LDAP 2-FA auth: users logged out after 5 minutes/app passwords destroyed

hobbymaster001 · October 3, 2018, 2:12am

I am completely stumped here and not sure what would be causing this to happen other than a bug. I have a brand new NextCloud installation tied into FreeIPA using LDAP. All web users MUST have 2-FA enabled through FreeIPA and this works perfectly for OpenVPN, SSH, Drupal AND WordPress. Truth be told LDAP is working great for logins, password+OTP works well and users can get to their files. The only problem is that every 5 minutes users get logged out. This even happens to the mobile app if you log in using an app password. The password is purged after 5 minutes logging them back out. The logins happen with or without the user actively using NextCloud.

Nextcloud version : 14.0.1.1
Operating system and version: CentOS Linux release 7.5.1804 (Core)
Apache version: 2.4.6-80
PHP version: 7.1.22
FreeIPA Version: 4.5.4

Is this the first time you’ve seen this error? No

Steps to replicate logout issue:

Configure FreeIPA to use TOTP OTP and enable user OTP authentication
Configure NextCloud to leverage LDAP (automatically works with only password + OTP)
Log in to NextCloud
Wait 5 minutes and you will be logged back out

Steps to replicate app password purge:

Configure FreeIPA to use TOTP OTP and enable user OTP authentication
Configure NextCloud to leverage LDAP (automatically works with only password + OTP)
Log in to NextCloud
Create app password and authenticate with app then click done
Token is visible from account as expected
Wait 5 minutes and check again, token is gone and app is logged back out.

The output of your Nextcloud log in Admin > Logging:

|Warning|core|Renewing session token failed|2018-10-02T21:05:26-0400|
|Warning|core|Login failed: 'myusername' (Remote IP: 'ip.logged.in.from')|2018-10-02T21:05:25-0400|
|Warning|user_ldap|Bind failed: 49: Invalid credentials|2018-10-02T21:05:25-0400|

Related contents of Nextcloud.log:

{"reqId":"W7QhYtKEFIEYS5GVTGOoOwAAAAc","level":2,"time":"2018-10-03T01:54:42+00:00","remoteAddr":"ip.logged.in.from","user":"guidhere","app":"user_ldap","method":"GET","url":"\/nextcloud
d\/index.php\/apps\/logreader\/poll?lastReqId=W7QV1djtk%40k01D6hdJAejwAAAAo","message":"Bind failed: 49:
 Invalid credentials","userAgent":"Mozilla\/5.0 (Windows NT 10.0; WOW64; rv:61.0) Gecko\/20100101 Firefo
x\/61.0","version":"14.0.1.1"}
{"reqId":"W7QhYtKEFIEYS5GVTGOoOwAAAAc","level":2,"time":"2018-10-03T01:54:43+00:00","remoteAddr":"ip.logged.in.from","user":"guidhere","app":"core","method":"GET","url":"\/nextcloud\/in
dex.php\/apps\/logreader\/poll?lastReqId=W7QV1djtk%40k01D6hdJAejwAAAAo","message":"Login failed: 'myusername' (Remote IP: 'ip.logged.in.from')","userAgent":"Mozilla\/5.0 (Windows NT 10.0; WOW64; rv:61.0) Gecko\/20
100101 Firefox\/61.0","version":"14.0.1.1"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'myid',
  'passwordsalt' => 'mysalt',
  'secret' => 'mysecret',
  'trusted_domains' =>
  array (
    0 => 'my.domain',
    1 => 'www.my.domain',
  ),
  'datadirectory' => '/my/cifs/data/mount',
  'dbtype' => 'mysql',
  'version' => '14.0.1.1',
  'overwrite.cli.url' => 'https://my.domain/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'nc_',
  'dbuser' => 'nextclouduser',
  'dbpassword' => 'ncdbpass',
  'installed' => true,
  'updater.release.channel' => 'stable',
  'mail_smtpmode' => 'sendmail',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 'noreply',
  'mail_domain' => 'my.domain',
  'lost_password_link' => 'disabled',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'knowledgebaseenabled' => false,
  'allow_user_to_change_display_name' => false,
  'remember_login_cookie_lifetime' => 60*60*24*7,
  'overwriteprotocol' => 'https',
  'loglevel' => 1,
  'log_rotate_size' => 25*1024*1024,
  'maintenance' => false,
  'minimum.supported.desktop.version' => '2.0.0',
  'quota_include_external_storage' => false,
  'trusted_proxies' => array('my.reverse.proxy.ip'),
  'filesystem_check_changes' => 1,
);

The output of Apache log:

Absolutely nothing in apache error log.

