Nextcloud version (eg, 20.0.5): 20.0.9.1
Operating system and version (eg, Ubuntu 20.04): docker
Apache or nginx version (eg, Apache 2.4.25): apache
PHP version (eg, 7.4): 7.4.18
The issue you are facing:
Okay so my install has gone wonky. I tried to update from version 18 all the way to 21. I first upgraded from 18 to 19 without much hassle. The I accidentally skipped over 21 because I thought 20 was the latest. Also it turned out that the vm drive that contained my config data was full. So now I lost my config.php and have no suitable backup. After a lot of fighting and half-functioning upgrades I’m stuck at this specific problem. If I try to login, I get a 500 error (The logs show that “HMAC does not match”). If I try to reset a password I first get a warning that shows “Warning: Resetting the password when using encryption will result in data loss!”. After trying to change my password anyways I get the error “Can not decrypt the recovery key. Maybe you provided the wrong password. Try again.”
Lucily though, I have not encrypted any files. I don’t think I use any the encryption features anywhere.
Is this the first time you’ve seen this error? (Y/N):
Y
Steps to replicate it:
- Have a working 18.0.14 installation
- Upgrade to the latest 19
- Upgrade to the latest 21
- Try to go back to 20
- Fail to go back to 20 so manually change version numbers to force an upgrade
- Manually try to recreate config.php
- Finally reach the login screen
- Notice that logging in gives me an error
- Try to reset the password with occ.
The output of my log when loggin in:
{
"reqId": "jOvyubJpO6VgfgKDc5ef",
"level": 3,
"time": "2021-05-04T11:31:41+00:00",
"remoteAddr": "10.0.0.1",
"user": "[REDACTED]",
"app": "index",
"method": "POST",
"url": "/index.php/login",
"message": {
"Exception": "Exception",
"Message": "HMAC does not match.",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/lib/private/Security/CredentialsManager.php",
"line": 101,
"function": "decrypt",
"class": "OC\\Security\\Crypto",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/apps/files_external/lib/Listener/StorePasswordListener.php",
"line": 53,
"function": "retrieve",
"class": "OC\\Security\\CredentialsManager",
"type": "->",
"args": [
"*** sensitive parameter replaced ***",
"password::logincredentials/credentials"
]
},
{
"file": "/var/www/html/lib/private/EventDispatcher/ServiceEventListener.php",
"line": 76,
"function": "handle",
"class": "OCA\\Files_External\\Listener\\StorePasswordListener",
"type": "->",
"args": [
{
"__class__": "OCP\\User\\Events\\UserLoggedInEvent"
}
]
},
{
"file": "/var/www/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php",
"line": 251,
"function": "__invoke",
"class": "OC\\EventDispatcher\\ServiceEventListener",
"type": "->",
"args": [
{
"__class__": "OCP\\User\\Events\\UserLoggedInEvent"
},
"OCP\\User\\Events\\UserLoggedInEvent",
{
"__class__": "Symfony\\Component\\EventDispatcher\\EventDispatcher"
}
]
},
{
"file": "/var/www/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php",
"line": 73,
"function": "callListeners",
"class": "Symfony\\Component\\EventDispatcher\\EventDispatcher",
"type": "->",
"args": [
[
{
"__class__": "Closure"
},
{
"__class__": "Closure"
}
],
"OCP\\User\\Events\\UserLoggedInEvent",
{
"__class__": "OCP\\User\\Events\\UserLoggedInEvent"
}
]
},
{
"file": "/var/www/html/lib/private/EventDispatcher/EventDispatcher.php",
"line": 86,
"function": "dispatch",
"class": "Symfony\\Component\\EventDispatcher\\EventDispatcher",
"type": "->",
"args": [
{
"__class__": "OCP\\User\\Events\\UserLoggedInEvent"
},
"OCP\\User\\Events\\UserLoggedInEvent"
]
},
{
"file": "/var/www/html/lib/private/EventDispatcher/EventDispatcher.php",
"line": 98,
"function": "dispatch",
"class": "OC\\EventDispatcher\\EventDispatcher",
"type": "->",
"args": [
"OCP\\User\\Events\\UserLoggedInEvent",
{
"__class__": "OCP\\User\\Events\\UserLoggedInEvent"
}
]
},
{
"file": "/var/www/html/lib/private/Server.php",
"line": 572,
"function": "dispatchTyped",
"class": "OC\\EventDispatcher\\EventDispatcher",
"type": "->",
"args": [
{
"__class__": "OCP\\User\\Events\\UserLoggedInEvent"
}
]
},
{
"function": "OC\\{closure}",
"class": "OC\\Server",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/private/Hooks/EmitterTrait.php",
"line": 101,
"function": "call_user_func_array",
"args": [
{
"__class__": "Closure"
},
[
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***"
]
]
},
{
"file": "/var/www/html/lib/private/Hooks/PublicEmitter.php",
"line": 40,
"function": "emit",
