Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login via Webauth device dosent work #27079

Closed
son1c opened this issue May 23, 2021 · 9 comments
Closed

Login via Webauth device dosent work #27079

son1c opened this issue May 23, 2021 · 9 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug

Comments

@son1c
Copy link

son1c commented May 23, 2021

How to use GitHub

  • Please use the 👍 reaction to show that you are affected by the same issue.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Steps to reproduce

  1. Add a Webauth device to a user (a Yubikey)
  2. Logout
  3. Login with the Webauth device

Expected behaviour

After typing your username, push the button on yubikey when your browser asks for device and the login is complete

Actual behaviour

After typing your username, push the button on yubikey when your browser asks for device.
Then nothing happens.

Server configuration

Operating system:
Official Docker Image

Database:
Offical MariaDB Docker image

Nextcloud version: (see Nextcloud admin page)

21.0.2

Updated from an older Nextcloud/ownCloud or fresh install:

21.0.1

Logs

Browser log

[index] Error: Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing a query: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '9' for key 'PRIMARY' at <>

  1. /var/www/html/3rdparty/doctrine/dbal/src/Connection.php line 1728
    Doctrine\DBAL\Driver\API\MySQL\ExceptionConverter->convert(Doctrine\DBAL\Driver\PDO\Exception {}, Doctrine\DBAL\Query {})
  2. /var/www/html/3rdparty/doctrine/dbal/src/Connection.php line 1667
    Doctrine\DBAL\Connection->handleDriverException(Doctrine\DBAL\Driver\PDO\Exception {}, Doctrine\DBAL\Query {})
  3. /var/www/html/3rdparty/doctrine/dbal/src/Connection.php line 1146
    Doctrine\DBAL\Connection->convertExceptionDuringQuery(Doctrine\DBAL\Driver\PDO\Exception {}, "INSERT INTO `oc ... )", ["Yubikey 5 NFC" ... 9], [2,2,2,2,1])
  4. /var/www/html/lib/private/DB/Connection.php line 257
    Doctrine\DBAL\Connection->executeStatement("INSERT INTO `oc ... )", ["Yubikey 5 NFC" ... 9], [2,2,2,2,1])
  5. /var/www/html/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php line 213
    OC\DB\Connection->executeStatement("INSERT INTO `oc ... )", {dcValue1: "Yubi ... 9}, {dcValue1: 2,dcV ... 1})
  6. /var/www/html/lib/private/DB/QueryBuilder/QueryBuilder.php line 287
    Doctrine\DBAL\Query\QueryBuilder->execute()
  7. /var/www/html/lib/public/AppFramework/Db/QBMapper.php line 135
    OC\DB\QueryBuilder\QueryBuilder->execute()
  8. /var/www/html/lib/public/AppFramework/Db/QBMapper.php line 159
    OCP\AppFramework\Db\QBMapper->insert(OC\Authenticatio ... 9})
  9. /var/www/html/lib/private/Authentication/WebAuthn/CredentialRepository.php line 89
    OCP\AppFramework\Db\QBMapper->insertOrUpdate(OC\Authenticatio ... 9})
  10. /var/www/html/lib/private/Authentication/WebAuthn/CredentialRepository.php line 93
    OC\Authentication\WebAuthn\CredentialRepository->saveAndReturnCredentialSource(Webauthn\PublicKeyCredentialSource {}, "default")
  11. /var/www/html/3rdparty/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php line 206
    OC\Authentication\WebAuthn\CredentialRepository->saveCredentialSource(Webauthn\PublicKeyCredentialSource {})
  12. /var/www/html/lib/private/Authentication/WebAuthn/Manager.php line 235
    Webauthn\AuthenticatorAssertionResponseValidator->check(null, Webauthn\Authent ... {}, Webauthn\PublicK ... {}, GuzzleHttp\Psr7\ServerRequest {}, "son1c")
  13. /var/www/html/core/Controller/WebAuthnController.php line 107
    OC\Authentication\WebAuthn\Manager->finishAuthentication(Webauthn\PublicK ... {}, "{"id":"gdDVR ... }", "son1c")
  14. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 218
    OC\Core\Controller\WebAuthnController->finishAuthentication("{"id":"gdDVR ... }")
  15. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 127
    OC\AppFramework\Http\Dispatcher->executeController(OC\Core\Controller\WebAuthnController {}, "finishAuthentication")
  16. /var/www/html/lib/private/AppFramework/App.php line 157
    OC\AppFramework\Http\Dispatcher->dispatch(OC\Core\Controller\WebAuthnController {}, "finishAuthentication")
  17. /var/www/html/lib/private/Route/Router.php line 302
    OC\AppFramework\App::main("OC\Core\Contr ... r", "finishAuthentication", OC\AppFramework\ ... {}, {_route: "core.W ... "})
  18. /var/www/html/lib/base.php line 993
    OC\Route\Router->match("/login/webauthn/finish")
  19. /var/www/html/index.php line 37
    OC::handleRequest()

