After upgrading to Nextcloud Vers. 21, logged-in users are always logged out after a few minutes. Does anyone have a clue about this? Are there others with the same problem?
This problem did not exist before.
We have users who log in via the TOTP procedure and users who log in via U2F and Fido2.
Nextcloud Version 21.0.1
PhP Version: 7.3.16
j-ed
April 14, 2021, 7:52am
2
I personally cannot replicate that problem on my server. Are there any errors listed in the Nextcloud log file? Is the system clock synced via NTP?
This is what I found quickly
We were able to narrow it down. There seems to be a problem with users who use security keys for login.
We have a lot of Yubico Fido2 keys in use at our training centre.
Over half of our staff use the keys and now have a real problem. They are logged out of the system after a few minutes. We have been able to use the sticks for about 6 months without any problems.
Users with TOTP login as 2nd factor are not affected.
If this is a bug, then I really ask that it be solved quickly. Please
Thanks for the hint,…was already looking in Github
This seems to be a really big problem! I wonder why no one seems to be working on the solution yet. This is not a common bug…so far there is no feedback at all
Login via Webauth device dosent work. The issue regarding Wewbauthn has worsened since the last update 21.0.2. Webauthn login generally no longer works.
user son1c opened a new bug report about this 2 weeks ago.
Please use the reaction to show that you are affected by the same issue.
opened 03:02PM - 23 May 21 UTC
0. Needs triage
bug
### How to use GitHub
* Please use the 👍 [reaction](https://blog.gith… ub.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are affected by the same issue.
* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
* Subscribe to receive notifications on status change and new comments.
### Steps to reproduce
1. Add a Webauth device to a user (a Yubikey)
2. Logout
3. Login with the Webauth device
### Expected behaviour
After typing your username, push the button on yubikey when your browser asks for device and the login is complete
### Actual behaviour
After typing your username, push the button on yubikey when your browser asks for device.
Then nothing happens.
### Server configuration
**Operating system:**
Official Docker Image
**Database:**
Offical MariaDB Docker image
**Nextcloud version:** (see Nextcloud admin page)
21.0.2
**Updated from an older Nextcloud/ownCloud or fresh install:**
21.0.1
### Logs
#### Browser log
[index] Error: Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing a query: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '9' for key 'PRIMARY' at <<closure>>
0. /var/www/html/3rdparty/doctrine/dbal/src/Connection.php line 1728
Doctrine\DBAL\Driver\API\MySQL\ExceptionConverter->convert(Doctrine\DBAL\Driver\PDO\Exception {}, Doctrine\DBAL\Query {})
1. /var/www/html/3rdparty/doctrine/dbal/src/Connection.php line 1667
Doctrine\DBAL\Connection->handleDriverException(Doctrine\DBAL\Driver\PDO\Exception {}, Doctrine\DBAL\Query {})
2. /var/www/html/3rdparty/doctrine/dbal/src/Connection.php line 1146
Doctrine\DBAL\Connection->convertExceptionDuringQuery(Doctrine\DBAL\Driver\PDO\Exception {}, "INSERT INTO `oc ... )", ["Yubikey 5 NFC" ... 9], [2,2,2,2,1])
3. /var/www/html/lib/private/DB/Connection.php line 257
Doctrine\DBAL\Connection->executeStatement("INSERT INTO `oc ... )", ["Yubikey 5 NFC" ... 9], [2,2,2,2,1])
4. /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 213
OC\DB\Connection->executeStatement("INSERT INTO `oc ... )", {dcValue1: "Yubi ... 9}, {dcValue1: 2,dcV ... 1})
5. /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php line 287
Doctrine\DBAL\Query\QueryBuilder->execute()
6. /var/www/html/lib/public/AppFramework/Db/QBMapper.php line 135
OC\DB\QueryBuilder\QueryBuilder->execute()
7. /var/www/html/lib/public/AppFramework/Db/QBMapper.php line 159
OCP\AppFramework\Db\QBMapper->insert(OC\Authenticatio ... 9})
8. /var/www/html/lib/private/Authentication/WebAuthn/CredentialRepository.php line 89
OCP\AppFramework\Db\QBMapper->insertOrUpdate(OC\Authenticatio ... 9})
9. /var/www/html/lib/private/Authentication/WebAuthn/CredentialRepository.php line 93
OC\Authentication\WebAuthn\CredentialRepository->saveAndReturnCredentialSource(Webauthn\PublicKeyCredentialSource {}, "default")
10. /var/www/html/3rdparty/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php line 206
OC\Authentication\WebAuthn\CredentialRepository->saveCredentialSource(Webauthn\PublicKeyCredentialSource {})
11. /var/www/html/lib/private/Authentication/WebAuthn/Manager.php line 235
Webauthn\AuthenticatorAssertionResponseValidator->check(null, Webauthn\Authent ... {}, Webauthn\PublicK ... {}, GuzzleHttp\Psr7\ServerRequest {}, "son1c")
12. /var/www/html/core/Controller/WebAuthnController.php line 107
OC\Authentication\WebAuthn\Manager->finishAuthentication(Webauthn\PublicK ... {}, "{\"id\":\"gdDVR ... }", "son1c")
13. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 218
OC\Core\Controller\WebAuthnController->finishAuthentication("{\"id\":\"gdDVR ... }")
14. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 127
OC\AppFramework\Http\Dispatcher->executeController(OC\Core\Controller\WebAuthnController {}, "finishAuthentication")
15. /var/www/html/lib/private/AppFramework/App.php line 157
OC\AppFramework\Http\Dispatcher->dispatch(OC\Core\Controller\WebAuthnController {}, "finishAuthentication")
16. /var/www/html/lib/private/Route/Router.php line 302
OC\AppFramework\App::main("OC\\Core\\Contr ... r", "finishAuthentication", OC\AppFramework\ ... {}, {_route: "core.W ... "})
17. /var/www/html/lib/base.php line 993
OC\Route\Router->match("/login/webauthn/finish")
18. /var/www/html/index.php line 37
OC::handleRequest()
POST /login/webauthn/finish
from <ip> at 2021-05-23T14:38:34+00:00
The DB doesn't show me a duplicate entry in oc_webauth.
```
+----+---------------+
| id | name |
+----+---------------+
| 9 | Yubikey 5 NFC |
+----+---------------+
```
Add a Webauth device to a user (a Yubikey)
Logout
Login with the Webauth device
1 Like
wwe
May 31, 2021, 11:50am
9
it looks number of problems are related to webauthn login
I tested one instance where I had Nitrokey setup before - 2nd factor with Nitrokey fails (after Windows dialog shows up and disappears).
On the other instance where Webauthn is not enabled even registering the Webauthn fails (looks successful but device is never added - keeps spinning forever at “adding device”)
error in NC log is the same as mentioned before
[image]
[image]
UPDATE: registering new Webauthn device
fingerprint reader worked
Ntrokey FIDO2 never completes (touch device, ent…
I am really increasingly very surprised about the actions of Nextcloud. In my opinion, this is a major problem and should be solved as quickly as possible. Instead, we now have NC 21.0.2 and the issue has even gotten worse. I don’t even know if the developers are addressing the issue. That alone would be reassuring to know. In Nextcloud 19, this feature was very strongly advertised! It doesn’t seem to be a high priority. I’m very curious to see if NC 21.0.3 solves the problem.
1 Like