twofactor_u2f
twofactor_u2f copied to clipboard
Published
20 hours ago •
nextcloud
nextcloud
U2F device can not work with chromium-based Edge browser with Errorcode: unknown.
Steps to reproduce
- Add U2F device
- Fail
Expected behaviour
I should be able to add U2F device
Actual behaviour
I couldn't
Server configuration
Operating system: OpenSUSE 15.3 with podman
Web server: Apache in the container and Nginx as reverse proxy
Database: postgresql 13
PHP version: 8.0
Version: 22.1.1
Updated from an older version or fresh install: Fresh install
List of activated apps:
"apps": {
"accessibility": {
"installed_version": "1.7.0",
"types": "",
"enabled": "yes"
},
"activity": {
"installed_version": "2.15.0",
"types": "filesystem",
"enabled": "yes"
},
"backgroundjob": {
"lastjob": "2"
},
"bruteforcesettings": {
"installed_version": "2.2.0",
"types": "",
"enabled": "yes"
},
"circles": {
"installed_version": "22.1.1",
"types": "filesystem,dav",
"enabled": "yes",
"loopback_tmp_scheme": "https",
"maintenance_run": "0",
"maintenance_update": "{\"maximum\":3,\"3\":1631580015,\"2\":1631582403,\"1\":1631582703}"
},
"cloud_federation_api": {
"installed_version": "1.4.0",
"types": "filesystem",
"enabled": "yes"
},
"comments": {
"installed_version": "1.11.0",
"types": "logging",
"enabled": "yes"
},
"contactsinteraction": {
"installed_version": "1.2.0",
"types": "dav",
"enabled": "yes"
},
"core": {
"installedat": "1631524998.9237",
"vendor": "nextcloud",
"public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
"public_files": "files_sharing\/public.php",
"lastupdatedat": "1631580226",
"installed.bundles": "[\"CoreBundle\"]",
"oc.integritycheck.checker": "[]",
"theming.variables": "b92d206521717ac032f8aa58d3c7ff2f",
"lastupdateResult": "[]",
"backgroundjobs_mode": "cron",
"lastcron": "1631582703"
},
"dashboard": {
"installed_version": "7.1.0",
"types": "",
"enabled": "yes"
},
"dav": {
"installed_version": "1.18.0",
"types": "filesystem",
"enabled": "yes"
},
"federatedfilesharing": {
"installed_version": "1.11.0",
"types": "",
"enabled": "yes"
},
"federation": {
"installed_version": "1.11.0",
"types": "authentication",
"enabled": "yes"
},
"files": {
"installed_version": "1.16.0",
"types": "filesystem",
"enabled": "yes",
"max_chunk_size": "536870912"
},
"files_pdfviewer": {
"installed_version": "2.3.0",
"types": "",
"enabled": "yes"
},
"files_rightclick": {
"installed_version": "1.1.0",
"types": "",
"enabled": "yes"
},
"files_sharing": {
"installed_version": "1.13.2",
"types": "filesystem",
"enabled": "yes"
},
"files_trashbin": {
"installed_version": "1.11.0",
"types": "filesystem,dav",
"enabled": "yes"
},
"files_versions": {
"installed_version": "1.14.0",
"types": "filesystem,dav",
"enabled": "yes"
},
"files_videoplayer": {
"installed_version": "1.11.0",
"types": "",
"enabled": "yes"
},
"firstrunwizard": {
"installed_version": "2.11.0",
"types": "logging",
"enabled": "yes"
},
"logreader": {
"installed_version": "2.7.0",
"types": "",
"enabled": "yes"
},
"lookup_server_connector": {
"installed_version": "1.9.0",
"types": "authentication",
"enabled": "yes"
},
"nextcloud_announcements": {
"installed_version": "1.11.0",
"types": "logging",
"enabled": "yes",
"pub_date": "Thu, 24 Oct 2019 00:00:00 +0200"
},
"notifications": {
"installed_version": "2.10.1",
"types": "logging",
"enabled": "yes"
},
"oauth2": {
"installed_version": "1.9.0",
"types": "authentication",
"enabled": "yes"
},
"password_policy": {
"installed_version": "1.12.0",
"types": "authentication",
"enabled": "yes"
},
"photos": {
"installed_version": "1.4.0",
"types": "",
"enabled": "yes"
},
"privacy": {
"installed_version": "1.6.0",
"types": "",
"enabled": "yes",
"fullDiskEncryptionEnabled": "1",
"readableLocation": "us"
},
"provisioning_api": {
"installed_version": "1.11.0",
"types": "prevent_group_restriction",
"enabled": "yes"
},
"recommendations": {
"installed_version": "1.1.0",
"types": "",
"enabled": "yes"
},
"serverinfo": {
"installed_version": "1.12.0",
"types": "",
"enabled": "yes",
"cached_count_filecache": "342",
"cached_count_storages": "2"
},
"settings": {
"installed_version": "1.3.0",
"types": "",
"enabled": "yes"
},
"sharebymail": {
"installed_version": "1.11.0",
"types": "filesystem",
"enabled": "yes"