POST /login/webauthn/finish
from at 2021-05-23T14:38:34+00:00

The DB doesn't show me a duplicate entry in oc_webauth.

+----+---------------+
| id | name          |
+----+---------------+
|  9 | Yubikey 5 NFC |
+----+---------------+
@son1c son1c added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels May 23, 2021
@son1c son1c changed the title Wohin via Webauth device docent work Login via Webauth device dosent work May 23, 2021
@son1c son1c mentioned this issue May 23, 2021
Closed
@ArmanJakupovic
Copy link

ArmanJakupovic commented May 23, 2021
edited
Loading

I have the same issue with the same error message: Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing a query: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '2' for key 'PRIMARY'
Also, adding yubikey in firefox doesnt work, so far I've tried chrome-based browsers and they seem to work.

@osm-frasch
Copy link

osm-frasch commented May 23, 2021
edited
Loading

Nextcloud 21.0.2
PhP Version: 7.3.16
mysql Version: 10.4.12

As in the previous bug report, the problem also occurs with me. However, I can confirm this for Firefox and Chrome (current versions).

I have opened the console in Firefox and looked to see if I get any information there. I found the following when I have to tap the stick to confirm the login. Maybe this is some additional information:

HR POST https://
GOT AN ERROR WHILE SUBMITTING CHALLENGE!
Error: Request failed with status code 500
exports createError.js:16
exports settle.js:17
onreadystatechange xhr.js:62
exports xhr.js:37
exports xhr.js:13
exports dispatchRequest.js:52
promise callbacku.prototype.request Axios.js:61
e Axios.js:87
exports bind.js:9
completeAuthentication WebAuthnAuthenticationService.js:35
promise callbackauthenticate PasswordLessLoginForm.vue:98
VueJS 4
click LoginButton.vue:1
VueJS 3
PasswordLessLoginForm.vue:200

@son1c
Copy link
Author

son1c commented May 26, 2021

I tried a fresh test installation of 21.0.2 on a different hosting provider and I ran into the same issues.

@son1c son1c mentioned this issue May 29, 2021
Closed
@aryasenna
Copy link

Hi all, I think this is pretty much reproducible (how do we remove the triaging tag?)

BTW, The WebAuthn 2FA apps also encountered this bug and got it fixed here: nextcloud/twofactor_webauthn@5cc4547

Maybe @ChristophWurst could shed some light on this 21.0.2 regression? :)

