Tokens can multiply like rabbits #28102

raid1 · 2021-07-21T22:20:52Z

This is a split of #27603

Expected behaviour

1 oc_authtoken per user+device

Actual behaviour

hundreds of oc_authtoken entries:
$ mysql mycloud -B -e "select count(*) from oc_authtoken where uid='andy'"
count(*)
167

After "DELETE * from oc_authtoken where uid=‘andy’"
the server responds quick again. But this is not a permanent solution. 157 new(!) entries were back the next day.
Here is just a short part of it:

Questions/Doubts

Where did all these extra DB lines come from?
Why do they reappear after a while

Server configuration

Operating system:
4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux

Web server:
Apache 2.4.38-3+deb10u4

Database:
mysql Ver 15.1 Distrib 10.3.27-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

PHP version:
PHP version (eg, 7.4): 2:7.3+69

Nextcloud version: (see Nextcloud admin page)
21.0.2.1

Updated from an older Nextcloud/ownCloud or fresh install:
latest v20

Where did you install Nextcloud from:
with the internal NC updater

Signing status:

Signing status

Login as admin user into your Nextcloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results here.

No errors have been found.

List of activated apps:

App list

Enabled:
  - accessibility: 1.7.0
  - activity: 2.14.3
  - admin_audit: 1.11.0
  - apporder: 0.12.0
  - audioplayer: 3.1.0
  - bbb: 1.4.1
  - bookmarks: 4.2.2
  - bruteforcesettings: 2.2.0
  - calendar: 2.2.2
  - carnet: 0.24.1
  - cloud_federation_api: 1.4.0
  - cms_pico: 1.0.15
  - comments: 1.11.0
  - contacts: 3.5.1
  - contactsinteraction: 1.2.0
  - dashboard: 7.1.0
  - data_request: 1.8.0
  - dav: 1.17.1
  - deck: 1.4.2
  - drawio: 1.0.0
  - federatedfilesharing: 1.11.0
  - federation: 1.11.0
  - files: 1.16.0
  - files_external: 1.12.0
  - files_markdown: 2.3.3
  - files_pdfviewer: 2.1.0
  - files_retention: 1.10.1
  - files_rightclick: 1.0.0
  - files_sharing: 1.13.1
  - files_trashbin: 1.11.0
  - files_versions: 1.14.0
  - files_videoplayer: 1.10.0
  - firstrunwizard: 2.10.0
  - forms: 2.2.4
  - gpxmotion: 0.1.0
  - gpxpod: 4.2.8
  - impersonate: 1.8.0
  - integration_google: 1.0.2
  - integration_whiteboard: 0.0.14
  - integration_zammad: 1.0.1
  - keeweb: 0.6.5
  - logreader: 2.6.0
  - lookup_server_connector: 1.9.0
  - mail: 1.9.5
  - nextcloud_announcements: 1.10.0
  - notes: 4.0.4
  - notifications: 2.9.0
  - oauth2: 1.9.0
  - openhab: 0.9.5
  - password_policy: 1.11.0
  - photos: 1.3.0
  - privacy: 1.5.0
  - provisioning_api: 1.11.0
  - rainloop: 7.1.2
  - recommendations: 1.0.0
  - serverinfo: 1.11.0
  - settings: 1.3.0
  - sharebymail: 1.11.0
  - socialsharing_email: 2.2.0
  - spreed: 11.2.2
  - support: 1.4.0
  - survey_client: 1.9.0
  - systemtags: 1.11.0
  - tasks: 0.13.6
  - text: 3.2.0
  - theming: 1.12.0
  - twofactor_backupcodes: 1.10.0
  - updatenotification: 1.11.0
  - user_status: 1.1.1
  - user_usage_report: 1.5.0
  - viewer: 1.5.0
  - weather_status: 1.1.0
  - workflowengine: 2.3.0
Disabled:
  - encryption
  - passwords
  - user_ldap

Nextcloud configuration:

Config report

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "21.0.2.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": 2,
        "theme": "",
        "trusted_domains": [
            "cloud.mydomain.de",
        ],
        "share_folder": "\/Shared",
        "defaultapp": "calendar",
        "trashbin_retention_obligation": "auto, 14",
        "versions_retention_obligation": "auto, 14",
        "default_language": "en",
        "default_phone_region": "DE",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "updater.release.channel": "stable",
        "overwrite.cli.url": "https:\/\/cloud.mydomain.de",
        "blacklisted_files": [
            "._*",
            ".DS_Store",
            ".DS_STORE",
            ".ds_store"
        ],
        "integrity.check.disabled": false,
        "mysql.utf8mb4": true,
        "mail_smtpauthtype": "LOGIN",
        "mail_sendmailmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "mail_smtpauth": 1,
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "apporder",
            "calendar",
            "bookmarks"
        ],
        "has_rebuilt_cache": true,
        "encryption.legacy_format_support": false,
        "encryption.key_storage_migrated": false
    }
}

Are you using external storage, if yes which one: local/smb/sftp/...
No

Are you using encryption: yes/no
No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

Client configuration

irrelevant

Logs

Web server error log

(only irrelevant lines like:)
[Tue Jun 22 16:57:47.274268 2021] [access_compat:error] [pid 32647] [client 62.216.xx.yy:64788] AH01797: client denied by server configuration: /var/www/nextcloud/config

Nextcloud log (data/nextcloud.log)

Nextcloud log

{"reqId":"YNIMvrdbUoVOcoItzNhK1QAAAAw","level":3,"time":"2021-06-22T16:15:59+00:00","remoteAddr":"138.246.3.189","user":"andy","app":"PHP","method":"PROPFIND","url":"/remote.php/dav/files/andy/","message":"Module 'mbstring' already loaded at Unknown#0","userAgent":"Mozilla/5.0 (Linux) mirall/3.2.2-20210531.142805.04afaa1fe-1.0~focal1 (Nextcloud, ubuntu-5.4.0-74-generic ClientArchitecture: x86_64 OsArchitecture: x86_64)","version":"21.0.2.1"}

The output of your Nextcloud log in Admin > Logging:
Error PHP Module 'mbstring' already loaded at Unknown#0
(shows up every time when I call curl)

The text was updated successfully, but these errors were encountered:

kesselb · 2021-07-22T21:45:08Z

Duplicate of #27603.

raid1 · 2021-07-23T13:44:31Z

No, this is NOT a duplicate.
I was asked to split this issue in two issues:

tokens multiply
too many tokens slow NC down

rfc2822 · 2021-09-28T08:50:10Z

Yes, this is not a duplicate.

I suggest to change the topic to: oc_authtoken table is quickly filled with hundreds of entries and not cleared

kesselb · 2021-09-28T09:09:43Z

Hey @rfc2822 👋

This issue and #27603 are related to each other. I prefer to keep one issue for now. We can always create another issue later.

raid1 added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Jul 21, 2021

raid1 mentioned this issue Jul 21, 2021

Add a button to delete more than one/all auth tokens #28103

Closed

kesselb closed this as completed Jul 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tokens can multiply like rabbits #28102

Tokens can multiply like rabbits #28102

raid1 commented Jul 21, 2021

kesselb commented Jul 22, 2021

raid1 commented Jul 23, 2021

rfc2822 commented Sep 28, 2021

kesselb commented Sep 28, 2021

Tokens can multiply like rabbits #28102

Tokens can multiply like rabbits #28102

Comments

raid1 commented Jul 21, 2021

Expected behaviour

Actual behaviour

Questions/Doubts

Server configuration

Client configuration

Logs

Web server error log

Nextcloud log (data/nextcloud.log)

kesselb commented Jul 22, 2021

raid1 commented Jul 23, 2021

rfc2822 commented Sep 28, 2021

kesselb commented Sep 28, 2021