Server: Nextcloud 14.0.1.1 login is broken for passwords longer than 214 bytes

Created on 28 Sep 2018  Â·  21Comments  Â·  Source: nextcloud/server

This morning I did an update of nextcloud with php updater.phar --no-interaction.
Unfortunately since then nextcloud only returns an internal server error. The log says:

{
    "reqId":"N7p0B9Sx8jkHbjXyT6IO",
    "level":3,
    "time":"2018-09-28T15:24:45+00:00",
    "remoteAddr":"92.116.121.156",
    "user":"--",
    "app":"index",
    "method":"GET",
    "url":"\/",
    "message":{
        "Exception":"TypeError",
        "Message":"base64_encode() expects parameter 1 to be string, null given",
        "Code":0,
        "Trace":[
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":241,"function":"base64_encode","args":[null]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":307,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":270,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","bodo","bodo","*** sensitive parameter replaced ***","Mozilla\/5.0 (Windows NT 10.0; Win64; x64 AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/52.0.2743.116 Safari\/537.36 Edge\/15.15063",0,0]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":2015,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":578,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":763,"function":"loginWithToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/base.php","line":1031,"function":"tryTokenLogin","class":"OC\\User\\Session","type":"->","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/base.php","line":976,"function":"handleLogin","class":"OC","type":"::","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}
        ],
        "File":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php",
        "Line":241,
        "CustomMessage":"--"
    },
    "userAgent":"Mozilla\/5.0 (Windows NT 6.3) AppleWebKit\/537.36 (KHTML, like Gecko Chrome\/70.0.3538.5 Safari\/537.36",
    "version":"14.0.1.1"
}

Server configuration

Operating system:
Ubuntu 16.04 LTS

Web server:
Apache 2.4.18

Database:
MariaDB

PHP version:
php-7.0.32-0ubuntu0.16.04.1

Nextcloud version: (see Nextcloud admin page)
14.0.1.1

List of activated apps:


App list
Enabled:

  • accessibility: 1.0.1
  • activity: 2.7.0
  • bookmarks: 0.13.0
  • bruteforcesettings: 1.1.0
  • calendar: 1.6.2
  • cloud_federation_api: 0.0.1
  • comments: 1.4.0
  • contacts: 2.1.6
  • dav: 1.6.0
  • federatedfilesharing: 1.4.0
  • federation: 1.4.0
  • files: 1.9.0
  • files_pdfviewer: 1.3.2
  • files_sharing: 1.6.2
  • files_texteditor: 2.6.0
  • files_trashbin: 1.4.1
  • files_versions: 1.7.1
  • files_videoplayer: 1.3.0
  • firstrunwizard: 2.3.0
  • gallery: 18.1.0
  • logreader: 2.0.0
  • lookup_server_connector: 1.2.0
  • mail: 0.10.0
  • news: 13.0.1
  • nextcloud_announcements: 1.3.0
  • notifications: 2.2.1
  • oauth2: 1.2.1
  • password_policy: 1.4.0
  • provisioning_api: 1.4.0
  • serverinfo: 1.4.0
  • sharebymail: 1.4.0
  • support: 1.0.0
  • survey_client: 1.2.0
  • systemtags: 1.4.0
  • theming: 1.5.0
  • twofactor_backupcodes: 1.3.1
  • updatenotification: 1.4.1
  • workflowengine: 1.4.0
    Disabled:
  • admin_audit
  • encryption
  • files_external
  • tasks
  • user_external
  • user_ldap

Nextcloud configuration:


