nextcloud
Forced logout with autoupload - collision with brute force settings?!
Hi all,
on my iPhone, since at least the last two updates (up to 4.4.0.18) I seem to have issues with the autoupload feature. In detail, it looks as if the autoupload causes some sort of server error which makes the app assume it is logged out again and I need to sign in again to see the file list etc. Interestingly, the upload seems to continue in the background.
Not sure if this bug (only) appears when using 2 accounts as I do at the moment.
Steps to reproduce
- Set up one or two accounts (each on a different serverA and serverB).
- Enable auto-upload to serverA (also of existing files on my iPhone), custom directory, custom file name pattern, upload into subfolders.
- Wait for autouploads to start
- Switch between accounts / stop and restart app / open files view for serverB
Expected behaviour
- The NC client opens the corresponding folder view of server A.
- Image uploads happen "in the background"
Actual behaviour
- after a while, an error message appears that there was a server error and I need to sign in again: the files / folder view of server A disappears and the login screen is shown again.
- If I sign in again, a new device session is generated
- The problem appears again after a while
- Interestingly, after a while, the autoupload continues for serverA even after a potential "logout" while I cannot open the folder view any more. (Not sure if this behavior only happens if there is a 2nd account that is in a signed in state for serverB).
Screenshots
Logs
The log view of the web panel shows:
{"reqId":"<id>","level":1,"time":"2022-06-07T18:15:54+00:00","remoteAddr":"<ip>","user":"--","app":"core","method":"PUT","url":"/remote.php/dav/files/user/SofortUpload/<folders>/<name>","message":"Bruteforce attempt from \"<ip>\" detected for action \"login\".","userAgent":"Mozilla/5.0 (iOS) Nextcloud-iOS/4.4.0","version":"23.0.5.1","id":"<id>"}
Reasoning or why should it be changed/implemented?
It looks like autoupload and potentially brute force settings do not collaborate properly and brute force seems to send out 401s after a while, causing this issue.
Environment data
iOS version: e.g. iOS 15.5
Nextcloud iOS app version: 4.0..18
Server operating system: Ubuntu 20.04
Web server: Apache + nginx reverse Proxy (Plesk)
Database: MariaDB 10.3.34
PHP version: PHP 8.0.19
Nextcloud version: 23.0.5
Hmm Never thought oft something like this. But it might explain why my friend sometimes logs out without knowing and needs to log in again.
I can confirm this kinda weird behavier:
While an iOS client has been connectecd and used by the user (she worked on some documents strored on my Nextcloud) I restarted the server (the docker fpm image). This caused her client to be logged out.
Saddly, there is no information in the server log file (besides the multiple login failure messages). I haven't had the chance to look on her phone yet. But I'm afraid there will be also no info in the log as she is logged out.
For me it looks like the client under some circumstances when loosing the connetion and is trying to reestablishing the connection marks the login as invalid aka 'loggs out'. Maybe the login is marked as invalid and not only the session?
This is not easy reproducable but I hope my explanation may help. It happended a few times now. I also opened #2052 which may also be a help for this problem.
Cc: @marinofaggiana
I'm sorry. I can't check on this as my friend is in India for holidays and does not have test flight. But I can confirm that another logout happened and I don't have any information in the server log.
had
Fixed ?? https://testflight.apple.com/join/RXEJbWj9
Checked, yup, it's fixed deauth for me.
I can confirm this is still an issue using the MacOS client. Sync will work a few times, then the user is disabled. I have to occ user:enable to let me log into nextcloud again.