It almost seems like NextCloud re-authenticates to LDAP every 5 minutes using the password originally logged in with, but because an OTP is appended to it, authentication fails. This doesn’t seem right at all. Does anyone have any idea how to fix this?

hobbymaster001 · October 3, 2018, 2:03pm

As a note, this works perfectly when I enable both OTP and password as valid authentication methods but only use the password to log in. I don’t believe NextCloud supports 2-FA to a back-end, which would be super unfortunate and should probably be added. I verified that it also doesn’t work with AD LDAP +2-FA which is likely fairly popular.

neilrooney · October 5, 2020, 3:34pm

Did you ever find a fix for this @hobbymaster001? I am experiencing exactly the same issue.

jelledj · May 4, 2021, 3:03pm

I am having the same issue using LDAP+OTP as backend system, the login works fine but after a few minutes the user gets logout. Due to a Bind failed.

{"reqId":"YJFkTy9kZ@IUeZPiPtMCfwAAAY0","level":2,"time":"2021-05-04T17:12:15+02:00","remoteAddr":"192.168.40.29","user":"t.user","app":"user_ldap","method":"PROPFIND","url":"/remote.php/dav/files/t.user/Organization","message":"Bind failed: 49: Invalid credentials","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0","version":"20.0.8.1"}

{"reqId":"YJFkTy9kZ@IUeZPiPtMCfwAAAY0","level":2,"time":"2021-05-04T17:12:16+02:00","remoteAddr":"192.168.40.29","user":"t.user","app":"core","method":"PROPFIND","url":"/remote.php/dav/files/t.user/Organization","message":"Login failed: 't.user' (Remote IP: '192.168.40.29')","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0","version":"20.0.8.1"}

I also have the issue on the desktop client it just logout even though it seem to use a appcode credential after login in with user and password+otp (ldap backend).

Rumpf · June 4, 2021, 8:56am

I have exactly the same errors. User authentification via LDAP, no 2FA. Sometimes it works great for hours, sometimes the users are thrown out every 15 min.
Cent OS 7
Next: 20.0.10.1
Maria: 10.5.10
PHP: 7.4.20
Redis: 3.2.12
Nginx: 1.16.1

manf0001 · December 23, 2022, 10:24pm

Well, I was going to post a new post, but I came across this one, as I’m trying to do the exact same thing using my FreeIPA user with OTP enabled on FreeIPA, Which works on the website to login, but doesn’t work even if I setup a device token to use.

I’m guess still no solution yet.

manf0001 · December 24, 2022, 4:34pm

I found the solution to this issue over at github.

add ‘auth.storeCryptedPassword’ => false, to the config.php,

so far the device token I’ve created hasn’t “expired” and after about 20 minutes and a couple of reboots of my device, it still connects to my next cloud.

jelledj · December 25, 2022, 3:54pm

Can you share where you have found this configuration option as solution to this issue, as I can not find any mention of it with Google.

The config option is mentioned in the sample.php

https://raw.githubusercontent.com/nextcloud/server/5c4b4bde1b2da872c3e03846954214a8aa8c598e/config/config.sample.php

manf0001 · December 25, 2022, 4:09pm

Hi, Here is where I got it from (look at the end of all the comments)

