Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid Token page is not shown when creating a new user via mail with some configuration #32684

Closed
davitol opened this issue Sep 12, 2018 · 7 comments
Assignees
Labels
p2-high Escalation, on top of current planning, release blocker Type:Bug
Milestone

Comments

@davitol
Copy link
Contributor

davitol commented Sep 12, 2018

Following the steps written in this ticket: #32672

- Create `admin` user
- Create `user1` with `[email protected]`
- Received the email to set the password for `user1`. Now delete `user1`
- Create `user1` again with a different email address, lets say `[email protected]`
- Received the email for setting up the password.
- Now try to access the link from `[email protected]`, user sees that token is invalid. Correct behaviour.
- Try to access link from `[email protected]`, user sees password setting page, where new password can be set. Correct behaviour.

In the step Now try to access the link from [email protected], user sees that token is invalid. Correct behaviour. => The invalid token page is not shown and a blank page is shown

Note: the exception log is spotted in owncloud.log (Right behavior)

{"reqId":"V0zvSvmE2z2iWgsbLRTt","level":3,"time":"2018-09-12T11:27:52+00:00","remoteAddr":"172.18.0.1","user":"admin","app":"settings","method":"GET","url":"\/settings\/users\/setpassword\/form\/778541946200999515415\/diego","message":"Exception: {\"Exception\":\"OCP\\\\UserTokenMismatchException\",\"Message\":\"The token provided is invalid.\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/owncloud\\\/settings\\\/Controller\\\/UsersController.php(523): OC\\\\Settings\\\\Controller\\\\UsersController->checkPasswordSetToken('778541946200999...', 'diego')\\n#1 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(153): OC\\\\Settings\\\\Controller\\\\UsersController->setPasswordForm('778541946200999...', 'diego')\\n#2 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(85): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n#3 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(100): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n#4 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(46): OC\\\\AppFramework\\\\App::main('UsersController', 'setPasswordForm', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#5 \\\/var\\\/www\\\/owncloud\\\/lib\\\/private\\\/Route\\\/Router.php(342): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#6 \\\/var\\\/www\\\/owncloud\\\/lib\\\/base.php(909): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n#7 \\\/var\\\/www\\\/owncloud\\\/index.php(54): OC::handleRequest()\\n#8 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/settings\\\/Controller\\\/UsersController.php\",\"Line\":578}"}

@sharidas JFYI

@davitol davitol added this to the backlog milestone Sep 12, 2018
@davitol davitol changed the title Token invalid page is not shown when creating a new user via mail with some configuration Invalid Token page is not shown when creating a new user via mail with some configuration Sep 12, 2018
@davitol
Copy link
Contributor Author

davitol commented Sep 12, 2018

Some pals reported it worked fine in their oC instances using 10.0.10.RC2 tarball but it did not work for me

@ownclouders
Copy link
Contributor

GitMate.io thinks the contributor most likely able to help you is @PVince81.

Possibly related issues are #30853 (A log is shown when we create a regular user), #222 (Creating new users not possible), #739 (Can't create user), #18070 (Unable to create new user), and #32224 (Missing DisplayName when creating new user).

@PVince81
Copy link
Contributor

PVince81 commented Sep 12, 2018

At this step "Now try to access the link from [email protected], user sees that token is invalid. Correct behaviour." my browser page keeps loading, 100% CPU on Apache and I also see

{"reqId":"nEbbYz4gwl1IcfYYukm9","level":3,"time":"2018-09-12T16:03:56+00:00","remoteAddr":"127.0.0.1","user":"admin","app":"settings","method":"GET","url":"\/owncloudtest\/index.php\/settings\/users\/setpassword\/form\/488468357490152559649\/user1","message":"Exception: {\"Exception\":\"OCP\\\\UserTokenMismatchException\",\"Message\":\"The token provided is invalid.\",\"Code\":0,\"Trace\":\"
#0 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/settings\\\/Controller\\\/UsersController.php(523): OC\\\\Settings\\\\Controller\\\\UsersController->checkPasswordSetToken('488468357490152...', 'user1')\\n
#1 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(153): OC\\\\Settings\\\\Controller\\\\UsersController->setPasswordForm('488468357490152...', 'user1')\\n
#2 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(85): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n
#3 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/App.php(100): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\UsersController), 'setPasswordForm')\\n
#4 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(46): OC\\\\AppFramework\\\\App::main('UsersController', 'setPasswordForm', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n
#5 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/private\\\/Route\\\/Router.php(342): OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n
#6 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/lib\\\/base.php(909): OC\\\\Route\\\\Router->match('\\\/settings\\\/users...')\\n
#7 \\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/index.php(54): OC::handleRequest()\\n
#8 {main}\",\"File\":\"\\\/srv\\\/www\\\/htdocs\\\/owncloudtest\\\/settings\\\/Controller\\\/UsersController.php\",\"Line\":575}"}

There is likely some kind of infinite loop.

@PVince81 PVince81 modified the milestones: backlog, QA Sep 12, 2018
@PVince81
Copy link
Contributor

@sharidas please investigate. Let me know if you're not able to reproduce as I had a setup with that.

@PVince81 PVince81 added the p2-high Escalation, on top of current planning, release blocker label Sep 12, 2018
@sharidas
Copy link
Contributor

@PVince81 I am able to get the token invalid page, for the token which is invalid. Perhaps few more details would be helpful here to reproduce the setup.

@PVince81
Copy link
Contributor

Ok, this happens because both @davitol and I have the sentry app enabled.
It is iterating over all $exception->getPrevious() and from what I see getPrevious() is the same instance, so there's an infinite loop.

@PVince81
Copy link
Contributor

@sharidas please fix all the UserTokenException* to properly handle the $previous argument. Don't ever pass $this there as it would cause infinite loop.

While debugging through the catch blocks I noticed that in one location you have an if statement that checks getPrevious(), so you'll likely need to also adjust all handlers. Better grep for all locations then.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
p2-high Escalation, on top of current planning, release blocker Type:Bug
Projects
None yet
Development

No branches or pull requests

4 participants