Config report
{
"system": {
"instanceid": "REMOVED SENSITIVE VALUE",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"next.grmnn.de"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"overwrite.cli.url": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "14.0.1.1",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"logtimezone": "UTC",
"installed": true,
"maintenance": false,
"theme": "",
"loglevel": 0,
"mysql.utf8mb4": true,
"mail_smtpmode": "php",
"mail_smtpauthtype": "LOGIN",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE"
},
"apps": {
"accessibility": {
"enabled": "yes",
"installed_version": "1.0.1",
"types": ""
},
"activity": {
"enabled": "yes",
"installed_version": "2.7.0",
"types": "filesystem"
},
"backgroundjob": {
"lastjob": "255"
},
"bookmarks": {
"enabled": "yes",
"installed_version": "0.13.0",
"types": ""
},
"bruteforcesettings": {
"enabled": "yes",
"installed_version": "1.1.0",
"types": ""
},
"calendar": {
"enabled": "yes",
"installed_version": "1.6.2",
"types": ""
},
"cloud_federation_api": {
"enabled": "yes",
"installed_version": "0.0.1",
"types": "filesystem"
},
"comments": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": "logging"
},
"contacts": {
"enabled": "yes",
"installed_version": "2.1.6",
"types": ""
},
"core": {
"backgroundjobs_mode": "cron",
"installed.bundles": "[\"CoreBundle\"]",
"installedat": "1494521336.5784",
"lastcron": "1538148633",
"lastupdateResult": "[]",
"lastupdatedat": "1538115343",
"moveavatarsdone": "yes",
"oc.integritycheck.checker": "{\"news\":{\"FILE_MISSING\":{\"vendor\\/ezyang\\/htmlpurifier\\/maintenance\\/.htaccess\":{\"expected\":\"4d51270ac56b1600199cd52c4f0fc34171bb306db59761863c87978049b771a053ebb80c8dda03b4d98bf5e43361ec0e1e1d2ad4b01fc315fb809b40acd23843\",\"current\":\"\"}}}}",
"previewsCleanedUp": "1",
"public_files": "files_sharing\/public.php",
"public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
"scss.variables": "84cfcb9d5861e1f5620e38d6f8245843",
"updater.secret.created": "1521675954",
"vendor": "nextcloud"
},
"dav": {
"buildCalendarSearchIndex": "yes",
"enabled": "yes",
"installed_version": "1.6.0",
"types": "filesystem"
},
"direct_menu": {
"enabled": "no",
"installed_version": "0.10.2",
"types": ""
},
"federatedfilesharing": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": ""
},
"federation": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": "authentication"
},
"files": {
"cronjob_scan_files": "500",
"enabled": "yes",
"installed_version": "1.9.0",
"types": "filesystem"
},
"files_pdfviewer": {
"enabled": "yes",
"installed_version": "1.3.2",
"types": ""
},
"files_sharing": {
"enabled": "yes",
"installed_version": "1.6.2",
"types": "filesystem"
},
"files_texteditor": {
"enabled": "yes",
"installed_version": "2.6.0",
"types": ""
},
"files_trashbin": {
"enabled": "yes",
"installed_version": "1.4.1",
"types": "filesystem,dav"
},
"files_versions": {
"enabled": "yes",
"installed_version": "1.7.1",
"types": "filesystem,dav"
},
"files_videoplayer": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": ""
},
"firstrunwizard": {
"enabled": "yes",
"installed_version": "2.3.0",
"types": "logging"
},
"gallery": {
"enabled": "yes",
"installed_version": "18.1.0",
"types": ""
},
"logreader": {
"enabled": "yes",
"installed_version": "2.0.0",
"levels": "11111",
"ocsid": "170871",
"types": ""
},
"lookup_server_connector": {
"enabled": "yes",
"installed_version": "1.2.0",
"types": "authentication"
},
"mail": {
"enabled": "yes",
"installed_version": "0.10.0",
"types": ""
},
"news": {
"enabled": "yes",
"installed_version": "13.0.1",
"types": ""
},
"nextcloud_announcements": {
"enabled": "yes",
"installed_version": "1.3.0",
"pub_date": "Sat, 10 Dec 2016 00:00:00 +0100",
"types": "logging"
},
"notifications": {
"enabled": "yes",
"installed_version": "2.2.1",
"types": "logging"
},
"oauth2": {
"enabled": "yes",
"installed_version": "1.2.1",
"types": "authentication"
},
"password_policy": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": ""
},
"provisioning_api": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": "prevent_group_restriction"
},
"serverinfo": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": ""
},
"sharebymail": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": "filesystem"
},
"support": {
"enabled": "yes",
"installed_version": "1.0.0",
"types": ""
},
"survey_client": {
"enabled": "yes",
"installed_version": "1.2.0",
"types": ""
},
"systemtags": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": "logging"
},
"tasks": {
"enabled": "no",
"installed_version": "0.9.6",
"ocsid": "164356",
"types": ""
},
"theming": {
"enabled": "yes",
"installed_version": "1.5.0",
"types": "logging"
},
"twofactor_backupcodes": {
"enabled": "yes",
"installed_version": "1.3.1",
"types": ""
},
"updatenotification": {
"bookmarks": "0.12.2",
"bruteforcesettings": "1.1.0",
"calendar": "1.6.1",
"contacts": "2.1.5",
"core": "13.0.6.1",
"enabled": "yes",
"files_pdfviewer": "1.2.1",
"installed_version": "1.4.1",
"mail": "0.8.3",
"news": "12.0.4",
"notify_groups": "[\"admin\",\"maintenance\"]",
"tasks": "0.9.7",
"theming": "1.4.5",
"types": "",
"update_check_errors": "0"
},
"workflowengine": {
"enabled": "yes",
"installed_version": "1.4.0",
"types": "filesystem"
}
}
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