This was referenced Jun 8, 2021
Closed
Closed
@shinenelson
Copy link

in case someone is looking for a pretty server-side stack-trace ( disclaimer : it is 800 lines )

stacktrace 
{
  "reqId": "5RToF49pqd23AmhsleeI",
  "level": 3,
  "time": "2021-06-08T19:48:42+00:00",
  "remoteAddr": "[REDACTED REMOTE ADDRESS]",
  "user": "--",
  "app": "index",
  "method": "POST",
  "url": "/login/webauthn/finish",
  "message": {
    "Exception": "Doctrine\\DBAL\\Exception\\UniqueConstraintViolationException",
    "Message": "An exception occurred while executing a query: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 1 for key PRIMARY",
    "Code": 1062,
    "Trace": [
      {
        "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php",
        "line": 1728,
        "function": "convert",
        "class": "Doctrine\\DBAL\\Driver\\API\\MySQL\\ExceptionConverter",
        "type": "->",
        "args": [
          {
            "__class__": "Doctrine\\DBAL\\Driver\\PDO\\Exception"
          },
          {
            "__class__": "Doctrine\\DBAL\\Query"
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php",
        "line": 1667,
        "function": "handleDriverException",
        "class": "Doctrine\\DBAL\\Connection",
        "type": "->",
        "args": [
          {
            "__class__": "Doctrine\\DBAL\\Driver\\PDO\\Exception"
          },
          {
            "__class__": "Doctrine\\DBAL\\Query"
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php",
        "line": 1146,
        "function": "convertExceptionDuringQuery",
        "class": "Doctrine\\DBAL\\Connection",
        "type": "->",
        "args": [
          {
            "__class__": "Doctrine\\DBAL\\Driver\\PDO\\Exception"
          },
          "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(?, ?, ?, ?, ?)",
          [
            "[REDACTED AUTHENTICATOR DEVICE NAME]",
            "[REDACTED USER NAME]",
            "[REDACTED PUBLIC KEY CREDENTIAL ID]",
            "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
            1
          ],
          [
            2,
            2,
            2,
            2,
            1
          ]
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/DB/Connection.php",
        "line": 257,
        "function": "executeStatement",
        "class": "Doctrine\\DBAL\\Connection",
        "type": "->",
        "args": [
          "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(?, ?, ?, ?, ?)",
          [
            "[REDACTED AUTHENTICATOR DEVICE NAME]",
            "[REDACTED USER NAME]",
            "[REDACTED PUBLIC KEY CREDENTIAL ID]",
            "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
            1
          ],
          [
            2,
            2,
            2,
            2,
            1
          ]
        ]
      },
      {
        "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php",
        "line": 213,
        "function": "executeStatement",
        "class": "OC\\DB\\Connection",
        "type": "->",
        "args": [
          "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(:dcValue1, :dcValue2, :dcValue3, :dcValue4, :dcValue5)",
          {
            "dcValue1": "[REDACTED AUTHENTICATOR DEVICE NAME]",
            "dcValue2": "[REDACTED USER NAME]",
            "dcValue3": "[REDACTED PUBLIC KEY CREDENTIAL ID]",
            "dcValue4": "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
            "dcValue5": 1
          },
          {
            "dcValue1": 2,
            "dcValue2": 2,
            "dcValue3": 2,
            "dcValue4": 2,
            "dcValue5": 1
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php",
        "line": 287,
        "function": "execute",
        "class": "Doctrine\\DBAL\\Query\\QueryBuilder",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/nextcloud/lib/public/AppFramework/Db/QBMapper.php",
        "line": 139,
        "function": "execute",
        "class": "OC\\DB\\QueryBuilder\\QueryBuilder",
        "type": "->",
        "args": []
      },
      {
        "file": "/var/www/nextcloud/lib/public/AppFramework/Db/QBMapper.php",
        "line": 164,
        "function": "insert",
        "class": "OCP\\AppFramework\\Db\\QBMapper",
        "type": "->",
        "args": [
          {
            "id": 1,
            "__class__": "OC\\Authentication\\WebAuthn\\Db\\PublicKeyCredentialEntity"
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/CredentialRepository.php",
        "line": 89,
        "function": "insertOrUpdate",
        "class": "OCP\\AppFramework\\Db\\QBMapper",
        "type": "->",
        "args": [
          {
            "id": 1,
            "__class__": "OC\\Authentication\\WebAuthn\\Db\\PublicKeyCredentialEntity"
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/CredentialRepository.php",
        "line": 93,
        "function": "saveAndReturnCredentialSource",
        "class": "OC\\Authentication\\WebAuthn\\CredentialRepository",
        "type": "->",
        "args": [
          {
            "__class__": "Webauthn\\PublicKeyCredentialSource"
          },
          "default"
        ]
      },
      {
