GithubHelp home page GithubHelp logo

Comments (13)

rokyo249 avatar rokyo249 commented on June 2, 2024

I have exactly the same issue here on Nextcloud version 27.0.2_1.6.43 (as an app on TrueNAS from Charts) and TOTP version 9.0.0:

  1. The app is enabled by admin.
  2. User logs in and tries to enable TOTP in their settings.
  3. The QR code is shown and can be added to 2FA app (Google Authenticator in this case)
  4. The spinner beside "Enable TOTP" never stops spinning
  5. When the user logs out, 2FA is not enabled
  6. When the user logs back in, the checkbox beside "Enable TOTP" is unchecked

Tested with several users, none of them working.

from twofactor_totp.

ChristophWurst avatar ChristophWurst commented on June 2, 2024

The spinner beside "Enable TOTP" never stops spinning

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html

there's most likely an error in nextcloud.log

from twofactor_totp.

rokyo249 avatar rokyo249 commented on June 2, 2024

The log shows:

{"reqId":"auBdqzS7xstdZ2OKk4C8","level":0,"time":"2023-09-06T07:11:47+00:00","remoteAddr":"10.0.81.111","user":"c4f7f426-f9ab-103c-9483-9fa59eb6e605","app":"user_ldap","method":"POST","url":"/apps/twofactor_totp/settings/enable","message":"Calling LDAP function ldap_explode_dn with parameters [\"c4f7f426-f9ab-103c-9483-9fa59eb6e605\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","data":{"app":"user_ldap"}}

immediately after the user clicks the "Enable TOTP" checkbox. Log level is on DEBUG.

Sounds like this is an issue with us using LDAP?

from twofactor_totp.

ChristophWurst avatar ChristophWurst commented on June 2, 2024

"level":0

it's just a debug notice, not an error

from twofactor_totp.

rokyo249 avatar rokyo249 commented on June 2, 2024

Yes, there is no other message in the log. But 2FA doesn't activate and the thing never stops spinning. Or is the log-level in NextCloud not "0 and above" and I have to set the log-level higher than 0?

from twofactor_totp.

ChristophWurst avatar ChristophWurst commented on June 2, 2024

Log level is fine. 0 means it will log everything.

I suggest to inspect the XHRs of the browser instead. There is a request sent when TOTP is enabled. See if that succeeds and what it returns.

from twofactor_totp.

rokyo249 avatar rokyo249 commented on June 2, 2024

Hmm, the response looks fine but there is something weird: The username is an UUID, while Nextcloud and our LDAP use firstname.lastname as UID.... could be that usernames are not correctly mapped in NC and that is an issue?

from twofactor_totp.

ChristophWurst avatar ChristophWurst commented on June 2, 2024

could be

from twofactor_totp.

rokyo249 avatar rokyo249 commented on June 2, 2024

Really weird, an additional message I got now suggests that the user isn't logged in, even though he clearly is when clicking the checkbox:

{"reqId":"44AXro7NRFw9PHz4YsI9","level":0,"time":"2023-09-06T13:45:07+00:00","remoteAddr":"10.0.81.111","user":"--","app":"no app in context","method":"POST","url":"/apps/twofactor_totp/settings/enable","message":"Current user is not logged in","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","exception":{"Exception":"OC\\AppFramework\\Middleware\\Security\\Exceptions\\NotLoggedInException","Message":"Current user is not logged in","Code":401,"Trace":[{"file":"/var/www/html/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":96,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\Security\\SecurityMiddleware","type":"->","args":[["OCA\\TwoFactorTOTP\\Controller\\SettingsController"],"enable"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":129,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->","args":[["OCA\\TwoFactorTOTP\\Controller\\SettingsController"],"enable"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\TwoFactorTOTP\\Controller\\SettingsController"],"enable"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\TwoFactorTOTP\\Controller\\SettingsController","enable",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["twofactor_totp.settings.enable"]]},{"file":"/var/www/html/lib/base.php","line":1071,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/twofactor_totp/settings/enable"]},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php","Line":161,"message":"Current user is not logged in","exception":{},"CustomMessage":"Current user is not logged in"}}
{"reqId":"YkhIq5nfzVkSKJfOmINp","level":0,"time":"2023-09-06T13:45:07+00:00","remoteAddr":"10.0.81.111","user":"--","app":"user_ldap","method":"GET","url":"/login?redirect_url=/apps/twofactor_totp/settings/enable","message":"Calling LDAP function ldap_explode_dn with parameters [\"c4f7f426-f9ab-103c-9483-9fa59eb6e331\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","data":{"app":"user_ldap"}}
{"reqId":"dnZ9Q44x2guG1CgrtRHt","level":0,"time":"2023-09-06T13:45:11+00:00","remoteAddr":"10.0.81.111","user":"c4f7f426-f9ab-103c-9483-9fa59eb6e331","app":"user_ldap","method":"GET","url":"/apps/twofactor_totp/settings/enable","message":"Calling LDAP function ldap_explode_dn with parameters [\"c4f7f426-f9ab-103c-9483-9fa59eb6e331\",0]","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0","version":"27.0.2.1","data":{"app":"user_ldap"}}

I highly suspect that this has to do with LDAP and incorrect mapping. I'll setup a fresh Nextcloud and pull users again from LDAP to check.

from twofactor_totp.

rokyo249 avatar rokyo249 commented on June 2, 2024

Hmm, it wasn't LDAP. I installed Nextcloud fresh and pulled users from LDAP again with the correct UIDs and it still doesn't work. The spinner keeps spinning, a QR code is generated and can be added to Google Authenticator but if I log out or leave the settings page, 2FA remains disabled.

When clicking the checkbox, only one request is shown in Web Developer Tools -> Network -> XHR: a POST to https://10.0.81.100:9001/apps/twofactor_totp/settings/enable with the response of:

09:22:30.658 XHRPOSThttps://10.0.81.100:9001/apps/twofactor_totp/settings/enable
[HTTP/2 200 OK 103ms]
1
{"state":1,"secret":"xxxxxxxxxxxxxx","qrUrl":"otpauth:\/\/totp\/Nextcloud%3Auser.name%4010.0.81.100%3A9001?secret=xxxxxxxxxxxxxx&issuer=Nextcloud"}

from twofactor_totp.

digitigrafo avatar digitigrafo commented on June 2, 2024

news?

from twofactor_totp.

buhanovserg avatar buhanovserg commented on June 2, 2024

Hello!
The problem is related to php, it works with the old php 8.0, I install php 8.1 and above does not work.

from twofactor_totp.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.