Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snappymail (nextcloud-app) forgets credentials after oidc-login #1728

Open
SoleroTG opened this issue Aug 28, 2024 Discussed in #1713 · 2 comments
Open

Snappymail (nextcloud-app) forgets credentials after oidc-login #1728

SoleroTG opened this issue Aug 28, 2024 Discussed in #1713 · 2 comments

Comments

@SoleroTG
Copy link

SoleroTG commented Aug 28, 2024
edited
Loading

Discussed in #1713

Originally posted by SoleroTG August 17, 2024
Description
As soon as I login in to nextcloud via an IdP instead of the internal nextcloud authentication stored email credentials to a mailbox vanish.

To Reproduce

  1. Login to nextcloud via nextcloud internal authentication.
  2. Store credentials at example.com/settings/user/additional
  3. Logout, login via nextcloud authentication and open snappymail → works
  4. Logout, login via IdP. → Snappymail asks for password.

Expected behavior
Snappymail remembers my credentials no matter how I log in.

Please complete the following information:

  • Browser: firefox 129
  • IMAP daemon: dovecot
  • PHP version: 8.2.2
  • SnappyMail Version: 2.37.3
  • Mode: nextcloud in docker
  • IdP: Authelia

In order to provide more logs I did the following:

  1. Log in without IdP and store credentials under /settings/user/additional
  2. Verify the credentials work by starting the SnappyMail-nextcloud-app → works
  3. Log out of nextcloud and login with IdP
  4. Start the SnappyMail-nextcloud-app

As before the login didn't work. I reproduced it with loglevel 4 and 7.

In loglevel 4

<snip>
[2024-08-24 09:04:00.268][61951ff1] IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(49): OC::handleRequest()
#14 {main}
[2024-08-24 09:04:00.272][61951ff1] Nextcloud[ERROR]: AuthError[102]

</snip>

Same log but in level 7:

<snip>
[2024-08-24 09:38:08.186][9f8f9ae8] [INFO]: [SM:2.37.2][IP:<IP>][PID:71][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/]
[2024-08-24 09:38:08.188][9f8f9ae8] Nextcloud[DEBUG]: integrated
[2024-08-24 09:38:08.190][9f8f9ae8] IMAP[INFO]: Start connection to "tcp://mda-dovecot:14300"
[2024-08-24 09:38:08.191][9f8f9ae8] IMAP[INFO]: Connect (success)
[2024-08-24 09:38:08.191][9f8f9ae8] IMAP[DEBUG]: 0.00075197219848633 (raw connection)
[2024-08-24 09:38:08.197][9f8f9ae8] IMAP[INFO]: < * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Debian) ready.\r\n
[2024-08-24 09:38:08.198][9f8f9ae8] IMAP[DEBUG]: 0.0077700614929199 (*)
[2024-08-24 09:38:08.198][9f8f9ae8] PLUGIN[INFO]: Hook: imap.before-login
[2024-08-24 09:38:08.198][9f8f9ae8] IMAP[INFO]: > TAG1 AUTHENTICATE PLAIN *******\r\n
[2024-08-24 09:38:10.207][9f8f9ae8] IMAP[INFO]: < TAG1 NO [AUTHENTICATIONFAILED] Authentication failed.\r\n
[2024-08-24 09:38:10.207][9f8f9ae8] IMAP[DEBUG]: 2.0089900493622 (TAG1)
[2024-08-24 09:38:10.208][9f8f9ae8] IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(49): OC::handleRequest()
#14 {main}
[2024-08-24 09:38:10.208][9f8f9ae8] IMAP[NOTICE]: MailSo\Imap\Exceptions\NegativeResponseException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(49): OC::handleRequest()
#14 {main}