github.com/nextcloud/server

LDAP authentication assumes passwords are reusable

opened 11:22PM - 07 Sep 18 UTC

closed 04:09PM - 24 Dec 22 UTC

nealey

bug 1. to develop feature: ldap

### Steps to reproduce 1. Set up an LDAP server with non-reusable passwords, perhaps a corporate LDAP server backed by a RADIUS server linked with company-issued [time-based token generators](https://www.rsa.com/en-us/products/rsa-securid-suite) 2. Enable LDAP authentication in Nextcloud 3. Log in with generated token 4. Wait 5 minutes ### Expected behaviour I should stay logged in longer than 5 minutes at a time. ### Actual behaviour I am logged out after 5 minutes when Nextcloud tries to reauthenticate with my (non-reusable) login password. ### Workaround The following patch will skip the 5-minute password check: ``` --- lib/private/User/Session.php~ 2018-09-07 23:14:26.867485000 +0000 +++ lib/private/User/Session.php 2018-09-07 22:51:03.908411000 +0000 @@ -690,12 +690,14 @@ return true; } + if (false) { /* Kludge around LDAP with non-reusable passwords */ if ($this->manager->checkPassword($dbToken->getLoginName(), $pwd) === false || (!is_null($this->activeUser) && !$this->activeUser->isEnabled())) { $this->tokenProvider->invalidateToken($token); // Password has changed or user was disabled -> log user out return false; } + } $dbToken->setLastCheck($now); return true; } ``` Sorry, I'm having a lot of trouble pasting a tab character in here. Hopefully this patch is simple enough to recreate by hand. This code section is present in Nextcloud 14 as well. ### Server configuration **Operating system**: Container Linux by CoreOS 1800.7.0 (Rhyolite) **Web server**: Apache2 2.4.25-3+deb **Database**: MariaDB **PHP version**: 7.1.20 **Nextcloud version**: 13.0.4 **Updated from an older Nextcloud/ownCloud or fresh install**: Updated from an older Nextcloud **Where did you install Nextcloud from**: `docker run nextcloud:13.0.4` **Signing status:** <details> <summary>Signing status</summary> ``` No errors have been found. ``` </details> **List of activated apps:** <details> <summary>App list</summary> ``` Enabled: - activity: 2.6.1 - bruteforcesettings: 1.1.0 - comments: 1.3.0 - dav: 1.4.7 - deck: 0.4.1 - federatedfilesharing: 1.3.1 - federation: 1.3.0 - files: 1.8.0 - files_external: 1.4.1 - files_pdfviewer: 1.2.1 - files_sharing: 1.5.0 - files_texteditor: 2.5.1 - files_trashbin: 1.3.0 - files_versions: 1.6.0 - files_videoplayer: 1.2.0 - firstrunwizard: 2.2.1 - gallery: 18.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.1.0 - nextcloud_announcements: 1.2.0 - notes: 2.3.2 - notifications: 2.1.2 - oauth2: 1.1.1 - onlyoffice: 1.3.0 - passman: 2.1.4 - password_policy: 1.3.0 - provisioning_api: 1.3.0 - serverinfo: 1.3.0 - sharebymail: 1.3.0 - survey_client: 1.1.0 - systemtags: 1.3.0 - tasks: 0.9.6 - theming: 1.4.5 - twofactor_backupcodes: 1.2.3 - updatenotification: 1.3.0 - user_ldap: 1.3.1 - user_saml: 1.5.0 - workflowengine: 1.3.0 Disabled: - admin_audit - encryption - user_external ``` </details> **Nextcloud configuration:** <details> <summary>Config report</summary> ``` I{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "nextcloud-main", "onlyoffice-document-server" ], "overwriteprotocol": "https", "overwritehost": "arcs.lanl.gov", "overwritewebroot": "\/nextcloud", "datadirectory": "***REMOVED SENSITIVE VALUE***", "lost_password_link": "disabled", "proxy": "proxyout.lanl.gov:8080", "dbtype": "mysql", "version": "13.0.4.0", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "UTC", "installed": true, "mail_smtpmode": "smtp", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "25", "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 6379 }, "theme": "", "loglevel": 0, "maintenance": false, "overwrite.cli.url": "https:\/\/arcs.lanl.gov\/nextcloud", "ldapIgnoreNamingRules": false, "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory" } } ``` </details> **Are you using external storage, if yes which one**: local **Are you using encryption:** yes, with an haproxy front-end **Are you using an external user-backend, if yes which one:** LDAP #### LDAP configuration (delete this part if not used) <details> <summary>LDAP