},
"support": {
"installed_version": "1.5.0",
"types": "session",
"enabled": "yes"
},
"survey_client": {
"installed_version": "1.10.0",
"types": "",
"enabled": "yes"
},
"systemtags": {
"installed_version": "1.11.0",
"types": "logging",
"enabled": "yes"
},
"text": {
"installed_version": "3.3.0",
"types": "dav",
"enabled": "yes"
},
"theming": {
"installed_version": "1.12.0",
"types": "logging",
"enabled": "yes"
},
"twofactor_backupcodes": {
"installed_version": "1.10.1",
"types": "",
"enabled": "yes"
},
"twofactor_totp": {
"installed_version": "6.1.0",
"types": "",
"enabled": "yes"
},
"twofactor_u2f": {
"installed_version": "6.2.0",
"types": "",
"enabled": "yes"
},
"updatenotification": {
"installed_version": "1.11.0",
"types": "",
"enabled": "yes",
"update_check_errors": "0"
},
"user_status": {
"installed_version": "1.1.1",
"types": "",
"enabled": "yes"
},
"viewer": {
"installed_version": "1.6.0",
"types": "",
"enabled": "yes"
},
"weather_status": {
"installed_version": "1.1.0",
"types": "",
"enabled": "yes"
},
"workflowengine": {
"installed_version": "2.3.1",
"types": "filesystem",
"enabled": "yes"
}
}
}
The content of config/config.php:
{
"system": {
"htaccess.RewriteBase": "\/",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "cloud.anislet.dev",
"overwriteprotocol": "https",
"overwritewebroot": "\/",
"objectstore": {
"class": "\\OC\\Files\\ObjectStore\\S3",
"arguments": {
"bucket": "dev-anislet-cloud",
"key": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"region": "us-west-002",
"hostname": "s3.us-west-002.backblazeb2.com",
"port": "443",
"objectPrefix": "urn:oid:",
"autocreate": false,
"use_ssl": true,
"use_path_style": false,
"legacy_auth": false
}
},
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.anislet.dev",
"10.0.2.*"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "22.1.1.2",
"overwrite.cli.url": "https:\/\/cloud.anislet.dev",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"default_phone_region": "CN",
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***"
},
Client configuration
Browser: Edge
Operating system: Windows 11 Pro
Logs
Web server error log
[Masked Client IP Address] - - [14/Sep/2021:01:37:12 +0000] "GET /settings/user/security HTTP/1.0" 200 9584 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /core/js/oc.js?v=a0269bd2 HTTP/1.0" 200 2375 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /core/js/dist/files_fileinfo.js.map HTTP/1.0" 200 36007 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /apps/accessibility/js/accessibilityoca.js.map HTTP/1.0" 200 17533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /custom_apps/twofactor_totp/js/main-settings.js.map HTTP/1.0" 200 329468 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /core/js/dist/files_client.js.map HTTP/1.0" 200 182211 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /apps/twofactor_backupcodes/js/settings.js.map HTTP/1.0" 200 247488 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "GET /ocs/v2.php/search/providers?from=%2Fsettings%2Fuser%2Fsecurity HTTP/1.0" 200 1048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.0" 200 925 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "GET /apps/files_videoplayer/js/main.js.map HTTP/1.0" 200 8589 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "GET /apps/files_sharing/js/dist/main.js.map HTTP/1.0" 200 3024 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /core/js/dist/main.js.map HTTP/1.0" 200 1448925 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "GET /core/js/dist/unified-search.js.map HTTP/1.0" 200 528960 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "PUT /apps/user_status/heartbeat HTTP/1.0" 200 884 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /custom_apps/twofactor_u2f/js/settings.js.map HTTP/1.0" 200 527948 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "GET /apps/user_status/js/user-status-menu.js.map?v=a8f08edd1f3ca2e95306 HTTP/1.0" 200 487766 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /apps/settings/js/vue-settings-personal-security.js.map?v=8e335c3545ba118d5744 HTTP/1.0" 200 942398 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:13 +0000] "GET /apps/notifications/js/notifications-main.js.map?v=3cccdf405849d223e62d HTTP/1.0" 200 956121 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:14 +0000] "GET /apps/settings/js/vue-settings-personal-webauthn.js.map?v=479903a8117490bf1d82 HTTP/1.0" 200 502502 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:15 +0000] "GET /core/vendor/zxcvbn/dist/zxcvbn.js.map HTTP/1.0" 302 923 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