        "file": "/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php",
        "line": 206,
        "function": "saveCredentialSource",
        "class": "OC\\Authentication\\WebAuthn\\CredentialRepository",
        "type": "->",
        "args": [
          {
            "__class__": "Webauthn\\PublicKeyCredentialSource"
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/Manager.php",
        "line": 235,
        "function": "check",
        "class": "Webauthn\\AuthenticatorAssertionResponseValidator",
        "type": "->",
        "args": [
          null,
          {
            "__class__": "Webauthn\\AuthenticatorAssertionResponse"
          },
          {
            "__class__": "Webauthn\\PublicKeyCredentialRequestOptions"
          },
          {
            "__class__": "GuzzleHttp\\Psr7\\ServerRequest"
          },
          "[REDACTED USER NAME]"
        ]
      },
      {
        "file": "/var/www/nextcloud/core/Controller/WebAuthnController.php",
        "line": 107,
        "function": "finishAuthentication",
        "class": "OC\\Authentication\\WebAuthn\\Manager",
        "type": "->",
        "args": [
          {
            "__class__": "Webauthn\\PublicKeyCredentialRequestOptions"
          },
          "{\"id\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"rawId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"response\":{\"authenticatorData\":\"[REDACTED AUTHENTICATOR DATA]\",\"clientDataJSON\":\"[REDACTED CLIENT DATA JSON]\",\"signature\":\"[REDACTED SIGNATURE]\",\"userHandle\":null}}",
          "[REDACTED USER NAME]"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 218,
        "function": "finishAuthentication",
        "class": "OC\\Core\\Controller\\WebAuthnController",
        "type": "->",
        "args": [
          "{\"id\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"rawId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"response\":{\"authenticatorData\":\"[REDACTED AUTHENTICATOR DATA]\",\"clientDataJSON\":\"[REDACTED CLIENT DATA JSON]\",\"signature\":\"[REDACTED SIGNATURE]\",\"userHandle\":null}}"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 127,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->",
        "args": [
          {
            "__class__": "OC\\Core\\Controller\\WebAuthnController"
          },
          "finishAuthentication"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
        "line": 157,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->",
        "args": [
          {
            "__class__": "OC\\Core\\Controller\\WebAuthnController"
          },
          "finishAuthentication"
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/private/Route/Router.php",
        "line": 302,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::",
        "args": [
          "OC\\Core\\Controller\\WebAuthnController",
          "finishAuthentication",
          {
            "__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer"
          },
          {
            "_route": "core.WebAuthn.finishAuthentication"
          }
        ]
      },
      {
        "file": "/var/www/nextcloud/lib/base.php",
        "line": 993,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->",
        "args": [
          "/login/webauthn/finish"
        ]
      },
      {
        "file": "/var/www/nextcloud/index.php",
        "line": 37,
        "function": "handleRequest",
        "class": "OC",
        "type": "::",
        "args": []
      }
    ],
    "File": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/API/MySQL/ExceptionConverter.php",
    "Line": 60,
    "Previous": {
      "Exception": "Doctrine\\DBAL\\Driver\\PDO\\Exception",
      "Message": "SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 1 for key PRIMARY",
      "Code": 1062,
      "Trace": [
        {
          "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php",
          "line": 84,
          "function": "new",
          "class": "Doctrine\\DBAL\\Driver\\PDO\\Exception",
          "type": "::",
          "args": [
            {
              "errorInfo": [
                "23000",
                1062,
                "Duplicate entry 1 for key PRIMARY"
              ],
              "__class__": "PDOException"
            }
          ]
        },
        {
          "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php",
          "line": 1136,
          "function": "execute",
          "class": "Doctrine\\DBAL\\Driver\\PDO\\Statement",
          "type": "->",
          "args": []
        },
        {
          "file": "/var/www/nextcloud/lib/private/DB/Connection.php",
          "line": 257,
          "function": "executeStatement",
          "class": "Doctrine\\DBAL\\Connection",
          "type": "->",
          "args": [
            "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(?, ?, ?, ?, ?)",
            [
              "[REDACTED AUTHENTICATOR DEVICE NAME]",
              "[REDACTED USER NAME]",
              "[REDACTED PUBLIC KEY CREDENTIAL ID]",
              "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
              1
            ],
            [
              2,
              2,
