[inexistent anymore] Device login fails

bugsyb · September 11, 2023, 4:40pm

NC: 26.0.5

Login using devices login created doesn’t work anymore.
It is only for this account on this server. Tried:

other accounts on same server - all works fine, this excludes server,
other server (same version) - same case all works, this exclude phone/nextcloud app version.
with two different devices - same result - suggests something is completely wrong with this single account.

It seems to be something odd with this specific (my main) user account on the server.

How to investigate the issue?

Looking at oc_authtoken doesn’t give me any clues.

Thanks in advance!

{
  "reqId": "W3Vda2rjpC5j98UTfrYt",
  "level": 0,
  "time": "2023-09-11T18:30:48+02:00",
  "remoteAddr": "1.2.3.4",
  "user": "--",
  "app": "webdav",
  "method": "HEAD",
  "url": "/folder/remote.php/dav",
  "message": "No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.25.0",
  "version": "26.0.5.1",
  "exception": {
    "Exception": "Sabre\\DAV\\Exception\\NotAuthenticated",
    "Message": "No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/html/3rdparty/sabre/event/lib/WildcardEmitterTrait.php",
        "line": 89,
        "function": "beforeMethod",
        "class": "Sabre\\DAV\\Auth\\Plugin",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 456,
        "function": "emit",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          "beforeMethod:HEAD",
          [
            [
              "Sabre\\HTTP\\Request"
            ],
            [
              "Sabre\\HTTP\\Response"
            ]
          ]
        ]
      },
      {
        "file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 253,
        "function": "invokeMethod",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": [
          [
            "Sabre\\HTTP\\Request"
          ],
          [
            "Sabre\\HTTP\\Response"
          ]
        ]
      },
      {
        "file": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Server.php",
        "line": 321,
        "function": "start",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/html/apps/dav/lib/Server.php",
        "line": 366,
        "function": "exec",
        "class": "Sabre\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/html/apps/dav/appinfo/v2/remote.php",
        "line": 35,
        "function": "exec",
        "class": "OCA\\DAV\\Server",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/html/remote.php",
        "line": 172,
        "args": [
          "/var/www/html/apps/dav/appinfo/v2/remote.php"
        ],
        "function": "require_once"
      }
    ],
    "File": "/var/www/html/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php",
    "Line": 152,
    "message": "No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured",
    "exception": {},
    "CustomMessage": "No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured"
  }
}

# popped up only after number of tries - removable and tested after clearing out below too
{
  "reqId": "P3NYDg8E2dEMJ0ESMrzn",
  "level": 1,
  "time": "2023-09-11T18:30:48+02:00",
  "remoteAddr": "1.2.3.4",
  "user": "--",
  "app": "no app in context",
  "method": "GET",
  "url": "/folder/ocs/v2.php/cloud/user?format=json",
  "message": "IP address throttled because it reached the attempts limit in the last 30 minutes [action: login, delay: 1600, ip: 1.2.3.4]",
  "userAgent": "Mozilla/5.0 (Android) Nextcloud-android/3.25.0",
  "version": "26.0.5.1",
  "data": []
}

bugsyb · September 12, 2023, 11:46am

This all works now and I have no good explanation on why.
What has been done (and none should impact the fact that it works now):

took backup of database, app.
reverted to older backup (2 days earlier) - issue did persist.
reverted to backup (both DB and app code) from 10 days ago (this includes the time before upgrade from NC-25) - issue didn’t exist anymore
moved back to NC-26 (effectively upgraded on the DB from 10 days ago - all worked
---- sleep mode for human ----
reverted back DB from yesterday (the one with issues) - kept code NC-26 (this is docker container) - all worked
the funniest portion - reverted back to code from backup from yesterday - which is down to md5sum same as fresh NC-26 container - as is same source/same data effectively - all works.

All in all - we could say, took a backup and reverted back to it - and all works now.

I have no explanation for it, especially that it was a problem for just one user - myself, creation of app/device tokens worked fine for other users and it impacted only this one across multiple apps/phones.