Server: Cannot login after upgraded from nextcloud 19 to nextcloud 20
Using docker compose fpm image
Docker compose file
Docker compose file
version: '2'
networks:
lb_web:
driver: bridge
back:
driver: bridge
services:
web:
image: nginx
volumes:
- /mydata/docker/nginx/config/nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
volumes_from:
- app
ports:
- 8080:80
environment:
- VIRTUAL_HOST
networks:
- back
- lb_web
app:
image: nextcloud:fpm
links:
- db
- solr
volumes:
- /mydata/docker/nextcloud:/var/www/html
- /mydata:/mydata
networks:
- back
db:
image: mariadb
volumes:
- /mydata/docker/mysql/nextcloud:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD
networks:
- back
solr:
image: solr
volumes:
- /mydata/docker/solr:/opt/solr/server/solr/mycores
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- mycore
networks:
- back
cron:
image: nextcloud:fpm
links:
- db
volumes_from:
- app
user: www-data
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while /bin/true; do
/usr/local/bin/php /var/www/html/cron.php
sleep 900
done
EOF'
networks:
- back
Steps to reproduce
- Working fine with nextcloud 19
- after upgraded to nextcloud 20
- can not login
Expected behaviour
login ok.
Actual behaviour
Internal server error.
Server configuration
Operating system:
Ubuntu docker
Web server:
nginx
Database:
mariadb
PHP version:
Nextcloud version: (see Nextcloud admin page)
nextcloud 20
Updated from an older Nextcloud/ownCloud or fresh install:
Updated from nextcould 19
Where did you install Nextcloud from:
Docker compose
Signing status:
Signing status
Login as admin user into your Nextcloud and access
http://example.com/index.php/settings/integrity/failed
paste the results here.
List of activated apps:
App list
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder
Nextcloud configuration:
Config report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"192.168.1.5:8080",
"10.119.16.99:8080"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "http:\/\/10.119.16.99:8080",
"overwriteprotocol": "http",
"dbtype": "mysql",
"version": "20.0.0.9",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"installed": true,
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
"loglevel": 0,
"maintenance": false,
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"updater.release.channel": "stable",
"theme": "",
"app_install_overwrite": [
"external"
]
}
}
Are you using external storage, if yes which one: local/smb/sftp/...
Are you using encryption: yes/no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP configuration (delete this part if not used)
LDAP config
+-------------------------------+--------------+
| Configuration | s01 |
+-------------------------------+--------------+
| hasMemberOfFilterSupport | 0 |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | |
| ldapBaseGroups | |
| ldapBaseUsers | |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 0 |
| ldapDefaultPPolicyDN | |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | |
| ldapExpertUsernameAttr | |
| ldapExtStorageHomeAttribute | |
| ldapGidNumber | gidNumber |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | |
| ldapGroupFilterGroups | |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapMatchingRuleInChainState | unknown |
| ldapNestedGroups | 0 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserAvatarRule | default |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | |
| ldapUserFilterGroups | |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| turnOnPasswordChange | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+--------------+
Client configuration
Browser:
Operating system:
Logs
Web server error log
Web server error log
Insert your webserver log here
Nextcloud log (data/nextcloud.log)
Nextcloud log
{"reqId":"OJ34WaqeEvpOhHLYUxSj","level":3,"time":"2020-10-09T06:22:24+00:00","remoteAddr":"10.119.16.71","user":"robbie","app":"index","method":"POST","url":"/login","message":{"Exception":"OC\\ServerNotAvailableException","Message":"Could not decrypt key","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Encryption/Keys/Storage.php","line":230,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/robbie/files_encryption/OC_DEFAULT_MODULE/robbie.privateKey"]},{"file":"/var/www/html/lib/private/Encryption/Keys/Storage.php","line":95,"function":"getKeyWithUid","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/robbie/files_encryption/OC_DEFAULT_MODULE/robbie.privateKey","*** sensitive parameter replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/KeyManager.php","line":434,"function":"getUserKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["*** sensitive parameter replaced ***","privateKey","OC_DEFAULT_MODULE"]},{"file":"/var/www/html/apps/encryption/lib/KeyManager.php","line":570,"function":"getPrivateKey","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/Users/Setup.php","line":76,"function":"userHasKeys","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/Hooks/UserHooks.php","line":180,"function":"setupUser","class":"OCA\\Encryption\\Users\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/legacy/OC_Hook.php","line":110,"function":"login","class":"OCA\\Encryption\\Hooks\\UserHooks","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Server.php","line":573,"function":"emit","class":"OC_Hook","type":"::","args":["OC_User","post_login","*** sensitive parameter replaced ***"]},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/html/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/html/lib/private/User/Session.php","line":412,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/html/lib/private/Authentication/Login/CompleteLoginCommand.php","line":44,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/LoggedInCheckCommand.php","line":61,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/PreLoginHookCommand.php","line":53,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/core/Controller/LoginController.php","line":307,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"action":"*** sensitive parameter replaced ***","_route":"core.login.tryLogin"}]},{"file":"/var/www/html/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/login"]},{"file":"/var/www/html/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/Encryption/Keys/Storage.php","Line":287,"Previous":{"Exception":"Exception","Message":"Authenticated ciphertext could not be decoded.","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Encryption/Keys/Storage.php","line":285,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Encryption/Keys/Storage.php","line":230,"function":"getKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/robbie/files_encryption/OC_DEFAULT_MODULE/robbie.privateKey"]},{"file":"/var/www/html/lib/private/Encryption/Keys/Storage.php","line":95,"function":"getKeyWithUid","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["/robbie/files_encryption/OC_DEFAULT_MODULE/robbie.privateKey","*** sensitive parameter replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/KeyManager.php","line":434,"function":"getUserKey","class":"OC\\Encryption\\Keys\\Storage","type":"->","args":["*** sensitive parameter replaced ***","privateKey","OC_DEFAULT_MODULE"]},{"file":"/var/www/html/apps/encryption/lib/KeyManager.php","line":570,"function":"getPrivateKey","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/Users/Setup.php","line":76,"function":"userHasKeys","class":"OCA\\Encryption\\KeyManager","type":"->","args":["*** sensitive parameter replaced ***"]},{"file":"/var/www/html/apps/encryption/lib/Hooks/UserHooks.php","line":180,"function":"setupUser","class":"OCA\\Encryption\\Users\\Setup","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/legacy/OC_Hook.php","line":110,"function":"login","class":"OCA\\Encryption\\Hooks\\UserHooks","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Server.php","line":573,"function":"emit","class":"OC_Hook","type":"::","args":["OC_User","post_login","*** sensitive parameter replaced ***"]},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/html/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/html/lib/private/User/Session.php","line":412,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","postLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/var/www/html/lib/private/Authentication/Login/CompleteLoginCommand.php","line":44,"function":"completeLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\CompleteLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/LoggedInCheckCommand.php","line":61,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\LoggedInCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/EmailLoginCommand.php","line":58,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\EmailLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/UidLoginCommand.php","line":54,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UidLoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/UserDisabledCheckCommand.php","line":57,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/ALoginCommand.php","line":40,"function":"process","class":"OC\\Authentication\\Login\\UserDisabledCheckCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/PreLoginHookCommand.php","line":53,"function":"processNextOrFinishSuccessfully","class":"OC\\Authentication\\Login\\ALoginCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/Authentication/Login/Chain.php","line":108,"function":"process","class":"OC\\Authentication\\Login\\PreLoginHookCommand","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/core/Controller/LoginController.php","line":307,"function":"process","class":"OC\\Authentication\\Login\\Chain","type":"->","args":[{"__class__":"OC\\Authentication\\Login\\LoginData"}]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"tryLogin","class":"OC\\Core\\Controller\\LoginController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LoginController"},"tryLogin"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LoginController","tryLogin",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"action":"*** sensitive parameter replaced ***","_route":"core.login.tryLogin"}]},{"file":"/var/www/html/lib/base.php","line":1009,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/login"]},{"file":"/var/www/html/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/Security/Crypto.php","Line":122},"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36","version":"20.0.0.9"}
Browser log
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...
robbiewu008
All 13 comments
I was about to report the same issue, but I'd like to add that it works for a non-administrator account. Only my admin account fails with the above error
Biont
on 9 Oct 2020
I was about to report the same issue, but I'd like to add that it works for a non-administrator account. Only my admin account fails with the above error
For me, non-admin fails too.
robbiewu008
on 9 Oct 2020
Your issue popped up, when I was searching for reasons for my "internal error message".
