Skip to content

Nextcloud FLOW login impossible

FIX the issue was in the haproxy module , fixed by

haproxy@50c788b6

thanks @unteem

Issue

As we know, nextcloud is moving from classic login to FLOW login in clients.

https://help.nextcloud.com/t/nextcloud-desktop-client-2-5-is-out-with-end-to-end-encryption-new-login-flow-and-much-more/41132

Currently this does not work when nextcloud app is used with libre.sh ( HAPROXY->Nginx->Nextcloud-fpm )

This means that you just cannot login with the linux client > 2.5

example https://dock.ekimia.fr user test pass testtest19

How to reproduce ?

  • Use the develop branch of libre.sh and nextcloud-compose
  • install the haproxy module
  • Provision the nextcloud app manually ( develop branch)
  • install linux client 2.5.1 and try to login
  • after the redirect you will just get a blank page

Logs

Log in nginx (web) :

172.19.0.3 - - [12/Jun/2019:12:17:57 +0000] "POST /login?redirect_url=/login/flow/grant%3FclientIdentifier%3D%26stateToken%3D0Cgi8SnPRxcncb3sbDtcEWEotsy1AnwDOgq3n9ZjcIYdvD4a7mGu6b5Tjifw1PCU HTTP/1.1" 303 0 "-" "Mozilla/5.0 (Linux) mirall/2.5.2git (Nextcloud)",

172.19.0.3 - - [12/Jun/2019:12:17:57 +0000] "GET /login/flow/grant?clientIdentifier=&stateToken=0Cgi8SnPRxcncb3sbDtcEWEotsy1AnwDOgq3n9ZjcIYdvD4a7mGu6b5Tjifw1PCU HTTP/1.1" 200 7468 "-" "Mozilla/5.0 (Linux) mirall/2.5.2git (Nextcloud)",

172.19.0.3 - - [12/Jun/2019:12:17:52 +0000] "GET /login HTTP/1.1" 200 9114 "-" "Mozilla/5.0 (Linux) mirall/2.5.2git (Nextcloud)"

in NC ( app)

10.0.241.4 - 12/Jun/2019:12:17:59 +0000 "POST /index.php" 303, 10.0.241.4 - 12/Jun/2019:12:17:52 +0000 "GET /index.php" 200, 10.0.241.4 - 12/Jun/2019:12:17:57 +0000 "POST /index.php" 303, 10.0.241.4 - 12/Jun/2019:12:17:57 +0000 "GET /index.php" 200, 10.0.241.4 - 12/Jun/2019:12:17:59 +0000 "GET /index.php" 302

On the client 2.5.2

[OCC::AccessManager::createRequest 2 "" "https://dock.ekimia.fr/status.php" has X-Request-ID "fd0e0377-370b-45ee-807b-66611c2fd6a1" [OCC::AbstractNetworkJob::start OCC::CheckServerJob created for "https://dock.ekimia.fr" + "status.php" "OCC::OwncloudSetupWizard" [OCC::CheckServerJob::finished No SSL session identifier / session ticket is used, this might impact sync performance negatively. [OCC::CheckServerJob::finished status.php returns: QJsonDocument({"edition":"","installed":true,"maintenance":false,"needsDbUpgrade":false,"productname":"Nextcloud","version":"15.0.4.0","versionstring":"15.0.4"}) QNetworkReply::NetworkError(NoError) Reply: QNetworkReplyHttpImpl(0x560151ad9910) [OCC::DetermineAuthTypeJob::start Determining auth type for QUrl("https://dock.ekimia.fr/remote.php/webdav/") [OCC::AccessManager::createRequest 2 "" "https://dock.ekimia.fr/remote.php/webdav/" has X-Request-ID "844ed18d-b8e9-4845-90b4-9c106b8b5b05" [OCC::AbstractNetworkJob::start OCC::SimpleNetworkJob created for "https://dock.ekimia.fr" + "" "OCC::Account" [OCC::AccessManager::createRequest 6 "PROPFIND" "https://dock.ekimia.fr/remote.php/webdav/" has X-Request-ID "0101c3d3-9fc1-4eb1-a2b0-08b1cce06444" [OCC::AbstractNetworkJob::start OCC::SimpleNetworkJob created for "https://dock.ekimia.fr" + "" "OCC::Account" [OCC::DetermineAuthTypeJob::checkBothDone Auth type for QUrl("https://dock.ekimia.fr/remote.php/webdav/") is 3 [OCC::WebViewPage::initializePage Url to auth at: "https://dock.ekimia.fr/index.php/login/flow"

Links

Flow login doc https://docs.nextcloud.com/server/15/developer_manual/client_apis/LoginFlow/index.html

a similar issue https://github.com/nextcloud/desktop/issues/279

Edited by Michel Memeteau