              2,
              2,
              1
            ]
          ]
        },
        {
          "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php",
          "line": 213,
          "function": "executeStatement",
          "class": "OC\\DB\\Connection",
          "type": "->",
          "args": [
            "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(:dcValue1, :dcValue2, :dcValue3, :dcValue4, :dcValue5)",
            {
              "dcValue1": "[REDACTED AUTHENTICATOR DEVICE NAME]",
              "dcValue2": "[REDACTED USER NAME]",
              "dcValue3": "[REDACTED PUBLIC KEY CREDENTIAL ID]",
              "dcValue4": "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
              "dcValue5": 1
            },
            {
              "dcValue1": 2,
              "dcValue2": 2,
              "dcValue3": 2,
              "dcValue4": 2,
              "dcValue5": 1
            }
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php",
          "line": 287,
          "function": "execute",
          "class": "Doctrine\\DBAL\\Query\\QueryBuilder",
          "type": "->",
          "args": []
        },
        {
          "file": "/var/www/nextcloud/lib/public/AppFramework/Db/QBMapper.php",
          "line": 139,
          "function": "execute",
          "class": "OC\\DB\\QueryBuilder\\QueryBuilder",
          "type": "->",
          "args": []
        },
        {
          "file": "/var/www/nextcloud/lib/public/AppFramework/Db/QBMapper.php",
          "line": 164,
          "function": "insert",
          "class": "OCP\\AppFramework\\Db\\QBMapper",
          "type": "->",
          "args": [
            {
              "id": 1,
              "__class__": "OC\\Authentication\\WebAuthn\\Db\\PublicKeyCredentialEntity"
            }
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/CredentialRepository.php",
          "line": 89,
          "function": "insertOrUpdate",
          "class": "OCP\\AppFramework\\Db\\QBMapper",
          "type": "->",
          "args": [
            {
              "id": 1,
              "__class__": "OC\\Authentication\\WebAuthn\\Db\\PublicKeyCredentialEntity"
            }
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/CredentialRepository.php",
          "line": 93,
          "function": "saveAndReturnCredentialSource",
          "class": "OC\\Authentication\\WebAuthn\\CredentialRepository",
          "type": "->",
          "args": [
            {
              "__class__": "Webauthn\\PublicKeyCredentialSource"
            },
            "default"
          ]
        },
        {
          "file": "/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php",
          "line": 206,
          "function": "saveCredentialSource",
          "class": "OC\\Authentication\\WebAuthn\\CredentialRepository",
          "type": "->",
          "args": [
            {
              "__class__": "Webauthn\\PublicKeyCredentialSource"
            }
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/Manager.php",
          "line": 235,
          "function": "check",
          "class": "Webauthn\\AuthenticatorAssertionResponseValidator",
          "type": "->",
          "args": [
            null,
            {
              "__class__": "Webauthn\\AuthenticatorAssertionResponse"
            },
            {
              "__class__": "Webauthn\\PublicKeyCredentialRequestOptions"
            },
            {
              "__class__": "GuzzleHttp\\Psr7\\ServerRequest"
            },
            "[REDACTED USER NAME]"
          ]
        },
        {
          "file": "/var/www/nextcloud/core/Controller/WebAuthnController.php",
          "line": 107,
          "function": "finishAuthentication",
          "class": "OC\\Authentication\\WebAuthn\\Manager",
          "type": "->",
          "args": [
            {
              "__class__": "Webauthn\\PublicKeyCredentialRequestOptions"
            },
            "{\"id\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"rawId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"response\":{\"authenticatorData\":\"[REDACTED AUTHENTICATOR DATA]\",\"clientDataJSON\":\"[REDACTED CLIENT DATA JSON]\",\"signature\":\"[REDACTED SIGNATURE]\",\"userHandle\":null}}",
            "[REDACTED USER NAME]"
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 218,
          "function": "finishAuthentication",
          "class": "OC\\Core\\Controller\\WebAuthnController",
          "type": "->",
          "args": [
            "{\"id\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"rawId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"response\":{\"authenticatorData\":\"[REDACTED AUTHENTICATOR DATA]\",\"clientDataJSON\":\"[REDACTED CLIENT DATA JSON]\",\"signature\":\"[REDACTED SIGNATURE]\",\"userHandle\":null}}"
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
          "line": 127,
          "function": "executeController",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->",
          "args": [
            {
              "__class__": "OC\\Core\\Controller\\WebAuthnController"
            },
            "finishAuthentication"
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