But do I read the log right and you have encryption enabled?
It was enabled for me although I don't use it. I could work with disabling the app and log in again. The seams to be "not compliant" at the moment for nc20.
root@nc20:/var/www/nextcloud# sudo -u www-data php occ app:check-code encryption
Analysing /var/www/nextcloud/apps/encryption/lib/Crypto/EncryptAll.php
4 errors
line 387: OC_Util - Static method of private class must not be called
line 388: OC_Util - Static method of private class must not be called
line 470: OC_Template - private class must not be instantiated
line 474: OC_Template - private class must not be instantiated
Analysing /var/www/nextcloud/apps/encryption/lib/Crypto/Crypt.php
1 errors
line 467: == - is discouraged
Analysing /var/www/nextcloud/apps/encryption/lib/Command/ScanLegacyFormat.php
2 errors
line 138: OC_Util - Static method of private class must not be called
line 139: OC_Util - Static method of private class must not be called
Analysing /var/www/nextcloud/apps/encryption/lib/Hooks/UserHooks.php
1 errors
line 345: OC_Util - Static method of private class must not be called
App is not compliant
Just my findings to a similar but not identical issue I guess.
Lebernd
on 10 Oct 2020
I could work with disabling the app and log in again. The seams to be "not compliant" at the moment for nc20.
Yeah, you hit the point, i will try to disable the App encryption.
robbie@S001:/mydata/projects/docker/nextcloud$ docker-compose exec --user www-data app php ./occ encryption:status
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
robbie@S001:/mydata/projects/docker/nextcloud$ docker-compose exec --user www-data app php ./occ app:check-code encryption
Analysing /var/www/html/apps/encryption/lib/Command/ScanLegacyFormat.php
2 errors
line 138: OC_Util - Static method of private class must not be called
line 139: OC_Util - Static method of private class must not be called
Analysing /var/www/html/apps/encryption/lib/Crypto/Crypt.php
1 errors
line 467: == - is discouraged
Analysing /var/www/html/apps/encryption/lib/Crypto/EncryptAll.php
4 errors
line 387: OC_Util - Static method of private class must not be called
line 388: OC_Util - Static method of private class must not be called
line 470: OC_Template - private class must not be instantiated
line 474: OC_Template - private class must not be instantiated
Analysing /var/www/html/apps/encryption/lib/Hooks/UserHooks.php
1 errors
line 345: OC_Util - Static method of private class must not be called
App is not compliant
robbiewu008
on 12 Oct 2020
I could work with disabling the app and log in again. The seams to be "not compliant" at the moment for nc20.
Yeah, you hit the point, i will try to disable the App encryption.
robbie@S001:/mydata/projects/docker/nextcloud$ docker-compose exec --user www-data app php ./occ encryption:status
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
robbie@S001:/mydata/projects/docker/nextcloud$ docker-compose exec --user www-data app php ./occ app:check-code encryption
Analysing /var/www/html/apps/encryption/lib/Command/ScanLegacyFormat.php
2 errors
line 138: OC_Util - Static method of private class must not be called
line 139: OC_Util - Static method of private class must not be called
Analysing /var/www/html/apps/encryption/lib/Crypto/Crypt.php
1 errors
line 467: == - is discouraged
Analysing /var/www/html/apps/encryption/lib/Crypto/EncryptAll.php
4 errors
line 387: OC_Util - Static method of private class must not be called
line 388: OC_Util - Static method of private class must not be called
line 470: OC_Template - private class must not be instantiated
line 474: OC_Template - private class must not be instantiated
Analysing /var/www/html/apps/encryption/lib/Hooks/UserHooks.php
1 errors
line 345: OC_Util - Static method of private class must not be called
App is not compliant
After disable App encryption, non-admin accounts can login, the Admin accounts can NOT login.
robbiewu008
on 12 Oct 2020
For me, everything seems to be working fine after disabling the encryption app. Thanks for the hint
Biont
on 13 Oct 2020
same here
ColdSphinX
on 17 Oct 2020
I was affected by this too, but I'm not using encryption:
# sudo -u www-data php occ encryption:status
- enabled: false
- defaultModule: OC_DEFAULT_MODULE
The server log just showed ServerNotAvailableException:"Could not decrypt key" for any connection attempts after 19->20 upgrade.