1. to develop bug encryption (server-side)
Source
picture bodograumann
👍2

Most helpful comment

I also don’t see an easy way to fix this.
For now I have reset my password to one with “only” 214 characters ;-)

occ user:resetpassword bodo
picture bodograumann on 4 Oct 2018
👍4

All 21 comments

GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/9204 (Nextcloud upgrade to version 13.0.1), https://github.com/nextcloud/server/issues/3119 (Default calendar not showing after Upgrade to Nextcloud 11.0.1), https://github.com/nextcloud/server/issues/8768 (oc_phonetrack_points crash Nextcloud after update), https://github.com/nextcloud/server/issues/10429 (All contacts disappears after 4.0.0 Beta 1 update), and https://github.com/nextcloud/server/issues/5092 (Calendar and contact synchronisation with Thunderbird broken after migration to Nextcloud 12.0.0).

nextcloud-bot picture nextcloud-bot on 28 Sep 2018

Same here :(
Same issue & Same log

Using nginx with MariaDB

jollaman999 picture jollaman999 on 1 Oct 2018

Ref https://github.com/nextcloud/server/issues/11227 (not exactly the same problem but looks like another issue with openssl configuration)

kesselb picture kesselb on 1 Oct 2018

image

add dump 'var_dump(openssl_error_string()); exit();'

image

result
image

darkrain88 picture darkrain88 on 2 Oct 2018

log file:

{"reqId":"Psaz1uPHdaqR9Tg4Dg2k","level":3,"time":"2018-10-02T13:01:41+00:00","remoteAddr":"2409:8920:8813:843:24c5:422e:7418:6018","user":"--","app":"index","method":"GET","url":"\/","message":{"Exception":"TypeError","Message":"Argument 1 passed to OC\\Authentication\\Token\\PublicKeyTokenProvider::encrypt() must be of the type string, null given, called in \/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php on line 307","Code":0,"Trace":[{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":307,"function":"encrypt","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":270,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","admin","admin","$$$abs$$$","Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36",0,1]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":70,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","$$$abs$$$"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/User\/Session.php","line":578,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/User\/Session.php","line":763,"function":"loginWithToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/base.php","line":1031,"function":"tryTokenLogin","class":"OC\\User\\Session","type":"->","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},{"file":"\/opt\/wwwroot\/Nextcloud\/lib\/base.php","line":976,"function":"handleLogin","class":"OC","type":"::","args":[{"__class__":"OC\\AppFramework\\Http\\Request"}]},{"file":"\/opt\/wwwroot\/Nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/opt\/wwwroot\/Nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":220,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/69.0.3497.100 Safari\/537.36","version":"14.0.1.1"}

darkrain88 picture darkrain88 on 2 Oct 2018

almost。the same。problem

darkrain88 picture darkrain88 on 3 Oct 2018

Just had a look at the code where the error occurs and it seems that the PublicKeyToken implementation is brand new in version 14. So unfortunately no way to bisect.
The main problem is that the line openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING); does not fill $encryptedPassword, but leaves it at null.

bodograumann picture bodograumann on 4 Oct 2018

@bodograumann #11227 (check this thread for possible solutions)

kesselb picture kesselb on 4 Oct 2018

I checked there, but to no avail.

  • openssl_error_string only gives error:0E06D06C:configuration file routines:NCONF_get_string:no value, which supposedly is no real error
  • /etc/ssl/openssl.cnf is readable by nextcloud just fine
  • My suspicion is correct, that openssl_public_encrypt in PublicKeyTokenProvider::encryptPassword returns false. I.e. the encryption failed.

