Always renew apppasswords on login

[rullzer]

Else you can end up that you renewed your password (LDAP for example).
But they still don't work because you did not use them before you logged
in.

[rullzer]

/backport to stable21

[juliusknorr]

Code makes sense, but still one failure:

1. Test\Authentication\Token\PublicKeyTokenProviderTest::testUpdatePasswordsNotRequired
   OC\Authentication\Token\PublicKeyTokenMapper::getTokenByUser('myUID'): array was not expected to be called.

/drone/src/lib/private/Authentication/Token/PublicKeyTokenProvider.php:418
/drone/src/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php:578

[faily-bot]

🤖 beep boop beep 🤖

Here are the logs for the failed build:

Status of 2122: failure

acceptance-header

• tests/acceptance/features/header.feature:33

Show full log

  Scenario: users from other groups are not seen in the contacts menu when autocompletion is restricted within the same group # /drone/src/tests/acceptance/features/header.feature:33
    Given I am logged in as the admin                                                                                         # LoginPageContext::iAmLoggedInAsTheAdmin()
    And I visit the settings page                                                                                             # SettingsMenuContext::iVisitTheSettingsPage()
    And I open the "Sharing" section of the "Administration" group                                                            # AppNavigationContext::iOpenTheSectionOf()
    And I enable restricting username autocompletion to groups                                                                # SettingsContext::iEnableRestrictingUsernameAutocompletionToGroups()
    And I see that username autocompletion is restricted to groups                                                            # SettingsContext::iSeeThatUsernameAutocompletionIsRestrictedToGroups()
    When I open the Contacts menu                                                                                             # ContactsMenuContext::iOpenTheContactsMenu()
    Then I see that the Contacts menu is shown                                                                                # ContactsMenuContext::iSeeThatTheContactsMenuIsShown()
    And I see that the contact "user0" in the Contacts menu is not shown                                                      # ContactsMenuContext::iSeeThatTheContactInTheContactsMenuIsNotShown()
      Failed asserting that true is false.
    And I see that the contact "admin" in the Contacts menu is not shown                                                      # ContactsMenuContext::iSeeThatTheContactInTheContactsMenuIsNotShown()

[zimmersi]

these changes breaking the webauthn login (not 2FA). NC 21.0.3 and NC 22
The login process itself is working though, but the users are constantly logged out after a short period of time. this affects not only the sessions in the browser, also all sync clients are logged out every few minutes, which makes it unusebale!

after reverting this changes in my NC 21.0.3, everything is working again as expected!

[akhil1508]

There was a major increase in the number of UPDATE queries of the form: UPDATE `authtoken` SET `password` = <redacted> ==' WHERE `id` = <redacted> due to the changes in this PR after updating from 20.0.12 to 21.0.7. To avoid this increase in load on the database, this PR's changes had to be reverted.

• Stats on day before reverting the changes(one hour time frame):
  

• Stats on day after reverting the changes(one hour time frame):
  

• We see a decrease after reverting the changes in:

  • Number of UPDATE queries
  • Number of open tables cache
  • Rate of questions
  • Network traffic
  • Thread activity

• On another smaller nextcloud instance with less than 10 active users, we had ~2k UPDATE queries every minute.

• This comment is related to the issue and was also the fix for our problem.

[nickvergessen]

#29682 should fix that
That being said, I'm not aware that 21 is impacted as the faulty other part is not there.

[akhil1508]

#29682 should fix that That being said, I'm not aware that 21 is impacted as the faulty other part is not there.

21 is indeed impacted with high database load. The above screenshots are from a 21.0.7 server.

[nickvergessen]

Maybe you can create a new issue then as the author of the PR is no longer with the project and therefore commenting on a ~1 year old PR is not the best way forward.