"class": "OC\\Hooks\\BasicEmitter",
"type": "->",
"args": [
"\\OC\\User",
"postLogin",
[
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***"
]
]
},
{
"file": "/var/www/html/lib/private/User/Session.php",
"line": 412,
"function": "emit",
"class": "OC\\Hooks\\PublicEmitter",
"type": "->",
"args": [
"\\OC\\User",
"postLogin",
[
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***"
]
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/CompleteLoginCommand.php",
"line": 44,
"function": "completeLogin",
"class": "OC\\User\\Session",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/ALoginCommand.php",
"line": 40,
"function": "process",
"class": "OC\\Authentication\\Login\\CompleteLoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/LoggedInCheckCommand.php",
"line": 61,
"function": "processNextOrFinishSuccessfully",
"class": "OC\\Authentication\\Login\\ALoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/ALoginCommand.php",
"line": 40,
"function": "process",
"class": "OC\\Authentication\\Login\\LoggedInCheckCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/EmailLoginCommand.php",
"line": 58,
"function": "processNextOrFinishSuccessfully",
"class": "OC\\Authentication\\Login\\ALoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/ALoginCommand.php",
"line": 40,
"function": "process",
"class": "OC\\Authentication\\Login\\EmailLoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/UidLoginCommand.php",
"line": 54,
"function": "processNextOrFinishSuccessfully",
"class": "OC\\Authentication\\Login\\ALoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/ALoginCommand.php",
"line": 40,
"function": "process",
"class": "OC\\Authentication\\Login\\UidLoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/UserDisabledCheckCommand.php",
"line": 57,
"function": "processNextOrFinishSuccessfully",
"class": "OC\\Authentication\\Login\\ALoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/ALoginCommand.php",
"line": 40,
"function": "process",
"class": "OC\\Authentication\\Login\\UserDisabledCheckCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/PreLoginHookCommand.php",
"line": 53,
"function": "processNextOrFinishSuccessfully",
"class": "OC\\Authentication\\Login\\ALoginCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/Authentication/Login/Chain.php",
"line": 108,
"function": "process",
"class": "OC\\Authentication\\Login\\PreLoginHookCommand",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/core/Controller/LoginController.php",
"line": 310,
"function": "process",
"class": "OC\\Authentication\\Login\\Chain",
"type": "->",
"args": [
{
"__class__": "OC\\Authentication\\Login\\LoginData"
}
]
},
{
"file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
"line": 169,
"function": "tryLogin",
"class": "OC\\Core\\Controller\\LoginController",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
"line": 100,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->",
"args": [
{
"__class__": "OC\\Core\\Controller\\LoginController"
},
"tryLogin"
]
},
{
"file": "/var/www/html/lib/private/AppFramework/App.php",
"line": 152,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->",
"args": [
{
"__class__": "OC\\Core\\Controller\\LoginController"
},
"tryLogin"
]
},
{
"file": "/var/www/html/lib/private/Route/Router.php",
"line": 309,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::",
"args": [
"OC\\Core\\Controller\\LoginController",
"tryLogin",
{
"__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer"
},
{
"_route": "core.login.tryLogin"
}
]
},
{
"file": "/var/www/html/lib/base.php",
"line": 1008,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->",
"args": [
"/login"
]
},
{
"file": "/var/www/html/index.php",
"line": 37,
"function": "handleRequest",
"class": "OC",
"type": "::",
"args": []
}
],
"File": "/var/www/html/lib/private/Security/Crypto.php",
"Line": 139,
"CustomMessage": "--"
},
"userAgent": "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0",
"version": "20.0.9.1"
}
And for the log when trying a password reset:
{
"reqId": "kaUobUUWG7mVKn7Ucqnr",
"level": 3,
"time": "2021-05-04T12:09:48+00:00",
"remoteAddr": "",
"user": "--",
"app": "no app in context",
"method": "",
"url": "--",
"message": {
"Exception": "OCP\\Encryption\\Exceptions\\GenericEncryptionException",
"Message": "Can not decrypt the recovery key. Maybe you provided the wrong password. Try again.",
"Code": 0,
"Trace": [
{
"file": "/var/www/html/lib/private/legacy/OC_Hook.php",
"line": 110,
"function": "setPassphrase",