          "line": 157,
          "function": "dispatch",
          "class": "OC\\AppFramework\\Http\\Dispatcher",
          "type": "->",
          "args": [
            {
              "__class__": "OC\\Core\\Controller\\WebAuthnController"
            },
            "finishAuthentication"
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/private/Route/Router.php",
          "line": 302,
          "function": "main",
          "class": "OC\\AppFramework\\App",
          "type": "::",
          "args": [
            "OC\\Core\\Controller\\WebAuthnController",
            "finishAuthentication",
            {
              "__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer"
            },
            {
              "_route": "core.WebAuthn.finishAuthentication"
            }
          ]
        },
        {
          "file": "/var/www/nextcloud/lib/base.php",
          "line": 993,
          "function": "match",
          "class": "OC\\Route\\Router",
          "type": "->",
          "args": [
            "/login/webauthn/finish"
          ]
        },
        {
          "file": "/var/www/nextcloud/index.php",
          "line": 37,
          "function": "handleRequest",
          "class": "OC",
          "type": "::",
          "args": []
        }
      ],
      "File": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/PDO/Exception.php",
      "Line": 26,
      "Previous": {
        "Exception": "PDOException",
        "Message": "SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 1 for key PRIMARY",
        "Code": "23000",
        "Trace": [
          {
            "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php",
            "line": 82,
            "function": "execute",
            "class": "PDOStatement",
            "type": "->",
            "args": [
              null
            ]
          },
          {
            "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Connection.php",
            "line": 1136,
            "function": "execute",
            "class": "Doctrine\\DBAL\\Driver\\PDO\\Statement",
            "type": "->",
            "args": []
          },
          {
            "file": "/var/www/nextcloud/lib/private/DB/Connection.php",
            "line": 257,
            "function": "executeStatement",
            "class": "Doctrine\\DBAL\\Connection",
            "type": "->",
            "args": [
              "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(?, ?, ?, ?, ?)",
              [
                "[REDACTED AUTHENTICATOR DEVICE NAME]",
                "[REDACTED USER NAME]",
                "[REDACTED PUBLIC KEY CREDENTIAL ID]",
                "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
                1
              ],
              [
                2,
                2,
                2,
                2,
                1
              ]
            ]
          },
          {
            "file": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php",
            "line": 213,
            "function": "executeStatement",
            "class": "OC\\DB\\Connection",
            "type": "->",
            "args": [
              "INSERT INTO `oc_webauthn` (`name`, `uid`, `public_key_credential_id`, `data`, `id`) VALUES(:dcValue1, :dcValue2, :dcValue3, :dcValue4, :dcValue5)",
              {
                "dcValue1": "[REDACTED AUTHENTICATOR DEVICE NAME]",
                "dcValue2": "[REDACTED USER NAME]",
                "dcValue3": "[REDACTED PUBLIC KEY CREDENTIAL ID]",
                "dcValue4": "{\"publicKeyCredentialId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"transports\":[],\"attestationType\":\"none\",\"trustPath\":{\"type\":\"Webauthn\\\\TrustPath\\\\EmptyTrustPath\"},\"aaguid\":\"00000000-0000-0000-0000-000000000000\",\"credentialPublicKey\":\"[REDACTED CREDENTIAL PUBLIC KEY]\",\"userHandle\":\"[REDACTED USER HANDLE]\",\"counter\":66}",
                "dcValue5": 1
              },
              {
                "dcValue1": 2,
                "dcValue2": 2,
                "dcValue3": 2,
                "dcValue4": 2,
                "dcValue5": 1
              }
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php",
            "line": 287,
            "function": "execute",
            "class": "Doctrine\\DBAL\\Query\\QueryBuilder",
            "type": "->",
            "args": []
          },
          {
            "file": "/var/www/nextcloud/lib/public/AppFramework/Db/QBMapper.php",
            "line": 139,
            "function": "execute",
            "class": "OC\\DB\\QueryBuilder\\QueryBuilder",
            "type": "->",
            "args": []
          },
          {
            "file": "/var/www/nextcloud/lib/public/AppFramework/Db/QBMapper.php",
            "line": 164,
            "function": "insert",
            "class": "OCP\\AppFramework\\Db\\QBMapper",
            "type": "->",
            "args": [
              {
                "id": 1,
                "__class__": "OC\\Authentication\\WebAuthn\\Db\\PublicKeyCredentialEntity"
              }
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/CredentialRepository.php",