But then I found the following: it works if the password is short enough! Try this:

$password = 'gidatsrgaintdrsginatdsrigantdgrsiantdsriagntdsrgainatdsgriantdsgirantdsigarntdsgiarntdsgiarntdsgiarntdsgiarntdsrgiantdsgriantdsgiarntgdrsgiantdsgrinatdsraintdsgriantdsrgiantdsrgiantdsrgiantdsrgiantdsrgniadstrngiadsrntgdsriantdsgirantqflnzxdflozdtvzgiadstrtntztdsgiarzntdfsoglianztvdsgriaznvtdslgaizntvdslgiazwdvfzgnaidfltznoqxudfgltnzdgailnzratqdgisalzvtdfgialzvtdfgliztdflaizntdflgiznoadftvslzngiadfslatzdgafilztndfgaiztdsglianztdfslaginztdflgaizdftvlzngaifdlsant';
$config = ['digest_alg' => 'sha512', 'private_key_bits' => 2048];
$res = openssl_pkey_new($config);
var_dump(openssl_pkey_export($res, $privateKey));
$publicKey = openssl_pkey_get_details($res)['key'];
var_dump(openssl_public_encrypt($password, $encryptedPassword, $publicKey, OPENSSL_PKCS1_OAEP_PADDING));

:Facepalm: Of course. The message string, i.e. the password, can not be longer than the key, which only has 2048 bits...

bodograumann picture bodograumann on 4 Oct 2018

@bodograumann thanks for the tests in https://github.com/nextcloud/server/pull/11619

However, I do not expect to soon find the time to look into this. As for 214 characters (while I'm against upper limits in general) does seem like a very reasonable password length.

Of course if somebody has a PR to fix this it is more than welcome.

rullzer picture rullzer on 4 Oct 2018

I also don’t see an easy way to fix this.
For now I have reset my password to one with “only” 214 characters ;-)

occ user:resetpassword bodo
bodograumann picture bodograumann on 4 Oct 2018
👍4

@bodograumann still thanks for looking into this. I'll try to get this into the docs so it is at least documented.

rullzer picture rullzer on 4 Oct 2018

It seems this also affects all my previously created app-passwords. E.g. with webdav:

{
    "reqId":"vUdS6JCFQy463t9CbeDs",
    "level":3,
    "time":"2018-10-05T05:14:22+00:00",
    "remoteAddr":"92.116.70.156",
    "user":"--",
    "app":"remote",
    "method":"PROPFIND",
    "url":"\/remote.php\/dav\/calendars\/bodo\/personal\/",
    "message":{
        "Exception":"TypeError",
        "Message":"base64_encode() expects parameter 1 to be string, null given",
        "Code":0,
        "Trace":[
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":242,"function":"base64_encode","args":[null]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":308,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":271,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","fairphone-davdroid",1,0]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":128,"function":"convertToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":[{"id":1882,"__class__":"OC\\Authentication\\Token\\DefaultToken"},"*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":480,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/User\/Session.php","line":404,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":130,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php","line":105,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":252,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":155,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":201,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":150,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/next.grmnn.de\/remote.php\/dav\/calendars\/bodo\/personal\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/lib\/Server.php","line":293,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
            {"file":"\/home\/users\/bodo\/www\/nextcloud\/remote.php","line":163,"args":["\/home\/users\/bodo\/www\/nextcloud\/apps\/dav\/appinfo\/v2\/remote.php"],"function":"require_once"}
        ],
        "File":"\/home\/users\/bodo\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":242,"CustomMessage":"--"},
        "userAgent":"DAVdroid\/2.0.4-ose (2018\/09\/10; dav4android; okhttp\/3.11.0) Android\/6.0.1",
        "version":"14.0.1.1"
    }

Do I really have to regenerate and redistribute all of them?

bodograumann picture bodograumann on 5 Oct 2018

i have to use 13.0.6 again

this folder add. more key files make it failed

darkrain88 picture darkrain88 on 5 Oct 2018

@bodograumann ah so before 14 a password change made all your tokens invalid. Now with 14 we try to migrate to the new keys. But this then of course fails for you :( So unfortunatly yes. I'm sorry for that.

rullzer picture rullzer on 5 Oct 2018

I had a similar error message as shown below. My password was only 200 characters but had, however, high ANSI characters in it. I performed a password reset via
occ user:resetpassword username
and was able to log in and recover the files.