"class": "OCA\\Encryption\\Hooks\\UserHooks",
"type": "->",
"args": [
{
"run": true,
"uid": "Um3CZoNoIsNHls80qfxQCWQ6HSzKI47Tl1HOR",
"password": "*** sensitive parameter replaced ***",
"recoveryPassword": "*** sensitive parameter replaced ***"
}
]
},
{
"file": "/var/www/html/lib/private/Server.php",
"line": 553,
"function": "emit",
"class": "OC_Hook",
"type": "::",
"args": [
"OC_User",
"post_setPassword",
{
"run": true,
"uid": "Um3CZoNoIsNHls80qfxQCWQ6HSzKI47Tl1HOR",
"password": "*** sensitive parameter replaced ***",
"recoveryPassword": "*** sensitive parameter replaced ***"
}
]
},
{
"function": "OC\\{closure}",
"class": "OC\\Server",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/html/lib/private/Hooks/EmitterTrait.php",
"line": 101,
"function": "call_user_func_array",
"args": [
{
"__class__": "Closure"
},
[
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***"
]
]
},
{
"file": "/var/www/html/lib/private/Hooks/PublicEmitter.php",
"line": 40,
"function": "emit",
"class": "OC\\Hooks\\BasicEmitter",
"type": "->",
"args": [
"\\OC\\User",
"postSetPassword",
[
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***"
]
]
},
{
"file": "/var/www/html/lib/private/User/User.php",
"line": 294,
"function": "emit",
"class": "OC\\Hooks\\PublicEmitter",
"type": "->",
"args": [
"\\OC\\User",
"postSetPassword",
[
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***",
"*** sensitive parameter replaced ***"
]
]
},
{
"file": "/var/www/html/core/Command/User/ResetPassword.php",
"line": 124,
"function": "setPassword",
"class": "OC\\User\\User",
"type": "->",
"args": [
"*** sensitive parameter replaced ***"
]
},
{
"file": "/var/www/html/3rdparty/symfony/console/Command/Command.php",
"line": 255,
"function": "execute",
"class": "OC\\Core\\Command\\User\\ResetPassword",
"type": "->",
"args": [
{
"__class__": "Symfony\\Component\\Console\\Input\\ArgvInput"
},
{
"__class__": "Symfony\\Component\\Console\\Output\\ConsoleOutput"
}
]
},
{
"file": "/var/www/html/3rdparty/symfony/console/Application.php",
"line": 1000,
"function": "run",
"class": "Symfony\\Component\\Console\\Command\\Command",
"type": "->",
"args": [
{
"__class__": "Symfony\\Component\\Console\\Input\\ArgvInput"
},
{
"__class__": "Symfony\\Component\\Console\\Output\\ConsoleOutput"
}
]
},
{
"file": "/var/www/html/3rdparty/symfony/console/Application.php",
"line": 271,
"function": "doRunCommand",
"class": "Symfony\\Component\\Console\\Application",
"type": "->",
"args": [
{
"__class__": "OC\\Core\\Command\\User\\ResetPassword"
},
{
"__class__": "Symfony\\Component\\Console\\Input\\ArgvInput"
},
{
"__class__": "Symfony\\Component\\Console\\Output\\ConsoleOutput"
}
]
},
{
"file": "/var/www/html/3rdparty/symfony/console/Application.php",
"line": 147,
"function": "doRun",
"class": "Symfony\\Component\\Console\\Application",
"type": "->",
"args": [
{
"__class__": "Symfony\\Component\\Console\\Input\\ArgvInput"
},
{
"__class__": "Symfony\\Component\\Console\\Output\\ConsoleOutput"
}
]
},
{
"file": "/var/www/html/lib/private/Console/Application.php",
"line": 215,
"function": "run",
"class": "Symfony\\Component\\Console\\Application",
"type": "->",
"args": [
{
"__class__": "Symfony\\Component\\Console\\Input\\ArgvInput"
},
{
"__class__": "Symfony\\Component\\Console\\Output\\ConsoleOutput"
}
]
},
{
"file": "/var/www/html/console.php",
"line": 100,
"function": "run",
"class": "OC\\Console\\Application",
"type": "->",
"args": []
},
{
"file": "/var/www/html/occ",
"line": 11,
"args": [
"/var/www/html/console.php"
],
"function": "require_once"
}
],
"File": "/var/www/html/apps/encryption/lib/Hooks/UserHooks.php",
"Line": 290,
"Hint": "Can not decrypt the recovery key. Maybe you provided the wrong password. Try again.",
"CustomMessage": "--"
},
"userAgent": "--",
"version": "20.0.9.1"
}
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'instanceid' => '[REDACTED]',
'trusted_domains' =>
array (
0 => '[REDACTED]',
),
'datadirectory' => '/mnt/data/nextcloud',
'dbtype' => 'mysql',
'dbhost' => '[REDACTED]',
'dbname' => 'nextcloud',
'dbuser' => 'nextcloud',
'dbpassword' => '[REDACTED]',
'installed' => true,
'version' => '20.0.9.1',
'config_is_read_only' => false,
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => true,
),
),
'maintenance' => false,
'mysql.utf8mb4' => false,
'supportedDatabases' =>
array (
0 => 'mysql',
),
'filesystem_check_changes' => 0,
'debug' => false,
'theme' => '',
'loglevel' => 2,
// 'encryption.legacy_format_support' => true,
'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
);