Next MailSo\Imap\Exceptions\LoginBadCredentialsException: AUTHENTICATIONFAILED Authentication failed. in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/MailSo/Imap/ImapClient.php:232
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(459): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.37.2/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#4 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('*******', Object(SnappyMail\SensitiveString))
#5 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#6 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(232): OCA\SnappyMail\Controller\PageController->index()
#7 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(138): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#8 /var/www/html/lib/private/AppFramework/App.php(184): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#9 /var/www/html/lib/private/Route/Router.php(338): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#10 /var/www/html/lib/base.php(1053): OC\Route\Router->match('/apps/snappymai...')
#11 /var/www/html/index.php(49): OC::handleRequest()
#12 {main}
[2024-08-24 09:38:10.213][9f8f9ae8] Nextcloud[ERROR]: AuthError[102]
[2024-08-24 09:38:10.213][9f8f9ae8] PLUGIN[INFO]: Hook: filter.language
[2024-08-24 09:38:10.248][9f8f9ae8] [INFO]: Memory peak usage: 10MB
[2024-08-24 09:38:10.248][9f8f9ae8] [INFO]: Time delta: 2.0985910892487
[2024-08-24 09:38:10.249][9f8f9ae8] IMAP[INFO]: Disconnected from "tcp://mda-dovecot:14300" (success)
[2024-08-24 09:38:10.249][9f8f9ae8] IMAP[DEBUG]: 2.059406042099 (net session)
[2024-08-24 09:38:10.365][464b38ac] [INFO]: [SM:2.37.2][IP:<IP>][PID:62][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/?/AppData/0/3481095053236738/]
[2024-08-24 09:38:10.367][464b38ac] Nextcloud[DEBUG]: integrated
[2024-08-24 09:38:10.367][464b38ac] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-08-24 09:38:10.368][464b38ac] PLUGIN[INFO]: Hook: filter.language
[2024-08-24 09:38:10.368][464b38ac] PLUGIN[INFO]: Hook: filter.app-data
[2024-08-24 09:38:10.368][464b38ac] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-08-24 09:38:10.369][464b38ac] [INFO]: Memory peak usage: 8MB
[2024-08-24 09:38:10.369][464b38ac] [INFO]: Time delta: 0.039388179779053
[2024-08-24 09:38:10.839][ec227d7e] [INFO]: [SM:2.37.2][IP:<IP>][PID:1827][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/?/Plugins/0/User/5a2a69218199d20f8a577ebb45c69f37/]
[2024-08-24 09:38:10.841][ec227d7e] Nextcloud[DEBUG]: integrated
[2024-08-24 09:38:10.842][ec227d7e] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-08-24 09:38:10.844][ec227d7e] [INFO]: Memory peak usage: 10MB
[2024-08-24 09:38:10.844][ec227d7e] [INFO]: Time delta: 0.12370896339417
[2024-08-24 09:38:10.955][51229ca6] [INFO]: [SM:2.37.2][IP:<IP>][PID:60][Apache/2.4.61 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET http://cloud.example.com/apps/snappymail/?/Css/0/User/-/NextcloudV25+/-/1724492290898/Hash/-/Json/]
[2024-08-24 09:38:10.956][51229ca6] Nextcloud[DEBUG]: integrated
[2024-08-24 09:38:10.957][51229ca6] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-08-24 09:38:10.959][51229ca6] [INFO]: Memory peak usage: 10MB
[2024-08-24 09:38:10.959][51229ca6] [INFO]: Time delta: 0.042228937149048
</snip>

I tried to dig into the code, but my limited PHP skills didn't help much.
@SoleroTG
Copy link
Author

SoleroTG commented Aug 29, 2024
edited
Loading

I just validated that the behavior still exists in the current version 2.37.3 as nextcloud-app.

@phoenixtechnam
Copy link

phoenixtechnam commented Sep 14, 2024
edited
Loading

Hi, I can confirm as well that this problem still exists for OIDC-provioned users (using the oidc_login plugin).
I think the best way to go is to honor the credentials if set up in user settings and only try to use oauth2 when no credentials are saved.

I also deactivated "Attempt to automatically login with OIDC when active" in Snappymail Nextcloud settings, but it does not help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phoenixtechnam @SoleroTG