{"reqId":"faBUZ5AgZ332JkFMgvcj","level":3,"time":"2018-12-04T16:37:57-06:00","remoteAddr":"[internal_ip]","user":"[username]","app":"remote","method":"HEAD","url":"\/remote.php\/webdav\/","message":{"Exception":"TypeError","Message":"base64_encode() expects parameter 1 to be string, null given","Code":0,"Trace":[{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":242,"function":"base64_encode","args":[null]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":308,"function":"encryptPassword","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","line":70,"function":"newToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/Manager.php","line":69,"function":"generateToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":641,"function":"generateToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/lib\/private\/User\/Session.php","line":440,"function":"createSessionToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":130,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Backend\/AbstractBasic.php","line":105,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":253,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Auth.php","line":155,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":201,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Auth\/Plugin.php","line":150,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"autoRequireLogin":true,"__class__":"Sabre\\DAV\\Auth\\Plugin"},"beforeMethod"],[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/192.168.100.100\/remote.php\/webdav\/","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/remote.php","line":163,"args":["\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/nextcloud\/lib\/private\/Authentication\/Token\/PublicKeyTokenProvider.php","Line":242,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows) mirall\/2.3.2 (build 1) (Nextcloud)","version":"14.0.4.2"}
{"reqId":"8W0PVtdKiZp9jkDyCtyy","level":4,"time":"2018-12-04T16:41:06-06:00","remoteAddr":"[internal_ip]","user":"[username]","app":"webdav","method":"PROPFIND","url":"\/remote.php\/webdav\/","message":{"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable","Message":"TypeError: base64_encode() expects parameter 1 to be string, null given","Code":0,"Trace":[{"function":"{closure}","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":466,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["beforeMethod",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/nextcloud\/remote.php","line":72,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/remote.php","line":168,"function":"handleException","args":[{"__class__":"TypeError"}]}],"File":"\/var\/www\/nextcloud\/remote.php","Line":70,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows) mirall\/2.3.2 (build 1) (Nextcloud)","version":"14.0.4.2"}
ozinfotech picture ozinfotech on 5 Dec 2018

@ozinfotech That is to be expected. I probably should have said bytes instead of characters ;-) The encryption algorithm ultimately acts on bytes

bodograumann picture bodograumann on 5 Dec 2018

@bodograumann ah so before 14 a password change made all your tokens invalid. Now with 14 we try to migrate to the new keys. But this then of course fails for you :( So unfortunatly yes. I'm sorry for that.

At least you've got an idea of what's going on. Thanks for working on it.

@ozinfotech That is to be expected. I probably should have said _bytes_ instead of _characters_ ;-) The encryption algorithm ultimately acts on bytes

I suspected as much, but didn't dig in to the code. I'm glad you had posted your solution as that was helpful for me to get back up and going.

ozinfotech picture ozinfotech on 5 Dec 2018

use openssl_pkey_export($res, $privateKey, NULL, $config)

0xb0ba picture 0xb0ba on 7 Feb 2019

I just ran into this issue after updating from 13 to 14. I have per-user encryption enabled. Running occ user:resetpassword <user> as suggested above prints:

Warning: Resetting the password when using encryption will result in data loss!

How can I change the password without losing data?

Edit: After resetting the password and logging in, I was able to change the private key password to match my login password:

image

jomo picture jomo on 25 Apr 2019

Can confirm: Still an issue in 17.0.3

Can this at least be fixed by limiting the input field for passwords and within the JS Check?

Log entry is:
{"Exception":"Exception","Message":"base64_encode() expects parameter 1 to be string, null given"...

Trigger: A user set the password to a 256 char string.

Ancillius picture Ancillius on 2 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

e-alfred picture e-alfred  Â·  3Comments
georgehrke picture georgehrke  Â·  3Comments
mfechner picture mfechner  Â·  3Comments
Django-BOfH picture Django-BOfH  Â·  3Comments
ThomasLeister picture ThomasLeister  Â·  3Comments