user_saml
user_saml copied to clipboard
Crash when the username is 22 characters long
Steps to reproduce
- Create a user with a username that is 22 characters long.
- Try logging in.
Expected behaviour
It should work.
Actual behaviour
The user get the internal error page. Less or more than 22 characters usernames works.
Server configuration
Operating system: Linux
SAML Provider Keycloak
Web server: Nginx
Database: Postgres
PHP version: 7.4.23
Nextcloud version: (see Nextcloud admin page)
- 20.0.12
- 21.0.4
- 22.1.1
Where did you install Nextcloud from: Docker
List of activated apps:
- accessibility: 1.6.0
- activity: 2.13.4
- admin_audit: 1.10.0
- apporder: 0.13.0
- bruteforcesettings: 2.2.0
- calendar: 2.3.3
- cloud_federation_api: 1.3.0
- comments: 1.10.0
- contactsinteraction: 1.1.0
- dav: 1.16.2
- federatedfilesharing: 1.10.2
- federation: 1.10.1
- files: 1.15.0
- files_pdfviewer: 2.0.1
- files_rightclick: 0.17.0
- files_sharing: 1.12.2
- files_trashbin: 1.10.1
- files_versions: 1.13.0
- files_videoplayer: 1.9.0
- indie_external: 3.9.0
- logreader: 2.5.0
- lookup_server_connector: 1.8.0
- nextcloud_announcements: 1.9.0
- notifications: 2.8.0
- oauth2: 1.8.0
- onlyoffice: 7.1.2
- password_policy: 1.10.1
- photos: 1.2.3
- privacy: 1.4.0
- provisioning_api: 1.10.0
- recommendations: 0.8.0
- settings: 1.2.0
- sharebymail: 1.10.0
- survey_client: 1.8.0
- systemtags: 1.10.0
- text: 3.1.0
- theming: 1.11.0
- twofactor_backupcodes: 1.9.0
- user_saml: 3.3.5
- user_status: 1.0.1
- viewer: 1.4.0
- weather_status: 1.0.0
- workflowengine: 2.2.0
Nextcloud configuration:
{
"system": {
"installed": "true",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"***REMOVED SENSITIVE VALUE***"
],
"overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
"overwriteprotocol": "",
"version": "20.0.12.1",
"debug": false,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"config_is_read_only": true,
"skeletondirectory": "",
"updatechecker": "false ",
"updater.server.url": "https:\/\/updates.nextcloud.com\/updater_server\/",
"updater.release.channel": "stable",
"upgrade.disable-web": true,
"sharing.maxAutocompleteResults": 10,
"sharing.minSearchStringLength": 2,
"dbtype": "pgsql",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "5432",
"dbtableprefix": false,
"mysql.utf8mb4": false,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/usr\/src\/nextcloud\/apps",
"url": "\/apps",
"writable": false
}
],
"default_language": "fr",
"default_locale": "fr",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"objectstore": {
"class": "\\OC\\Files\\ObjectStore\\S3",
"arguments": {
"bucket": "***REMOVED SENSITIVE VALUE***",
"autocreate": false,
"key": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"region": "default",
"hostname": "***REMOVED SENSITIVE VALUE***",
"port": "443",
"use_ssl": true,
"use_path_style": true
}
},
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpsecure": "tls",
"mail_smtpauth": true,
"mail_smtpauthtype": "LOGIN",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"appstoreenabled": false
}
}
Client configuration
Browser:
Operating system:
Logs
Nextcloud log (data/owncloud.log)
Error index InvalidArgumentException: User "" is not valid at apps/user_saml/lib/Controller/SAMLController.php line 357 2021-09-08T15:33:26+00:00
0. lib/private/AppFramework/Http/Dispatcher.php line 169
OCA\User_SAML\Controller\SAMLController->assertionConsumerService(
)
1. lib/private/AppFramework/Http/Dispatcher.php line 100
OC\AppFramework\Http\Dispatcher->executeController(OCA\User_SAML\Controller\SAMLController {}, "assertionConsumerService")
2. lib/private/AppFramework/App.php line 152
OC\AppFramework\Http\Dispatcher->dispatch(OCA\User_SAML\Controller\SAMLController {}, "assertionConsumerService")
3. lib/private/Route/Router.php line 309
OC\AppFramework\App::main(
"OCA\\User_SAML\\Controller\\SAMLController",
"assertionConsumerService",
OC\AppFramework\DependencyInjection\DIContainer {},
{_route:"user_saml.SAML.assertionConsumerService"}
)
4. lib/base.php line 1008
OC\Route\Router->match("\/apps\/user_saml\/saml\/acs")
5. index.php line 37
OC::handleRequest(
)
Browser log
I'm pretty sure this is due to https://github.com/nextcloud/user_saml/blob/d9344081b773aca8faecb5f35122fdcb90bbb648/lib/UserData.php#L103 thinking the UID is a base64 encoded UUID but it not actually being one. This nonstandard behavior should really be behind a setting.