config</summary> ``` +-------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Configuration | | +-------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 0 | | hasPagedResultSupport | | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAgentName | | | ldapAgentPassword | *** | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackupHost | | | ldapBackupPort | | | ldapBase | dc=lanl,dc=gov | | ldapBaseGroups | | | ldapBaseUsers | | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | | | ldapExperiencedAdmin | 1 | | ldapExpertUUIDGroupAttr | cn | | ldapExpertUUIDUserAttr | employeeNumber | | ldapExpertUsernameAttr | employeeNumber | | ldapGidNumber | gidNumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | (&(|(objectclass=posixGroup))(|(cn=cfl-*))) | | ldapGroupFilterGroups | | | ldapGroupFilterMode | 0 | | ldapGroupFilterObjectclass | | | ldapGroupMemberAssocAttr | uniqueMember | | ldapHost | ldap://ldap.lanl.gov | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(objectClass=inetOrgPerson)(|(departmentNumber=A-4)(memberOf=cfl-affiliates))(|(uid=%uid)(employeeNumber=%uid)(mail=%uid)(mail=%uid@lanl.gov))) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 0 | | ldapLoginFilterUsername | 1 | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 389 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserDisplayName | displayName | | ldapUserDisplayName2 | | | ldapUserFilter | (&(objectClass=inetOrgPerson)(|(departmentNumber=A-4)(memberOf=cfl-affiliates))) | | ldapUserFilterGroups | | | ldapUserFilterMode | 0 | | ldapUserFilterObjectclass | | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ``` </details> ### Client configuration **Browser**: Chrome 68.0.3440.118 **Operating system**: ChromeOS 68.0.3440.118 ### Logs #### Web server error log <details> <summary>Web server error log</summary> ``` H00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.1.244. Set the 'ServerName' directive globally to suppress this message AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.1.244. Set the 'ServerName' directive globally to suppress this message [Fri Sep 07 18:15:44.748489 2018] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.1.20 configured -- resuming normal operations [Fri Sep 07 18:15:44.748582 2018] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND' [Fri Sep 07 18:20:21.355161 2018] [authz_core:error] [pid 29] [client 10.0.1.249:34068] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 18:20:24.690810 2018] [authz_core:error] [pid 30] [client 10.0.1.251:33810] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 18:28:29.828013 2018] [php7:warn] [pid 41] [client 10.0.1.251:34882] PHP Warning: Redis::connect(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /var/www/html/lib/private/RedisFactory.php on line 84 [Fri Sep 07 18:28:29.828075 2018] [php7:warn] [pid 41] [client 10.0.1.251:34882] PHP Warning: Redis::connect(): connect() failed: php_network_getaddresses: getaddrinfo failed: Name or service not known in /var/www/html/lib/private/RedisFactory.php on line 84 [Fri Sep 07 18:28:29.829955 2018] [php7:error] [pid 41] [client 10.0.1.251:34882] PHP Fatal error: Uncaught RedisException: Redis server went away in /var/www/html/lib/private/Memcache/Redis.php:54\nStack trace:\n#0 /var/www/html/lib/private/Memcache/Redis.php(54): Redis->get('7b1b99d0725c301...')\n#1 /var/www/html/lib/autoloader.php(146): OC\\Memcache\\Redis->get('OC_User')\n#2 [internal function]: OC\\Autoloader->load('OC_User')\n#3 /var/www/html/lib/private/Log/File.php(104): spl_autoload_call('OC_User')\n#4 [internal function]: OC\\Log\\File::write('PHP', 'RedisException:...', 3)\n#5 /var/www/html/lib/private/Log.php(329): call_user_func(Array, 'PHP', 'RedisException:...', 3)\n#6 /var/www/html/lib/private/Log.php(179): OC\\Log->log(3, 'RedisException:...', Array)\n#7 /var/www/html/lib/private/Log/ErrorHandler.php(81): OC\\Log->critical('RedisException:...', Array)\n#8 [internal function]: OC\\Log\\ErrorHandler::onException(Object(RedisException))\n#9 {main}\n thrown in /var/www/html/lib/private/Memcache/Redis.php on line 54 [Fri Sep 07 18:28:29.830174 2018] [php7:error] [pid 41] [client 10.0.1.251:34882] PHP Fatal error: Uncaught RedisException: Redis server went away in /var/www/html/lib/private/Memcache/Redis.php:54\nStack trace:\n#0 /var/www/html/lib/private/Memcache/Redis.php(54): Redis->get('7b1b99d0725c301...')