core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon owncloud

Syncing account files after app password is deleted from server

Open saw-jan opened this issue 1 year ago • 5 comments

Pre-submission Checks

  • [X] I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
  • [X] I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Describe the bug

Adding an account using the app-password. After deleting the app-password from the server, the client still syncs down the files from the server - how connection to server is being authorized even after the app-password has been deleted?

And after logout, when trying to login again with the deleted app-password, login fails (which is OK).

Expected behavior

?

Steps to reproduce the issue

  1. Create and copy an app password from the oC10 server
  2. Open desktop client
  3. Add the account with username and app-password
  4. Let the files sync
  5. Delete the app-password from the server
  6. Upload something in the server (client syncs down the uploaded files) :question:
  7. Logout and try to log in with deleted app-password (doesn't logs in :heavy_check_mark: )

Logs

ownCloud-client.log

Client version number

ownCloud 4.0.0.10732-rc1 93ec98 Libraries Qt 5.15.8, OpenSSL 1.1.1t 7 Feb 2023 Using virtual files plugin: suffix ubuntu-5.19.0-40-generic

Desktop environment (Linux only)

Ubuntu22.04

Server information

ownCloud 10.12.1 (stable)

saw-jan avatar Apr 24 '23 11:04 saw-jan

Reproducible with https://demo.owncloud.org. After restarting the client, syncing no longer works.

@TheOneRing I'd blame the server for this and wouldn't consider this a client problem. If they permit us access after the token was removed, it's on them to fix that.

fmoc avatar Apr 24 '23 16:04 fmoc

Yup, the session still seems to exist whereas the token was removed. I suppose the cookies issued for the token are not invalidated on the server side, hence it will continue to work for a while at least, but new sessions cannot be created. I suppose "Disconnect" is misleading wording in the server interface, but that's it.

fmoc avatar Apr 24 '23 16:04 fmoc

@fmoc Create the issue in server repo? or this is fine?

saw-jan avatar Apr 25 '23 03:04 saw-jan

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Oct 23 '23 01:10 github-actions[bot]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Apr 24 '24 01:04 github-actions[bot]

Duplicate of #30873?

iasdeoupxe avatar May 05 '24 14:05 iasdeoupxe

Probably yes!

saw-jan avatar May 06 '24 03:05 saw-jan

Closing in favor of #30873

saw-jan avatar May 06 '24 03:05 saw-jan