TOTP second-factor auth does not work in snap 1773?

rcpa0 · June 19, 2017, 1:49pm

Ubuntu Core 16 + nextcloud snap 1773 + https://github.com/nextcloud/twofactor_totp#readme

Once enabled, TOTP login attempt always fails. I can recover using a backup code.

Perhaps the “Authentication code [Verify]” will verify everything is working before enabling? The current release of this extension does not currently verify.

I can make this a new issue in github for the extension if someone else can please confirm if it is working in the current nextcloud snap?

Update 1: Instead of a self-signed SSL cert, I used a custom openssl generated key and CSR. cacert.org returned the CRT. I concatenated root+intermediate+CRT to chain.pem. The extension shouldn’t care though.

I am unable to find the logs specific to the TOTP extension:

root@snap1-vm10:/var/snap/nextcloud/1773/apache/logs# tail error_log 
[Mon Jun 19 06:15:34.000249 2017] [proxy_fcgi:error] [pid 1914:tid 139839728174848] [client 172.17.2.2:38402] AH01079: failed to make connection to backend: httpd-UDS
[Mon Jun 19 06:15:52.958147 2017] [proxy:error] [pid 1915:tid 139839471007488] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /tmp/sockets/php-fpm.sock (*) failed
[Mon Jun 19 06:15:52.958203 2017] [proxy_fcgi:error] [pid 1915:tid 139839471007488] [client 172.17.2.2:38406] AH01079: failed to make connection to backend: httpd-UDS
[Mon Jun 19 06:16:02.229440 2017] [mpm_event:notice] [pid 1912:tid 139839823484800] AH00491: caught SIGTERM, shutting down
[Mon Jun 19 06:16:38.544778 2017] [mpm_event:notice] [pid 1846:tid 139757789570944] AH00489: Apache/2.4.25 (Unix) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Jun 19 06:16:38.552733 2017] [core:notice] [pid 1846:tid 139757789570944] AH00094: Command line: 'httpd -d /snap/nextcloud/1773 -D EnableHTTPS -D FOREGROUND'
[Mon Jun 19 06:16:38.545791 2017] [unixd:alert] [pid 1850:tid 139757789570944] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
[Mon Jun 19 06:16:38.546182 2017] [unixd:alert] [pid 1849:tid 139757789570944] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
[Mon Jun 19 06:16:38.546536 2017] [unixd:alert] [pid 1848:tid 139757789570944] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
[Mon Jun 19 06:16:49.566014 2017] [unixd:alert] [pid 1948:tid 139757789570944] AH02155: getpwuid: couldn't determine user name from uid 4294967295, you probably need to modify the User directive
root@snap1-vm10:/var/snap/nextcloud/1773/apache/logs# tail php_errors.log 
#4 /snap/nextcloud/1773/htdocs/lib/private/DB/Connection.php(147): Doctrine\DBAL\Connection->setTransactionIsolation(2)
#5 /snap/nextcloud/1773/htdocs/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php(172): OC\DB\Connection->__con in /snap/nextcloud/1773/htdocs/lib/private/DB/Connection.php on line 60
[19-Jun-2017 06:16:34 UTC] PHP Fatal error:  Uncaught Doctrine\DBAL\DBALException: Failed to connect to the database: An exception occured in driver: SQLSTATE[HY000] [2002] No such file or directory in /snap/nextcloud/1773/htdocs/lib/private/DB/Connection.php:60
Stack trace:
#0 /snap/nextcloud/1773/htdocs/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(429): OC\DB\Connection->connect()
#1 /snap/nextcloud/1773/htdocs/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(389): Doctrine\DBAL\Connection->getDatabasePlatformVersion()
#2 /snap/nextcloud/1773/htdocs/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(328): Doctrine\DBAL\Connection->detectDatabasePlatform()
#3 /snap/nextcloud/1773/htdocs/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(621): Doctrine\DBAL\Connection->getDatabasePlatform()
#4 /snap/nextcloud/1773/htdocs/lib/private/DB/Connection.php(147): Doctrine\DBAL\Connection->setTransactionIsolation(2)
#5 /snap/nextcloud/1773/htdocs/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php(172): OC\DB\Connection->__con in /snap/nextcloud/1773/htdocs/lib/private/DB/Connection.php on line 60
root@snap1-vm10:/var/snap/nextcloud/1773/apache/logs#

ChristophWurst · June 19, 2017, 2:23pm

Yes, it does. What version of the app are you using?

rcpa0 · June 19, 2017, 3:51pm

Two Factor TOTP Provider 1.1.0
by Christoph Wurst (agpl-licensed)

How do I update it? Disable and re-enable doesn’t really re-install.

ChristophWurst · June 19, 2017, 4:05pm

Is that Nextlcoud 11? Then 1.1.0 unfortunately is the latest version. You have to update to Nextcloud 12 to be able to use 1.3.0, see https://apps.nextcloud.com/apps/twofactor_totp.

rcpa0 · June 19, 2017, 5:05pm

rcpao@snap1-vm10:~$ cat /etc/os-release 
NAME="Ubuntu Core"
VERSION="16"
ID=ubuntu-core
PRETTY_NAME="Ubuntu Core 16"
VERSION_ID="16"
HOME_URL="http://www.snapcraft.io/"
BUG_REPORT_URL="http://bugs.launchpad.net/snappy/"
rcpao@snap1-vm10:~$ snap list
Name       Version      Rev   Developer  Notes
classic    16.04        17    canonical  devmode
core       16-2         1689  canonical  -
nextcloud  11.0.3snap5  1773  nextcloud  -
pc         16.04-0.8    9     canonical  -
pc-kernel  4.4.0-71.92  60    canonical  -
rcpao@snap1-vm10:~$ snap refresh
All snaps up to date.
rcpao@snap1-vm10:~$ snap refresh nextcloud
snap "nextcloud" has no updates available
rcpao@snap1-vm10:~$ snap find nextcloud
Name                Version      Developer     Notes  Summary
nextcloud-port8080  1.01         arcticslyfox  -      Nextcloud Server
nextcloud-nextant   11.0.0snap3  rmescandon    -      Nextcloud Server + search support
nextcloud           11.0.3snap5  nextcloud     -      Nextcloud Server
cashbox-nextcloud   11.0.2snap2  cashbox       -      Nextcloud Server for www.cashBOX.plus
spreedme            0.29.5snap1  nextcloud     -      Spreed.ME audio/video calls and conferences feature for the Nextcloud Snap
qownnotes           17.06.5      pbek          -      Plain-text file notepad with markdown support and ownCloud integration
solr                0.1          rmescandon    -      Starts up solr as forking daemon
mdns-hostname       0.0.1        welike        -      mDNS mini-daemon to published hostname.local
rcpao@snap1-vm10:~$ snap install nextcloud
snap "nextcloud" is already installed, see "snap refresh --help"
rcpao@snap1-vm10:~$ snap refresh --candidate nextcloud
nextcloud (candidate) 11.0.3snap5 from 'nextcloud' refreshed

ChristophWurst · June 20, 2017, 10:59am

Okay, looks like the snap has not been updated yet: https://github.com/nextcloud/nextcloud-snap/issues/280