\n#1 /var/www/html/lib/autoloader.php(146): OC\\Memcache\\Redis->get('OC_User')\n#2 [internal function]: OC\\Autoloader->load('OC_User')\n#3 /var/www/html/lib/private/Log/File.php(104): spl_autoload_call('OC_User')\n#4 [internal function]: OC\\Log\\File::write('PHP', 'Uncaught RedisE...', 3)\n#5 /var/www/html/lib/private/Log.php(329): call_user_func(Array, 'PHP', 'Uncaught RedisE...', 3)\n#6 /var/www/html/lib/private/Log.php(179): OC\\Log->log(3, 'Uncaught RedisE...', Array)\n#7 /var/www/html/lib/private/Log/ErrorHandler.php(68): OC\\Log->critical('Uncaught RedisE...', Array)\n#8 [internal function]: OC\\Log\\ErrorHandler::onShutdown()\n#9 {main}\n thrown in /var/www/html/lib/private/Memcache/Redis.php on line 54 [Fri Sep 07 22:00:45.185345 2018] [authz_core:error] [pid 50] [client 10.0.1.250:46302] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:00:50.170253 2018] [authz_core:error] [pid 34] [client 10.0.1.249:41682] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:00:59.872722 2018] [authz_core:error] [pid 51] [client 10.0.1.250:46368] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:01:54.160050 2018] [authz_core:error] [pid 56] [client 10.0.1.251:52350] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:03:03.890282 2018] [authz_core:error] [pid 38] [client 10.0.1.251:52594] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:03:07.574277 2018] [authz_core:error] [pid 32] [client 10.0.1.249:41782] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:54:31.273827 2018] [authz_core:error] [pid 53] [client 10.0.1.251:56922] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:54:34.342268 2018] [authz_core:error] [pid 52] [client 10.0.1.250:56582] AH01630: client denied by server configuration: /var/www/html/data/.ocdata [Fri Sep 07 22:57:28.881287 2018] [authz_core:error] [pid 53] [client 10.0.1.251:57172] AH01630: client denied by server configuration: /var/www/html/data/.ocdata ``` </details> #### Nextcloud log (data/nextcloud.log) <details> <summary>Nextcloud log</summary> ``` root@7c2ef2fb937d:/var/www/html/data# ls -lh nextcloud.log -rw-r----- 1 www-data www-data 641M Sep 7 23:25 nextcloud.log root@7c2ef2fb937d:/var/www/html/data# tail -n 4 nextcloud.log {"reqId":"4TYNJBJnX6BNc39qCqCV","level":0,"time":"2018-09-07T23:25:32+00:00","remoteAddr":"10.0.1.251","user":"--","app":"core","method":"GET","url":"\/nextcloud\/index.php\/login","message":"Scss is disabled for \/var\/www\/html\/core\/css\/jquery-ui-fixes.scss, ignoring","userAgent":"Go-http-client\/1.1","version":"13.0.4.0"} {"reqId":"4TYNJBJnX6BNc39qCqCV","level":0,"time":"2018-09-07T23:25:32+00:00","remoteAddr":"10.0.1.251","user":"--","app":"core","method":"GET","url":"\/nextcloud\/index.php\/login","message":"Scss is disabled for \/var\/www\/html\/core\/css\/server.scss, ignoring","userAgent":"Go-http-client\/1.1","version":"13.0.4.0"} {"reqId":"4TYNJBJnX6BNc39qCqCV","level":0,"time":"2018-09-07T23:25:32+00:00","remoteAddr":"10.0.1.251","user":"--","app":"core","method":"GET","url":"\/nextcloud\/index.php\/login","message":"Scss is disabled for \/var\/www\/html\/core\/css\/share.scss, ignoring","userAgent":"Go-http-client\/1.1","version":"13.0.4.0"} {"reqId":"4TYNJBJnX6BNc39qCqCV","level":0,"time":"2018-09-07T23:25:32+00:00","remoteAddr":"10.0.1.251","user":"--","app":"core","method":"GET","url":"\/nextcloud\/index.php\/login","message":"Scss is disabled for \/var\/www\/html\/core\/css\/jquery.ocdialog.scss, ignoring","userAgent":"Go-http-client\/1.1","version":"13.0.4.0"} ``` </details> #### Browser log <details> <summary>Browser log</summary> Not relevant </details>

In short, I found that github issue, and was trying to find cross reference similar issues on github, but couldn’t find anything specific… so I just asked, and someone replied pretty quickly to me.

I never looked in the sample file, I didn’t even think that it was an issue with storeing the encrypted passwords in the database causing the issue, until I was reading on github.