            "line": 89,
            "function": "insertOrUpdate",
            "class": "OCP\\AppFramework\\Db\\QBMapper",
            "type": "->",
            "args": [
              {
                "id": 1,
                "__class__": "OC\\Authentication\\WebAuthn\\Db\\PublicKeyCredentialEntity"
              }
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/CredentialRepository.php",
            "line": 93,
            "function": "saveAndReturnCredentialSource",
            "class": "OC\\Authentication\\WebAuthn\\CredentialRepository",
            "type": "->",
            "args": [
              {
                "__class__": "Webauthn\\PublicKeyCredentialSource"
              },
              "default"
            ]
          },
          {
            "file": "/var/www/nextcloud/3rdparty/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php",
            "line": 206,
            "function": "saveCredentialSource",
            "class": "OC\\Authentication\\WebAuthn\\CredentialRepository",
            "type": "->",
            "args": [
              {
                "__class__": "Webauthn\\PublicKeyCredentialSource"
              }
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/Authentication/WebAuthn/Manager.php",
            "line": 235,
            "function": "check",
            "class": "Webauthn\\AuthenticatorAssertionResponseValidator",
            "type": "->",
            "args": [
              null,
              {
                "__class__": "Webauthn\\AuthenticatorAssertionResponse"
              },
              {
                "__class__": "Webauthn\\PublicKeyCredentialRequestOptions"
              },
              {
                "__class__": "GuzzleHttp\\Psr7\\ServerRequest"
              },
              "[REDACTED USER NAME]"
            ]
          },
          {
            "file": "/var/www/nextcloud/core/Controller/WebAuthnController.php",
            "line": 107,
            "function": "finishAuthentication",
            "class": "OC\\Authentication\\WebAuthn\\Manager",
            "type": "->",
            "args": [
              {
                "__class__": "Webauthn\\PublicKeyCredentialRequestOptions"
              },
              "{\"id\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"rawId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"response\":{\"authenticatorData\":\"[REDACTED AUTHENTICATOR DATA]\",\"clientDataJSON\":\"[REDACTED CLIENT DATA JSON]\",\"signature\":\"[REDACTED SIGNATURE]\",\"userHandle\":null}}",
              "[REDACTED USER NAME]"
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 218,
            "function": "finishAuthentication",
            "class": "OC\\Core\\Controller\\WebAuthnController",
            "type": "->",
            "args": [
              "{\"id\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"type\":\"public-key\",\"rawId\":\"[REDACTED PUBLIC KEY CREDENTIAL ID]\",\"response\":{\"authenticatorData\":\"[REDACTED AUTHENTICATOR DATA]\",\"clientDataJSON\":\"[REDACTED CLIENT DATA JSON]\",\"signature\":\"[REDACTED SIGNATURE]\",\"userHandle\":null}}"
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
            "line": 127,
            "function": "executeController",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->",
            "args": [
              {
                "__class__": "OC\\Core\\Controller\\WebAuthnController"
              },
              "finishAuthentication"
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
            "line": 157,
            "function": "dispatch",
            "class": "OC\\AppFramework\\Http\\Dispatcher",
            "type": "->",
            "args": [
              {
                "__class__": "OC\\Core\\Controller\\WebAuthnController"
              },
              "finishAuthentication"
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/private/Route/Router.php",
            "line": 302,
            "function": "main",
            "class": "OC\\AppFramework\\App",
            "type": "::",
            "args": [
              "OC\\Core\\Controller\\WebAuthnController",
              "finishAuthentication",
              {
                "__class__": "OC\\AppFramework\\DependencyInjection\\DIContainer"
              },
              {
                "_route": "core.WebAuthn.finishAuthentication"
              }
            ]
          },
          {
            "file": "/var/www/nextcloud/lib/base.php",
            "line": 993,
            "function": "match",
            "class": "OC\\Route\\Router",
            "type": "->",
            "args": [
              "/login/webauthn/finish"
            ]
          },
          {
            "file": "/var/www/nextcloud/index.php",
            "line": 37,
            "function": "handleRequest",
            "class": "OC",
            "type": "::",
            "args": []
          }
        ],
        "File": "/var/www/nextcloud/3rdparty/doctrine/dbal/src/Driver/PDO/Statement.php",
        "Line": 82
      }
    },
    "CustomMessage": "--"
  },
  "userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0",
  "version": "21.0.2.1"
}

