController.php#121

But I had this before the update and everything was working. No other messages appear and the same message comes up after rollback to the previous app (3.7.1) that is working. So I do not think this message is related.

Nextcloud Version is 15.0.11

Can you provide us additional infos via logcat? https://github.com/nextcloud/android/blob/master/README.md#getting-debug-info-via-logcat

I am not sure which part of log is needed, but somehow your app thinks that login is not correct and therefore triggers a re-login…

Sorry, can't do that. All my devices are in use at the moment and the ones I don't need don't have root access. Might find the time later to get you what you need, but definitively not very soon.

I get the same issue:

Android NextCloud client version 3.7.2
Nextcloud 16.0.4

Android app wants me to log in, so I do that. After I tap "Grant Access" it loops back into login. Second time I try it, the Android app crashes.

It creates session after session with the same name (Name of my phone) but the phone can never log in! Really bad bug. Previous versions of the NextCloud Android client worked just fine. Something broke in 3.7.2.

Edit: I can't use adb or logcat on my phone. For some bizarre reason, ADB only works if I boot into TWRP.

The message at the time right after I tap 'Grant Access' is:
openssl_sign(): supplied key param cannot be coerced into a private key at \/nextcloud\/apps\/notifications\/lib\/Controller\/PushController.php#121

Reverting to "Old login method" works for me. Something really broken with this new login system. I'm not about to delete my account on Nextcloud to fix it.. I don't want the files and settings and data to go away.

@tdm4 is it possible to disable the notifications app and try again? Is there nothing else in your nextcloud.log?

https://github.com/nextcloud/notifications/blob/a614d6ea5766e487bda1d39a820b61307fef0334/lib/Controller/PushController.php#L121

For some reason it's not possible to use the users key.

https://github.com/nextcloud/server/blob/f49448087f2dbddb2140358e6c2d5bd22d3fe6fb/lib/private/Security/IdentityProof/Manager.php#L64-L71

The IdentityManager used to create calls openssl in a similar way like the PublicKeyTokenProvider. We discovered some weird errors if openssl_pkey_new and openssl_pkey_export are not called with the same config object.

https://github.com/nextcloud/server/pull/16495

cc @rullzer @nickvergessen

So this is not a problem with the login flow but rather with the notification we try to generate and the key that is tried to be generated or is wrongly generated for whatever reason. As pointed out by @kesselb.

We should harden this. But I'm not sure why it happens in the first place.

As @kesselb suggest please disable the notifications app and try again.

Also could you check something

1. go to your data folder
2. go to your appdata folder (`appdata_)
3. go to identityproof
4. go to user-<YOUR USERID>
5. paste me to content of the public file

Hardening server pr in: https://github.com/nextcloud/server/pull/17074

@kesselb - Nextcloud Android client 3.8.0 RC5 works fine.

This request did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

@kesselb @teddy19 I was getting the same error: openssl_sign(): supplied key param cannot be coerced into a private key at \/nextcloud\/apps\/notifications\/lib\/Controller\/PushController.php#121 and I managed to fix it:

1. Put site in maint mode
2. Remove ALL the directories and keys in nextcloud/data/appdata_<RANDOMCHARS>/identityproof/*
3. Logged into postgresql, ran: delete from oc_filecache where path like '%identityproof/user-%';
4. Took site out of maint mode

For whatever reason, the code that generates those keys in identityproof changed and the new code couldn't deal with it.

Removing all the keys and logging back in again fixed the issue for me. Also fixed issues where people tried to join Nextcloud Talk calls and couldn't.
(ref: https://github.com/nextcloud/talk-android/issues/773)

Thank you for the suggestion @tdm4! I just tried it and it seems it did not break anything. Will monitor what happens beyond not breaking it :wink:
Thanks again for the hint!