twofactor_u2f
twofactor_u2f copied to clipboard
nextcloud
Can not add Yubico Key 5 NFC
Steps to reproduce
- Download and Enable App
- Go to Profile Security Section
- Press "Add U2F device"
Expected behaviour
As with "Add WebAuthn device" and most other systems (which all work perfectly fine), I expected the screen to pop up for my Yubico 5 NFC asking me for the Keys code, a request to press the key's button.
Actual behaviour
Asked for a name for the key and then nothing
Server configuration
Operating system: CloudLinux 7
Web server: Apache
Database: MySQL
PHP version: PHP 7.4
Version: 20.0.1
Updated from an older version or fresh install: Fresh Install
List of activated apps:
Enabled: - accessibility: 1.6.0 - activity: 2.13.2 - bruteforcesettings: 2.0.1 - cloud_federation_api: 1.3.0 - comments: 1.10.0 - contactsinteraction: 1.1.0 - dashboard: 7.0.0 - dav: 1.16.0 - encryption: 2.8.1 - federatedfilesharing: 1.10.1 - federation: 1.10.1 - files: 1.15.0 - files_pdfviewer: 2.0.1 - files_rightclick: 0.17.0 - files_sharing: 1.12.0 - files_trashbin: 1.10.1 - files_versions: 1.13.0 - files_videoplayer: 1.9.0 - firstrunwizard: 2.9.0 - logreader: 2.5.0 - lookup_server_connector: 1.8.0 - nextcloud_announcements: 1.9.0 - notifications: 2.8.0 - oauth2: 1.8.0 - occweb: 0.0.7 - password_policy: 1.10.1 - photos: 1.2.0 - privacy: 1.4.0 - provisioning_api: 1.10.0 - recommendations: 0.8.0 - serverinfo: 1.10.0 - settings: 1.2.0 - sharebymail: 1.10.0 - support: 1.3.0 - survey_client: 1.8.0 - systemtags: 1.10.0 - text: 3.1.0 - theming: 1.11.0 - twofactor_backupcodes: 1.9.0 - twofactor_totp: 5.0.0 - twofactor_u2f: 6.0.0 - updatenotification: 1.10.0 - user_status: 1.0.0 - viewer: 1.4.0 - weather_status: 1.0.0 - workflowengine: 2.2.0Disabled: - admin_audit - files_external - user_ldap
The content of config/config.php: { "system": { "instanceid": "REMOVED SENSITIVE VALUE", "passwordsalt": "REMOVED SENSITIVE VALUE", "secret": "REMOVED SENSITIVE VALUE", "trusted_domains": [ "cloud.kohinoorltd.co.uk" ], "datadirectory": "REMOVED SENSITIVE VALUE", "dbtype": "mysql", "version": "20.0.1.1", "overwrite.cli.url": "https://cloud.kohinoorltd.co.uk", "dbname": "REMOVED SENSITIVE VALUE", "dbhost": "REMOVED SENSITIVE VALUE", "dbport": "", "dbtableprefix": "oc_", "dbuser": "REMOVED SENSITIVE VALUE", "dbpassword": "REMOVED SENSITIVE VALUE", "installed": true, "app_install_overwrite": [ "occweb" ], "mysql.utf8mb4": true, "maintenance": false, "twofactor_enforced": "false", "twofactor_enforced_groups": [], "twofactor_enforced_excluded_groups": [] }}
Client configuration
Browser: Edge (Chromium)
Operating system: Windows 10
Logs
Web server error log
Exception: Argument 1 passed to OCA\TwoFactorU2F\Controller\SettingsController::finishRegister() must be of the type string, null given, called in /home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/Http/Dispatcher.php on line 169
Server log (data/nextcloud.log)
{"reqId":"X5zytmAaS1r@0ulDEwVDVwAAAJU","level":3,"time":"2020-10-31T05:14:30+00:00","remoteAddr":"82.13.172.136","user":"mwalton","app":"index","method":"POST","url":"/index.php/apps/twofactor_u2f/settings/finishregister","message":{"Exception":"Exception","Message":"Argument 1 passed to OCA\TwoFactorU2F\Controller\SettingsController::finishRegister() must be of the type string, null given, called in /home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/Http/Dispatcher.php on line 169","Code":0,"Trace":[{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\AppFramework\Http\Dispatcher","type":"->","args":[{"class":"OCA\TwoFactorU2F\Controller\SettingsController"},"finishRegister"]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\AppFramework\App","type":"::","args":["OCA\TwoFactorU2F\Controller\SettingsController","finishRegister",{"class":"OC\AppFramework\DependencyInjection\DIContainer"},{"action":null,"_route":"twofactor_u2f.settings.finishRegister"}]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/base.php","line":1009,"function":"match","class":"OC\Route\Router","type":"->","args":["/apps/twofactor_u2f/settings/finishregister"]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/Http/Dispatcher.php","Line":110,"Previous":{"Exception":"TypeError","Message":"Argument 1 passed to OCA\TwoFactorU2F\Controller\SettingsController::finishRegister() must be of the type string, null given, called in /home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/Http/Dispatcher.php on line 169","Code":0,"Trace":[{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/Http/Dispatcher.php","line":169,"function":"finishRegister","class":"OCA\TwoFactorU2F\Controller\SettingsController","type":"->","args":[null,null,"Yubi 5 NFC - Spare"]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/Http/Dispatcher.php","line":100,"function":"executeController","class":"OC\AppFramework\Http\Dispatcher","type":"->","args":[{"class":"OCA\TwoFactorU2F\Controller\SettingsController"},"finishRegister"]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/AppFramework/App.php","line":152,"function":"dispatch","class":"OC\AppFramework\Http\Dispatcher","type":"->","args":[{"class":"OCA\TwoFactorU2F\Controller\SettingsController"},"finishRegister"]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/private/Route/Router.php","line":308,"function":"main","class":"OC\AppFramework\App","type":"::","args":["OCA\TwoFactorU2F\Controller\SettingsController","finishRegister",{"class":"OC\AppFramework\DependencyInjection\DIContainer"},{"action":null,"_route":"twofactor_u2f.settings.finishRegister"}]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/lib/base.php","line":1009,"function":"match","class":"OC\Route\Router","type":"->","args":["/apps/twofactor_u2f/settings/finishregister"]},{"file":"/home/kohinoor/cloud.kohinoorltd.co.uk/index.php","line":37,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/home/kohinoor/cloud.kohinoorltd.co.uk/apps/twofactor_u2f/lib/Controller/SettingsController.php","Line":66},"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.56","version":"20.0.1.1"}
Browser log
Uncaught (in promise) Error: U2F device registration failed (error code unknown) at a.rejectRegistration (AddDeviceDialog.vue:157) at AddDeviceDialog.vue:135
Something in the u2f registration went wrong. THe server error translates to a missing parameter that wasn't sent.
