Token is too short for a generated token, should be the password during basic auth

NextCees · October 27, 2023, 1:08pm

After update NextCloud installation from 27.1.2 to 27.1.3 error log flooded (hundreds) with the following message:

OC\Authentication\Exceptions\InvalidTokenException: Token is too short for a generated token, should be the password during basic auth

Currently I do not see any abnormal behaviour. Should I worry about this?

NextCloud 27.1.3
PHP Versie: 8.1.2
MariaDB 10.6.12 Size 179,5 MB

rene.froh · October 27, 2023, 3:20pm

I can confirm this accumulation of warning messages.

NextCloud 27.1.3.2
PHP Version 8.2.12
MySQL 10.6.15

victorg · October 27, 2023, 6:37pm

The same problem, with the same installation

bluesky.ca · October 28, 2023, 4:38am

Same issue on 26.0.5 to 26.0.8 - I took a snapshot before update, updated and had the error - I restored the snapshot ie back to 26.0.5 and updated again and this time no errors.

In both cases was using cli for the update with …/updater/updater.phar -v -n

Looks like the error is generated by Settings → Overview when run the first time - after that no errors but it is not able to check the new version of Nextcloud - reports current as 26.0.8 and new as 26.0.8

rene.froh · October 28, 2023, 11:28am

Hello bluesky.ca

After restoring Nextcloud 27.1.2.1 from snapshot and updating again, there was no improvement. The warning log continues to fill up.

NextCloud 27.1.3.2
PHP Version 8.2.12
MySQL 10.6.15

RainerEmrich · October 28, 2023, 11:58am

Same here.

j-ed · October 28, 2023, 12:34pm

It seems that someone has already opened an issue ticket on Github to address this issue;

github.com/nextcloud/server

[Bug]: OC\Authentication\Exceptions\InvalidTokenException: Token is too short for a generated token, should be the password during basic auth

opened 04:37PM - 27 Oct 23 UTC

MPTopper

bug 0. Needs triage 27-feedback

### ⚠️ This issue respects the following points: ⚠️ - [X] This is a **bug**, no…t a question or a configuration/webserver/proxy issue. - [X] This issue is **not** already reported on [Github](https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3Abug) OR [Nextcloud Community Forum](https://help.nextcloud.com/) _(I've searched it)_. - [X] Nextcloud Server **is** up to date. See [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for supported versions. - [X] I agree to follow Nextcloud's [Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/). ### Bug description Today I updated my Nextcloud server from 27.1.2 to 27.1.3. Immediately afterwards warnings came (every minute) but everything before worked smoothly - Android/Windows Nextcloud clients are connected - connection is succesful, but warnings come nevertheless. Log: [core] Warnung: OC\Authentication\Exceptions\InvalidTokenException: Token is too short for a generated token, should be the password during basic auth at <<closure>> 0. /var/www/html/nextcloud/lib/private/Authentication/Token/Manager.php line 133 OC\Authentication\Token\PublicKeyTokenProvider->getToken("*** sensitive parameters replaced ***") 1. /var/www/html/nextcloud/lib/private/User/Session.php line 782 OC\Authentication\Token\Manager->getToken("*** sensitive parameters replaced ***") 2. /var/www/html/nextcloud/lib/private/User/Session.php line 352 OC\User\Session->validateToken("*** sensitive parameters replaced ***") 3. /var/www/html/nextcloud/lib/private/User/Session.php line 452 OC\User\Session->login("*** sensitive parameters replaced ***") 4. /var/www/html/nextcloud/lib/private/User/Session.php line 580 OC\User\Session->logClientIn("*** sensitive parameters replaced ***") 5. /var/www/html/nextcloud/lib/base.php line 1150 OC\User\Session->tryBasicAuthLogin() 6. /var/www/html/nextcloud/ocs/v1.php line 61 OC::handleLogin() 7. /var/www/html/nextcloud/ocs/v2.php line 23 require_once("/var/www/html/nextcloud/ocs/v1.php") ### Steps to reproduce 1. No idea 2. 3. ### Expected behavior Everything is working but log is blasted with warnings ### Installation method Community Manual installation with Archive ### Nextcloud Server version 27 ### Operating system Debian/Ubuntu ### PHP engine version PHP 8.1 ### Web server Apache (supported) ### Database engine version MariaDB ### Is this bug present after an update or on a fresh install? Updated from a MINOR version (ex. 22.1 to 22.2) ### Are you using the Nextcloud Server Encryption module? Encryption is Disabled ### What user-backends are you using? - [X] Default user-backend _(database)_ - [ ] LDAP/ Active Directory - [ ] SSO - SAML - [ ] Other ### Configuration report _No response_ ### List of activated Apps _No response_ ### Nextcloud Signing status _No response_ ### Nextcloud Logs _No response_ ### Additional info _No response_

bluesky.ca · October 28, 2023, 3:41pm

It does look like the calendar might be broken, as commented on the github issue page it might be related to caldev - when I try to add a calendar event the error is:

Event does not exist
It might have been deleted, or there was a typo in a link

Strange thing I only get this for the admin user and no additional error messages show up in the log, so this might or might not be related - I add the info just in case it helps to find the cause.

The next version issue I reported has resolved itself and it now reports 27.1.3 as the next version.