@dahoat
Copy link

dahoat commented Jun 16, 2021

Hello to everyone,

This is my first time responding to an issue, so sorry for the formatting and overall style.

I think the problem is linked to

server/lib/public/AppFramework/Db/QBMapper.php

Line 166 in 7917f4c

if ($ex->getReason() === Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {

Iff this is evaluated to true, the system tries to update instead of insert.
Iff this is evaluated to false, the exception we are seeing is rethrown.
My guess is that this is evaluted to false.

I tried to validate this on my (productive) Nextcloud server, however, I think I ran into some caching issue and my code changes were not executed. (I am not a PHP developer...)

Kind regards,
Daniel

@dahoat
Copy link

dahoat commented Jun 16, 2021
edited
Loading

A small update:
I am still no PHP developer, so no debugger -> print() for the win...

It is not a problem of the if inside the catch clause, but the wrong exception is thrown and therefore,

server/lib/public/AppFramework/Db/QBMapper.php

Line 165 in 7917f4c

} catch (Exception $ex) {
does not catch it. If I replace Exception with \Exception, the request to the server (upon login) does not terminate, but if I reload the page, I am logged in.

Update:
I noticed that the bug is not present in version 22 and managed to copy the code wrapping the exceptions, resulting in https://github.com/dahoat/Nextcloud_server/blob/f8add9d82fb13c6e188ee9c5460fd33d8770b8ad/lib/private/DB/QueryBuilder/QueryBuilder.php#L299-L303
I don't know whether this breaks other stuff, but the issue of failed password less FIDO2 login went away.

@zimmersi zimmersi mentioned this issue Jun 30, 2021
Merged
@asychev
Copy link

asychev commented Jul 4, 2021

Same issue for me

@szaimen
Copy link
Contributor

szaimen commented Jul 6, 2021

Lets track this in #27662

@szaimen szaimen closed this as completed Jul 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@son1c @shinenelson @aryasenna @ArmanJakupovic @dahoat @asychev @szaimen @osm-frasch