Desktop: Windows: webview for log in doesn't log in, shows account home page instead
Expected behaviour
When entering my credentials in the login page shown by the nextcloud client webview, the webview should close and the client should start syncing.
Actual behaviour
When entering my credentials in the login page shown by the nextcloud client webview, the webview then refreshes to show the home page of my account, with the list of my folders and files. The main window of the nextcloud client remains forever at "Connecting to [my server] as [my user account]".
Steps to reproduce
- The earlier nextcloud client (which was logging in correctly) self-updates to nextcloud client 2.6.0stable-Win64 (build 20190927)
- The account is no longer connected, so: Account → Log In
- In the webview popup, enter valid credentials
- Instead of closing and completing authentication for the client, the webview shows home page.
Client configuration
Client version: Version 2.6.0stable-Win64 (build 20190927). This release was supplied by Nextcloud GmbH Built from Git revision e0b32c on Sep 27 2019, 17:12:59 using Qt 5.12.5, OpenSSL 1.1.1d 10 Sep 2019
Operating system: Windows 10
OS language: English
Qt version used by client package (Linux only, see also Settings dialog):
Client package (From Nextcloud or distro) (Linux only):
Installation path of client: C:\Program Files (x86)\Nextcloud
Server configuration
Nextcloud version: 9.1.6.1 (unable to upgrade at present)
Storage backend (external storage):
Logs
Please use Gist (https://gist.github.com/) or a similar code paster for longer
logs.
Client logfile: client-log-redacted.txt, username and server hostname redacted.
Web server error log:
Server logfile: nextcloud log (data/nextcloud.log):
daniel-callejas-sevilla
All 7 comments
Your server version is heavily outdated and your data and safety are at high risk! :-O
Please upgrade your server as soon as possible or consider setting up a fresh install, NC 17 is our current release!!
Sorry but we cannot support such outdated server versions for eternity ;-/
If you really must have longer support, enterprise support guarantees a longer maintenance life cycle.
misch7
on 10 Oct 2019
Thanks. I'll open a separate bug against the desktop client updater. It should not upgrade to a version that is incompatible with the current server.
daniel-callejas-sevilla
on 10 Oct 2019
@daniel-callejas-sevilla No, just don't!^^
There is no check performed which version of the server you have when looking for client updates (and no we will not implement it for this reason).
Please just upgrade your software more regularly. I know it sucks but we all have to do it ;-/
And especially from a security perspective: It's not a suitable workaround to hide updates just to avoid spending time on upgrading your server ;-P
misch7
on 10 Oct 2019
I appreciate being able to have this discussion. Thanks!
Please consider your user experience: user A upgrades to latest client version and gets locked out of his sync feature, lazy sysadmin B is none the wiser, and user A is left with no clue or hint how to dig himself out of a problem he can't blame for.
I would suggest instead that client 2.6.0 complains loudly about server being outdated, instead of showing confusing behavior.
daniel-callejas-sevilla
on 10 Oct 2019
Me too in the meantime!
Consider your service's user experience: Lazy admin doesn't update their systems for more than 3 years and complains at the app vendor for releasing new software and communicating it to it's users.
That's confusing behaviour to me.
Seriously: There can be no excuse for exposing your users to such a security risk for years. Be honest to yourself, you know it.
misch7
on 10 Oct 2019
You didn't address the point I was making:
Lazy sysadmin B has not complained to anyone and might never do. For all we know, lazy sysadmin B might just as well be dead in the woods since 2016.
On the other hand, you're answering to github issues opened by blameless user A. You could avoid these issues being opened in the first place by having the client check that the server runs a supported version. A simple pop-up "Your nextcloud server version is not supported by this desktop client." would have prevented me from opening this issue and set me on the right track.
daniel-callejas-sevilla
on 10 Oct 2019
I sincerely hope you get the point of my recommendations.
Anyways we have a code of conduct and it would be good to get familiar with it:
https://nextcloud.com/contribute/code-of-conduct/
If you like to suggest a feature, you're welcome and since this is open-source your contribution of code would also be more than welcome.
misch7
on 10 Oct 2019
Related issues
klada
·
80Comments
NeoFromMatrix
·
53Comments
ir0nhide
·
103Comments
e-alfred
·
71Comments
biva
·
44Comments
Most helpful comment
Me too in the meantime!
Consider your service's user experience: Lazy admin doesn't update their systems for more than 3 years and complains at the app vendor for releasing new software and communicating it to it's users.
That's confusing behaviour to me.
Seriously: There can be no excuse for exposing your users to such a security risk for years. Be honest to yourself, you know it.