Webdav login issue in files web client

Hi, I have recently upgraded to 13.0.0.14 and I am facing issues with both the web and mobile clients. After I log in (which takes super long) I don’t see any folders or files in the files app (apps/files). However, accessing a file through ‘recent’ works.

The following is logged during login:

{"reqId":"WwXF2H8AAQEAAD0-2NoAAAAD","level":2,"time":"2018-05-23T19:50:14+00:00","remoteAddr":"xxx","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav\/","message":"Login failed: 'max' (Remote IP: 'xxx')","userAgent":"Mozilla\/5.0 (Linux) mirall\/2.3.2 (Nextcloud)","version":"13.0.0.14"}
{"reqId":"WwXF2H8AAQEAAD0-2NoAAAAD","level":1,"time":"2018-05-23T19:50:14+00:00","remoteAddr":"xxx","user":"--","app":"core","method":"GET","url":"\/remote.php\/webdav\/","message":"Bruteforce attempt from \"my_ip\" detected for action \"login\".","userAgent":"Mozilla\/5.0 (Linux) mirall\/2.3.2 (Nextcloud)","version":"13.0.0.14"}

This is my config.php:

<?php
$CONFIG = array (
  'passwordsalt' => 'xxx'
  'secret' => 'xxx',
  'trusted_domains' => 
  array (
    0 => 'homer',
  ),
  'datadirectory' => '/mnt/baracke/nextcloud',
  'overwrite.cli.url' => 'http://localhost',
  'dbtype' => 'mysql',
  'version' => '13.0.0.14',
  'dbname' => 'nextclouddb',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'xxx',
  'dbpassword' => 'xxx'
  'installed' => true,
  'instanceid' => 'xxx'
  'default_language' => 'en',
  'loglevel' => 0,
  'logfile' => '/var/log/nextcloud.log',
);

I did see this post but I did not enable two-factor authentication as far as I know.

How can I get things working again?

that could be one of the reasons.
have you installted bruteforce-app? please do. and whitelist your IP.

or maybe you have altered a password somewhere and forgot to alter it in NC as well…

I don’t know if the app clears out entries from the brute force attempts table, but you can do that manually using this:

We should really request this feature to be included with the Brute Force app… :slight_smile:

looks as if someone already demanded it… → Unblock IP-Address from admin settings page · Issue #9 · nextcloud/bruteforcesettings · GitHub

Thanks for your responses. I am afraid it is still not working. I added the bruteforce app and the IP it is complaining about. Also I removed all entries in the oc_bruteforce_attempts (there were quite a few). I restarted Apache.
After logging in, still no files are visible and in the logs I get the following warnings frequently:

|Warning|core|Login failed: 'max' (Remote IP: 'my_home_network_ip')|2018-05-24T20:07:07+0200|
|Warning|core|Login failed: 'max' (Remote IP: 'my_home_network_ip')|2018-05-24T20:07:07+0200|

Also I get the following message under Settings > Basic Settings > Security & setup warnings:

Dein Webserver ist noch nicht hinreichend für Datei-Synchronisation konfiguriert, da die WebDAV-Schnittstelle vermutlich nicht funktioniert.

(I set English as the forced language but this is still somehow showing in German: It is saying that the WebDAV interface does not work and hence the file synchronization is missconfigured).

I even tried to set
'auth.bruteforce.protection.enabled' => false
to no avail.

Here is the current config.php:
> <?php

$CONFIG = array (
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' => 
  array (
    0 => 'homer',
  ),
  'datadirectory' => '/mnt/baracke/nextcloud',
  'overwrite.cli.url' => 'http://localhost',
  'dbtype' => 'mysql',
  'version' => '13.0.2.1',
  'dbname' => 'nextclouddb',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => 'xxx',
  'installed' => true,
  'instanceid' => 'xxx',
  'default_language' => 'en',
  'force_language' => 'en',
  'auth.bruteforce.protection.enabled' => false,
  'loglevel' => 0,
  'logfile' => '/var/log/nextcloud.log',
  'maintenance' => false,
  'theme' => '',
);

have you changed/marked something in the outcome of your config.php before posting it here? i mean if not pls remove sensitive data from it like passwords, e.g.

what catches my eye is your trusted_domains-array and maybe your overwrite.cli.url- i dont know for sure but that looks a bit strange for me.
maybe someone else could comment as well on this point?