nextcloud-oidc-login icon indicating copy to clipboard operation
nextcloud-oidc-login copied to clipboard
verified publisher icon pulsejet

Problem with encryption keys for existing users

Open mandree95 opened this issue 4 years ago • 1 comments

Hey,

first of all thank you for this app. I ran into an issue activating oidc-login on an existing nextcloud instance with users that already existed before. These have the basic encryption module activated.

If the users log in via oidc, they get the message that the private key for the encryption app is wrong. Is the encryption app in general supported in combination with the oidc-login?

I found the following log entry (sanitized):

[encryption] Warning: OCP\Encryption\Exceptions\GenericEncryptionException: Bad Signature at <<closure>>

 0. /var/www/html/apps/encryption/lib/Crypto/Crypt.php line 480
    OCA\Encryption\Crypto\Crypt->checkSignature("*** sensitive parameters replaced ***")
 1. /var/www/html/apps/encryption/lib/Crypto/Crypt.php line 429
    OCA\Encryption\Crypto\Crypt->symmetricDecryptFileContent("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***", "AES-256-CTR", 0)
 2. /var/www/html/apps/encryption/lib/KeyManager.php line 404
    OCA\Encryption\Crypto\Crypt->decryptPrivateKey("*** sensitive parameters replaced ***")
 3. /var/www/html/apps/encryption/lib/Hooks/UserHooks.php line 183
    OCA\Encryption\KeyManager->init("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***")
 4. /var/www/html/lib/private/legacy/OC_Hook.php line 110
    OCA\Encryption\Hooks\UserHooks->login("*** sensitive parameters replaced ***")
 5. /var/www/html/lib/private/Server.php line 581
    OC_Hook::emit("OC_User", "post_login", "*** sensitive parameter replaced ***")
 6. <<closure>>
    OC\Server->OC\{closure}("*** sensitive parameters replaced ***")
 7. /var/www/html/lib/private/Hooks/EmitterTrait.php line 107
    call_user_func_array(Closure {}, ["*** sensitive  ... "])
 8. /var/www/html/lib/private/Hooks/PublicEmitter.php line 41
    OC\Hooks\BasicEmitter->emit("\\OC\\User", "postLogin", ["*** sensitive  ... "])
 9. /var/www/html/lib/private/User/Session.php line 412
    OC\Hooks\PublicEmitter->emit("\\OC\\User", "postLogin", ["*** sensitive  ... "])
10. /var/www/html/custom_apps/oidc_login/lib/Controller/LoginController.php line 386
    OC\User\Session->completeLogin("*** sensitive parameters replaced ***")
11. /var/www/html/custom_apps/oidc_login/lib/Controller/LoginController.php line 117
    OCA\OIDCLogin\Controller\LoginController->login("*** sensitive parameters replaced ***")
12. /var/www/html/custom_apps/oidc_login/lib/Controller/LoginController.php line 96
    OCA\OIDCLogin\Controller\LoginController->authSuccess("*** sensitive parameter replaced ***")
13. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 218
    OCA\OIDCLogin\Controller\LoginController->oidc()
14. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 127
    OC\AppFramework\Http\Dispatcher->executeController(OCA\OIDCLogin\Co ... {}, "oidc")
15. /var/www/html/lib/private/AppFramework/App.php line 157
    OC\AppFramework\Http\Dispatcher->dispatch(OCA\OIDCLogin\Co ... {}, "oidc")
16. /var/www/html/lib/private/Route/Router.php line 302
    OC\AppFramework\App::main("OCA\\OIDCLogin\ ... r", "oidc", OC\AppFramework\ ... {}, {_route: "oidc_login.login.oidc"})
17. /var/www/html/lib/base.php line 993
    OC\Route\Router->match("/apps/oidc_login/oidc")
18. /var/www/html/index.php line 37
    OC::handleRequest()

GET /apps/oidc_login/oidc?state=sanitized&session_state=sanitized
from sanitized by theuser at 2021-05-01T13:23:35+00:00

mandree95 avatar May 01 '21 13:05 mandree95

Is the encryption app in general supported in combination with the oidc-login?

I'm not aware of the internals of the encryption app, but assuming it uses the user's password in some way, the answer is no.

pulsejet avatar May 30 '21 22:05 pulsejet