I don't have a device to reproduce this right now.
I've a similar problem on Firefox. The server returns a 500 code. Here's my nextcloud-log:
{
"reqId":"yeHzaQ02gMdIIqzHE7Nt",
"level":3,
"time":"2020-11-21T16:04:22+01:00",
"remoteAddr":"***IP***",
"user":"***USER***",
"app":"index",
"method":"POST",
"url":"/settings/api/personal/webauthn/registration",
"message":{
"Exception":"Assert\\InvalidArgumentException",
"Message":"The attestation statement format \"packed\" is not supported.",
"Code":32,
"Trace":[
{
"file":"/var/www/nextcloud/3rdparty/beberlei/assert/lib/Assert/Assertion.php",
"line":1769,
"function":"createException",
"class":"Assert\\Assertion",
"type":"::"
},
{
"file":"/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/AttestationStatement/AttestationStatementSupportManager.php",
"line":37,
"function":"true",
"class":"Assert\\Assertion",
"type":"::"
},
{
"file":"/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/AttestationStatement/AttestationObjectLoader.php",
"line":83,
"function":"get",
"class":"Webauthn\\AttestationStatement\\AttestationStatementSupportManager",
"type":"->"
},
{
"file":"/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php",
"line":120,
"function":"load",
"class":"Webauthn\\AttestationStatement\\AttestationObjectLoader",
"type":"->"
},
{
"file":"/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php",
"line":80,
"function":"createResponse",
"class":"Webauthn\\PublicKeyCredentialLoader",
"type":"->"
},
{
"file":"/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/PublicKeyCredentialLoader.php",
"line":107,
"function":"loadArray",
"class":"Webauthn\\PublicKeyCredentialLoader",
"type":"->"
},
{
"file":"/var/www/nextcloud/lib/private/Authentication/WebAuthn/Manager.php",
"line":151,
"function":"load",
"class":"Webauthn\\PublicKeyCredentialLoader",
"type":"->"
},
{
"file":"/var/www/nextcloud/apps/settings/lib/Controller/WebAuthnController.php",
"line":103,
"function":"finishRegister",
"class":"OC\\Authentication\\WebAuthn\\Manager",
"type":"->"
},
{
"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line":170,
"function":"finishRegistration",
"class":"OCA\\Settings\\Controller\\WebAuthnController",
"type":"->"
},
{
"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line":100,
"function":"executeController",
"class":"OC\\AppFramework\\Http\\Dispatcher",
"type":"->"
},
{
"file":"/var/www/nextcloud/lib/private/AppFramework/App.php",
"line":137,
"function":"dispatch",
"class":"OC\\AppFramework\\Http\\Dispatcher",
"type":"->"
},
{
"file":"/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php",
"line":47,
"function":"main",
"class":"OC\\AppFramework\\App",
"type":"::"
},
{
"function":"__invoke",
"class":"OC\\AppFramework\\Routing\\RouteActionHandler",
"type":"->"
},
{
"file":"/var/www/nextcloud/lib/private/Route/Router.php",
"line":297,
"function":"call_user_func"
},
{
"file":"/var/www/nextcloud/lib/base.php",
"line":1010,
"function":"match",
"class":"OC\\Route\\Router",
"type":"->"
},
{
"file":"/var/www/nextcloud/index.php",
"line":37,
"function":"handleRequest",
"class":"OC",
"type":"::"
}
],
"File":"/var/www/nextcloud/3rdparty/beberlei/assert/lib/Assert/Assertion.php",
"Line":2752,
"CustomMessage":"--"
},
"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0",
"version":"19.0.5.2"
}
Something in the u2f registration went wrong.
@Somebodyisnobody see what I commented before. It's not about the server. The registration in the browser doesn't succeed, hence incomplete data is sent to the server. The error you posted is just a symptom.
Something in the u2f registration went wrong.
@Somebodyisnobody see what I commented before. It's not about the server. The registration in the browser doesn't succeed, hence incomplete data is sent to the server. The error you posted is just a symptom.
@ChristophWurst However, the Yubico Keys works with the default Nextcloud Passwordless Authentication perfectly fine which proves its not the browser, the key or Nextcloud but its the app
Well the error happens in the browser, even if you don't believe me. But feel free to dig into it and send a PR.