client icon indicating copy to clipboard operation
client copied to clipboard

Published 20 hours ago verified publisher icon owncloud

re-auth required with [keepassxc secret service]

Open mefromthepast opened this issue 3 years ago • 2 comments
trafficstars

Expected behaviour

The client should not simply invalidate oauth tokens, even if it receives a timeout or keepassxc is close; it should instead again try to use the token then when the db is reopened as an alternative.

Actual behaviour

Valid oauth tokens are trashed, browser windows / tab opens and re-authentication is required.

Steps to reproduce

  1. setup owncloud to use secretservice via keepassxc
  2. use owncloud
  3. at some point that I cannot exactly grasp (it does not always happen after data base is closed; I believe it happens regularly if keepassxc is not running before owncloud-client, keepassxc is closed, or after the computer returns from sleep), the oauth token is attempted to be trashed. However, 1. trashing valid oauth tokens should never be required in the first place and 2. this does not work automatically if saving the data base requires yubikey interaction. This is totally annoying.

Server configuration

owncloud enterprise, no further information available

Client configuration

Client version: 2.9.2 Operating system: archlinux OS language: en Qt version used by client package (Linux only, see also Settings dialog): - Client package (From ownCloud or distro) (Linux only): owncloud-client

Logs

Client logfile

[ info sync.credentials.manager ]:   get "ownCloud_credentials:[OWNCLOUD-SERVER]:[TOKEN]:http/oauthtoken"
[ debug gui.account.manager ]        [ OCC::AccountManager::saveAccount ]:   Saving account "https://[OWNCLOUD-SERVER]/"
[ info gui.account.manager ]:        Saving  0  unknown certs.
[ info gui.account.manager ]:        Saving cookies. "[HOME]/.config/ownCloud/cookies0.db"
[ debug sync.cookiejar ]     [ OCC::CookieJar::save ]:       "[HOME]/.config/ownCloud/cookies0.db"
[ debug gui.account.manager ]        [ OCC::AccountManager::saveAccount ]:   Saved account settings, status: QSettings::NoError
[ info sync.credentials.manager ]:   del "ownCloud_credentials:[OWNCLOUD-SERVER]:[TOKEN]:http/oauthtoken"
[ info gui.account.state ]:  AccountState state change:  "Disconnected" -> "Asking Credentials"
[ debug sync.database.sql ]  [ OCC::SqlQuery::bindValue ]:   SQL bind 1 3
[ debug sync.database.sql ]  [ OCC::SqlQuery::exec ]:        SQL exec "SELECT path FROM selectivesync WHERE type=?1"
[ warning sync.credentials.manager ]:        Failed to remove: "ownCloud_credentials:[OWNCLOUD-SERVER]:[TOKEN]:http/oauthtoken" "Timeout was reached"

mefromthepast avatar Dec 21 '21 17:12 mefromthepast

Research: Check whether qt-keychain tells us whether the backend is ready.

TheOneRing avatar Aug 31 '23 09:08 TheOneRing

Related: https://github.com/owncloud/client/blob/62306b02ee2d1229af56aaf70000a93ac6d7a724/src/libsync/creds/credentialmanager.cpp#L193-L202

TheOneRing avatar Oct 13 '23 13:10 TheOneRing