Errors 401 and 500 since 2020.08.0

Benoit · August 4, 2020, 8:19am

Hello,

Since the app has been updated to 2020.08.0, I can’t access most of my passwords.

On the root level, I can show the details of all the registered passwords, despite some have no icon, but I get some “401- Unauthorized” and “500 - Internal Server Error” notifications.

On the subfolders level, I can’t into any: the animated circle appears, I get a lot of 401 and 500 notifications, and nothing more.

I don’t have any other problem on my 19.0.01 instance.

I have nothing in the Apache errors’ log; the access’ log only reports the 401 and 500 errors. I have no error in the PHP log.
Has the passwords app its own log, where I could find more informations?

Benoit

mdw · August 4, 2020, 6:00pm

See https://git.mdns.eu/nextcloud/passwords/wikis/Administrators/App-Debugging to check the Nextcloud log and the browser console.

Benoit · August 5, 2020, 12:10am

Hi,

Thanks for the answer.

I’ve already had a look but couldn’t see anything relevant.

Looking closer, here are the errors that seem to appear when I try to access my passwords:

{"reqId":"WduapVlDBUfpayyfjnGM","level":3,"time":"2020-08-04T23:50:13+00:00","remoteAddr":"192.168.10.17","user":"--","app":"PHP","method":"POST","url":"/index.php/apps/passwords/api/1.0/session/open","message":"Undefined index: PHP_AUTH_USER at /home/apache2/sites/nextcloud/html/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#88","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0","version":"19.0.1.1","id":"5f29f45b64c8b"}

{"reqId":"WduapVlDBUfpayyfjnGM","level":3,"time":"2020-08-04T23:50:13+00:00","remoteAddr":"192.168.10.17","user":"--","app":"PHP","method":"POST","url":"/index.php/apps/passwords/api/1.0/session/open","message":"Undefined index: PHP_AUTH_PW at /home/apache2/sites/nextcloud/html/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#89","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0","version":"19.0.1.1","id":"5f29f45b64c74"}

{"reqId":"WduapVlDBUfpayyfjnGM","level":3,"time":"2020-08-04T23:50:13+00:00","remoteAddr":"192.168.10.17","user":"--","app":"PHP","method":"POST","url":"/index.php/apps/passwords/api/1.0/session/open","message":"session_start(): A session had already been started - ignoring at /home/apache2/sites/nextcloud/html/lib/private/Session/Internal.php#209","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0","version":"19.0.1.1","id":"5f29f45b64c5b"}

{"reqId":"WduapVlDBUfpayyfjnGM","level":3,"time":"2020-08-04T23:50:13+00:00","remoteAddr":"192.168.10.17","user":"--","app":"index","method":"POST","url":"/index.php/apps/passwords/api/1.0/session/open","message":{"Exception":"Exception","Message":"Argument 1 passed to OCP\\User\\Events\\BeforeUserLoggedInEvent::__construct() must be of the type string, null given, called in /home/apache2/sites/nextcloud/html/lib/private/Server.php on line 551","Code":0,"Trace":[{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/App.php","line":137,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Passwords\\Controller\\Api\\SessionApiController"},"open"]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["SessionApiController","open",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"passwords.session_api.open"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"passwords.session_api.open"}]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"passwords.session_api.open"}]},{"file":"/home/apache2/sites/nextcloud/html/lib/base.php","line":1007,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/passwords/api/1.0/session/open"]},{"file":"/home/apache2/sites/nextcloud/html/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/Http/Dispatcher.php","Line":110,"Previous":{"Exception":"TypeError","Message":"Argument 1 passed to OCP\\User\\Events\\BeforeUserLoggedInEvent::__construct() must be of the type string, null given, called in /home/apache2/sites/nextcloud/html/lib/private/Server.php on line 551","Code":0,"Trace":[{"file":"/home/apache2/sites/nextcloud/html/lib/private/Server.php","line":551,"function":"__construct","class":"OCP\\User\\Events\\BeforeUserLoggedInEvent","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"function":"OC\\{closure}","class":"OC\\Server","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/Hooks/EmitterTrait.php","line":101,"function":"call_user_func_array","args":[{"__class__":"Closure"},["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/Hooks/PublicEmitter.php","line":40,"function":"emit","class":"OC\\Hooks\\BasicEmitter","type":"->","args":["\\OC\\User","preLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/User/Session.php","line":441,"function":"emit","class":"OC\\Hooks\\PublicEmitter","type":"->","args":["\\OC\\User","preLogin",["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php","line":93,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":98,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\CORSMiddleware","type":"->","args":[{"__class__":"OCA\\Passwords\\Controller\\Api\\SessionApiController"},"open"]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/Http/Dispatcher.php","line":98,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[{"__class__":"OCA\\Passwords\\Controller\\Api\\SessionApiController"},"open"]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/App.php","line":137,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\Passwords\\Controller\\Api\\SessionApiController"},"open"]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/AppFramework/Routing/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["SessionApiController","open",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"passwords.session_api.open"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"_route":"passwords.session_api.open"}]},{"file":"/home/apache2/sites/nextcloud/html/lib/private/Route/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"_route":"passwords.session_api.open"}]},{"file":"/home/apache2/sites/nextcloud/html/lib/base.php","line":1007,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/passwords/api/1.0/session/open"]},{"file":"/home/apache2/sites/nextcloud/html/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/home/apache2/sites/nextcloud/html/lib/public/User/Events/BeforeUserLoggedInEvent.php","Line":46},"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0","version":"19.0.1.1","id":"5f29f45b64c42"}