I have another instance where I am using encryption, and there I was able to log in just fine. I did some diffing and found the working installation (with encryption enabled) had 'encryption.legacy_format_support' => true,, while the non-working installation (with encryption disabled) didn't. Adding that to my config.php alone didn't fix the issue, so I also added 'encryption.key_storage_migrated' => false, and after that I was able to log in again.
According to documentation, starting with version 20 the legacy encryption is off by default. occ encryption:scan:legacy-format is supposed to tell whether you can disable the compatibility mode, but for the instance without encryption it seems to produce a false positive (complete with a typo):
All scanned files are propperly encrypted. You can disable the legacy compatibility mode.
For the admin user, the now otherwise working, unencrypted instance also shows a "Please enable server side encryption in the admin settings in order to use the encryption module" notification in the web UI, for every page load (i.e. even after dismissal it just pops back up whenever I navigate in the UI).
The errors reported by app:check-code encryption are probably unrelated, as the same errors are reported for both my instances.
uusijani
on 17 Oct 2020
@uusijani thanks for your suggestion. I also upgraded a non-encrypted NC18 through NC19 to NC20 with the same issue.
adding both the lines to config.php fixed the problem for admin and other accounts as you reported.
'encryption.legacy_format_support' => true,
'encryption.key_storage_migrated' => false,
Many Thanks, Stefan!
stefan123t
on 25 Oct 2020
On the Admin > Settings under Administration: Overview I then found the link you mentioned regarding legacy encryption being desupported:
The old server-side-encryption format is enabled. We recommend disabling this. For more details see the documentation.
https://docs.nextcloud.com/server/20/admin_manual/configuration_files/encryption_migration.html
$ php occ encryption:scan:legacy-format
The current PHP memory limit is below the recommended value of 512MB.
Scanning all files for legacy encryption
Scanning all files for user
...
All scanned files are propperly encrypted. You can disable the legacy compatibility mode.
After changing the legacy_format_support to false the warning disappeared.
'encryption.legacy_format_support' => false,
'encryption.key_storage_migrated' => false,
stefan123t
on 25 Oct 2020
I have a similar issue after the Upgrade to version 20.
The server-side encryptino was enabled and I tried to migrate the encryption as recommended. But now I cannot access any file because nextcloud is not able to decrypt them.
The occ encryption:scan:legacy-format command says that every file "does not have a proper header". I also tried variations of key_storage_migrated and legacy_format_support configs without any help. For one user I changed the password and that didn't help either. The Log has a lot of entries with the message "Authenticated ciphertext could not be decoded" in storage.php line 285 as described in the ticket. The log entries occur when I try to download a file.
The strange thing is that I can still see the preview of all files and also photos in full screen in the Web. But it's not possible to open any document or download any file (even photos). The sync with the Desktop client also fails because the download is not working.
AugustMacke
on 8 Nov 2020
Is there any further documentation regarding the legacy encryption format? What is legacy encryption? Which new encryption format is used?
https://docs.nextcloud.com/server/20/admin_manual/configuration_files/encryption_migration.html#checking-for-old-files
I enabled encryption with master key, recovery key and users keys on purpose after fresh install of NC18, which I updated from NC19 to NC20 today.
I would prefer to keep the encryption this way in the future, as a normal encryption with only a master key is a security flaw.
Kuphi
on 19 Nov 2020
Disabling the unused encryption app with
php occ app:disable encryption
solved it for me.
martinkulawik
on 25 Nov 2020
Related issues
j-ed
路
3Comments
georgehrke
路
3Comments
Django-BOfH
路
3Comments
dl5rcw
路
3Comments
mama21mama
路
3Comments
Most helpful comment
Disabling the unused encryption app with
php occ app:disable encryptionsolved it for me.