[Masked Client IP Address] - - [14/Sep/2021:01:37:15 +0000] "GET /apps/dashboard/ HTTP/1.0" 200 9604 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
::1 - - [14/Sep/2021:01:37:16 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.48 (Debian) PHP/8.0.10 (internal dummy connection)"
[Masked Client IP Address] - - [14/Sep/2021:01:37:16 +0000] "POST /apps/twofactor_u2f/settings/startregister HTTP/1.0" 200 919 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Edg/93.0.961.47"
Server log (data/nextcloud.log)
{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","Line":158,"Previous":{"Exception":"TypeError","Message":"OCA\\TwoFactorU2F\\Controller\\SettingsController::finishRegister(): Argument #1 ($registrationData) must be of type string, null given, called in /var/www/html/lib/private/AppFramework/Http/Dispatcher.php on line 217","Code":0,"Trace":[{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":217,"function":"finishRegister","class":"OCA\\TwoFactorU2F\\Controller\\SettingsController","type":"->","args":[null,null,"Yubikey Red"]},{"file":"/var/www/html/lib/private/AppFramework/Http/Dispatcher.php","line":126,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\TwoFactorU2F\\Controller\\SettingsController"},"finishRegister"]},{"file":"/var/www/html/lib/private/AppFramework/App.php","line":156,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OCA\\TwoFactorU2F\\Controller\\SettingsController"},"finishRegister"]},{"file":"/var/www/html/lib/private/Route/Router.php","line":301,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\TwoFactorU2F\\Controller\\SettingsController","finishRegister",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"_route":"twofactor_u2f.settings.finishRegister"}]},{"file":"/var/www/html/lib/base.php","line":1000,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/apps/twofactor_u2f/settings/finishregister"]},{"file":"/var/www/html/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/var/www/html/custom_apps/twofactor_u2f/lib/Controller/SettingsController.php","Line":65},"CustomMessage":"--"}}
Browser log
It says U2F device registration failed, Eror code unknown.
匿名 stands for asynchronous and 异步 stands for asynchronous.
Check https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html if you use a reverse proxy
Check https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/reverse_proxy_configuration.html if you use a reverse proxy
I do follow that guide, but it's still not working.
I defined trusted_proxies overwritehost overwriteprotocol overwritewebroot and they all working fine.
I defined Service Discovery too though in the overview pages says I didn't. But it works fine with browser.
I'm now sure this is a client issue.
I was using chromium-based Edge, after I change to Chrome, everything just works fine.
So maybe this is an issue only happend on the Edge browser?
The version of Edge I'm using now is 93.0.961.47.
@ChristophWurst
Update:
I could both register and login with U2F device on Chrome but I can't do both of them on Edge.
It says U2F Device, Error occur: U2F not supported.
Error occur: U2F not supported.
Bingo. Sounds like this is indeed caused by a limitation in the u2f library that we use.
Hi,
Any news about this issue?
I'm also experiencing this issues on the chromium-based edge. The app is behind traefik and the overwriteprotocol is set to https. Everything else is working.
There is a section under "Security" called "Passwordless Authentication" for which I can setup my yubikey without any issue, however the same key does not work with your app.
I can confirm, same macOS with Chrome (upstream) and Brave, Yubikey won't work, then I try on Firefox (upstream) and it does work, so the code has some trouble with Chromium-base browser
trouble with Chromium-base browser
https://github.com/nextcloud/twofactor_u2f/issues/947