I’ve also checked the Firefox console, here is the XHR answer in front of 401 errors:

Current user is not logged in

All this is pretty far beyond my skills and understanding…

Benoit

mdw · August 5, 2020, 8:42pm

Do you have a user backend like LDAP or SAML?

Also, if you look at the source code of the HTML page, do you see a meta element with the name “api-token”? Does it have a value in the content attribute?

Benoit · August 5, 2020, 9:48pm

Yes, I do use LDAP for authentication.

I’ve found an “api-token” meta element, with a value for its content attribute. Do I have to paste it here?

mdw · August 5, 2020, 9:52pm

I will try to check with this setup when i have time

No, it’s an API token. But since one of the log messages says PHP_AUTH_PW is not set, i thought it could be missing.

mdw · August 6, 2020, 8:40pm

I have checked and found no issue with my standard ldap setup.

There is some things you can try:

Open the developer tools in your browser, go to the network tab, filter by “XHR” and then reload. check if the requests going to the passwords api have an authorization header in the request headers.
Run ./occ maintenance:repair from the command line or occweb
Uninstall the app completly and reinstall it from the app store

Benoit · August 6, 2020, 9:22pm

Thanks for checking.

You may have someting. When loading the passwords app main page, I first have 2 XHRs to files open and show, returning state 200; they both have an authorization request header. Then I see 9 XHRs returning state 401, each related to one password: no one have the authorization header.
Next, I click on a folder: I see a XHR to file show, ending with state 500. No authorization request header.

./occ maintenance:repair, uninstall/reinstall: already done, done again, same issue (and same logs in the Firefox console).

mdw · September 4, 2020, 11:11am

I think i might have found the issue. It is possible that you get a cached version of a request (images, user avatars etc). If that request comes with an outdated session id, the app attempts to use that session and fails. You can check the latest nightly and see if the issue is solved with that.

Benoit · September 4, 2020, 7:15pm

Hello,

Thank you for your message.

I first have to mention an observation I made. My issue only happen when I start my dualboot PC with Windows X: there’s no problem when I start with Kubuntu. More: I have no issue when I access my Nextcloud instance from my office PC (Windows X, Firefox), nor from any other PC on my home LAN.
So I have to find what is wrong on my main Windows X setup.

I tried what you suggest. I couldn’t manage to check the “Show Nightly Updates in “Apps”” box (failed)… but it was possible from another computer! I sucessfully upgrade to the last nightly, but things remain the same.

I’m not familiar with requests caching: is your guess still relevant with this new infos?

mdw · September 4, 2020, 7:33pm

You can also try to open the developer tools again and in the network tab check the checkbox “Disable cache”. Then reload and see if the issue is solved.

Benoit · September 8, 2020, 8:17am

Didn’t know this checkbox. Thanks.

But no effect on my issue.

Will try today or tomorrow to compare the ouputs on my PCs.