Update: I have done more tests and don’t see caldev isssue - the admin problem was related to missing calendar - I am holding off on 27.1.3 for now.

shaywood · October 28, 2023, 4:30pm

I’m getting this error message with my log level set at 2. I have the calendar app installed, but not enabled.

Crashandy · October 29, 2023, 9:10am

I can see this error in both Nextcloud 26.0.8 and Nextcloud 27.1.3.
There are hundreds of messages in the log “Token is too short for a generated token, should be the password during basic auth” and they can be clearly assigned to different users.
These messages are mainly related to calendar synchronization from different clients “DAVx5, Thunderbird, etc.”.

I have prepared the logs in such a way that it is easier to recognize the files and line numbers concerned.
In the log appear e.g. these details of the messages (excerpt):

Thunderbird/115.4.1

"url":"/remote.php/dav/calendars/Username/Calendarname/",
"message":"Session token is invalid because it does not exist",
"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:115.0) Gecko/20100101 Thunderbird/115.4.1","version":"27.1.3.2",
"exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException",
"Message":"Token is too short for a generated token, should be the password during basic auth","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken",
"class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":782,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":352,"function":"validateToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":452,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":114,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":232,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":139,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":179,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:REPORT",[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Server.php","line":365,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/remote.php","line":172,"args":["/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],

"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":155,
"message":"Session token is invalid because it does not exist","user":"Username","exception":[],
"CustomMessage":"Session token is invalid because it does not exist"},

DAVx5/4.3.8-ose

"url":"/remote.php/dav/calendars/Username/Calendarname/",
"message":"Session token is invalid because it does not exist",
"userAgent":"DAVx5/4.3.8-ose (2023/10/12; dav4jvm; okhttp/4.11.0) Android/13","version":"27.1.3.2",
"exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException",
"Message":"Token is too short for a generated token, should be the password during basic auth","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken",
"class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":782,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":352,"function":"validateToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":452,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":114,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":232,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php","line":139,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":179,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[["Sabre\\HTTP\\Request"],["Sabre\\HTTP\\Response"]]},
{"file":"/volume1/web/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/lib/Server.php","line":365,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},
{"file":"/volume1/web/nextcloud/remote.php","line":172,"args":["/volume1/web/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],

"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":155,
"message":"Session token is invalid because it does not exist","user":"Username","exception":[],
"CustomMessage":"Session token is invalid because it does not exist"},

When using the Nextcloud Files app, the following errors then each appear in the log (excerpt):

Nextcloud-android/3.26.0

Login failed: 'Username' (Remote IP: '2003:**********')

"url":"/ocs/v2.php/cloud/user?format=json",
"message":"Session token is invalid because it does not exist",
"userAgent":"Mozilla/5.0 (Android) Nextcloud-android/3.26.0","version":"27.1.3.2",
"exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException",
"Message":"Token does not exist: token does not exist","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken",
"class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":782,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":352,"function":"validateToken","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":452,"function":"login","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":580,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/base.php","line":1150,"function":"tryBasicAuthLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v1.php","line":61,"function":"handleLogin","class":"OC","type":"::","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v2.php","line":23,"args":["/volume1/web/nextcloud/ocs/v1.php"],"function":"require_once"}],

"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":163,"Previous":{"Exception":"OCP\\AppFramework\\Db\\DoesNotExistException",
"Message":"token does not exist","Code":0,
"Trace":[{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":172,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenMapper","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":528,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":438,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/private/User/Session.php","line":580,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/lib/base.php","line":1150,"function":"tryBasicAuthLogin","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***","*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v1.php","line":61,"function":"handleLogin","class":"OC","type":"::","args":["*** sensitive parameters replaced ***"]},
{"file":"/volume1/web/nextcloud/ocs/v2.php","line":23,"args":["/volume1/web/nextcloud/ocs/v1.php"],"function":"require_once"}],

"File":"/volume1/web/nextcloud/lib/private/Authentication/Token/PublicKeyTokenMapper.php","Line":89},
"message":"Session token is invalid because it does not exist","user":"Username","exception":[],
"CustomMessage":"Session token is invalid because it does not exist"},

Essentially, the following messages keep popping up:
“Token is too short for a generated token, should be the password during basic auth”
“Session token is invalid because it does not exist”

FKBOX · November 3, 2023, 7:37pm

Have the same warnings:

[core] Warnung: OC\Authentication\Exceptions\InvalidTokenException: Token is too short for a generated token, should be the password during basic auth at <>

[core] Warnung: OC\Authentication\Exceptions\InvalidTokenException: Token does not exist: token does not exist at <>

Ubuntu 22.04
Nextcloud Hub 6 (27.1.3)
PHP Version 8.2
MySQL 8.0
Apache2, FPM, FastCGI

rene.froh · November 25, 2023, 9:01am

With the update to Nextcloud 27.1.4, warning messages are no longer issued.

NextCees · November 25, 2023, 9:49am

Correct, the errors have disappeared also here. Many thanks!

Mogeywuca · December 20, 2023, 1:43am

Hello You all,
(please sorry for my cruel English)
these entries in the Logfile are also in my NextCloud 28. i do not know if they are new, but i just saw them the first Time i updated today to Version 28.0.0. They appear every Second.
What can i do?