Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: NC31 FIDO2/webauthn stopped working after update #51137

Open
5 of 8 tasks
davodego opened this issue Feb 28, 2025 · 1 comment
Open
5 of 8 tasks

[Bug]: NC31 FIDO2/webauthn stopped working after update #51137

davodego opened this issue Feb 28, 2025 · 1 comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 31-feedback bug feature: authentication high

Comments

@davodego
Copy link

davodego commented Feb 28, 2025
edited
Loading

⚠️ This issue respects the following points: ⚠️

Bug description

Since the update to NC 31.0.0.18, passwordless login with webauthn (FIDO2) no longer works for me.
I wanted to log in with my Yubikey, the login screen showed no reaction and the Yubikey did not flash either. I logged in with my password, deleted the configuration on the security page and tried to create the passwordless login with my Yubikey again. But that didn’t work.
An error message appears: “Error, the device could not be registered”. Regardless of whether the Yubiky is plugged into the USB port or not.

U2FA with security key is not affected. This works with a Yubikey.

Steps to reproduce

1.Go to Personal Settings > Security
2. Choose Login without Password > Click "Add Webauthn Device"
3. An error Message was Displayed "Error, the device could not be registered"

Expected behavior

The webauthn device is linked to the user's login for passwordless login.

Nextcloud Server version

31

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.3

Web server

Apache (supported)

Database engine version

PostgreSQL

Is this bug present after an update or on a fresh install?

Upgraded to a MAJOR version (ex. 31 to 32)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "xxxxx.xxxxx.xx",
            "127.0.0.1",
            "xxx.xxx.x.xx",
            "localhost"
        ],
        "allow_local_remote_servers": true,
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwritewebroot": "\/xxxxx",
        "overwrite protocol": "https",
        "overwrite.cli.url": "https:\/\/xxxx.xxxx.xx\/xxxx",
        "dbtype": "pgsql",
        "version": "31.0.0.18",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "app.mail.verify-tls-peer": false,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "sendmail",
        "mail_smtpauthtype": "LOGIN",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 0,
            "timeout": 1.5
        },
        "theme": "",
        "loglevel": 0,
        "twofactor_enforced": "false",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "mysql.utf8mb4": true,
        "clear_site_data": true,
        "mail_sendmailmode": "smtp",
        "updater.release.channel": "stable",
        "app_install_overwrite": [
            "ocr",
            "files_ebookreader",
            "epubreader",
            "dicomviewer",
            "mindmap_app",
            "fulltextsearch",
            "fulltextsearch_elasticsearch",
            "files_fulltextsearch",
            "files_fulltextsearch_tesseract",
            "riotchat",
            "ojsxc",
            "extract",
            "memories",
            "music",
            "files_rightclick",
            "metadata",
            "talk_matterbridge",
            "files_archive",
            "cfg_share_links",
            "files_mindmap",
            "tasks",
            "occweb",
            "radio",
            "files_antivirus",
            "side_menu",
            "duplicatefinder",
            "epubviewer",
            "maps",
            "electronicsignatures",
            "intros",
            "thesearchpage",
            "timemanager",
            "uppush"
        ],
        "preview_max_x": 2048,
        "preview_max_y": 2048,
        "jpeg_quality": 60,
        "default_phone_region": "DE",
        "enable_previews": true,
        "session_relaxed_expiry": true,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "memories.exiftool": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
        "memories.vod.path": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
        "maintenance_window_start": 100,
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 180",
        "activity_expire_days": 365,
        "memories.db.triggers.fcu": true,
        "data-fingerprint": "2f550edebc0aa062e8c84b74fddcb9bc",
        "auth.webauthn.enabled": true
    }
}

List of activated Apps

Enabled:
  - activity: 4.0.0
  - app_api: 5.0.2
  - assistant: 2.4.0
  - bruteforcesettings: 4.0.0
  - calendar: 5.1.2
  - cfg_share_links: 6.1.1
  - circles: 31.0.0-dev.0
  - cloud_federation_api: 1.14.0
  - contacts: 7.0.1
  - contactsinteraction: 1.12.0
  - context_chat: 4.1.0
  - dashboard: 7.11.0
  - dav: 1.33.0
  - deck: 1.15.0
  - dicomviewer: 2.3.0
  - drop_account: 2.7.1
  - eidlogin: 1.0.18
  - epubviewer: 1.7.2
  - extract: 1.3.6
  - federatedfilesharing: 1.21.0
  - federation: 1.21.0
  - files: 2.3.1
  - files_archive: 1.2.3
  - files_automatedtagging: 2.0.0
  - files_downloadlimit: 4.0.0
  - files_emailviewer: 0.1.4
  - files_external: 1.23.0
  - files_fulltextsearch: 30.0.0
  - files_fulltextsearch_tesseract: 27.0.0
  - files_mindmap: 0.0.33
  - files_pdfviewer: 4.0.0
  - files_reminders: 1.4.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - files_zip: 2.1.0
  - fileslibreofficeedit: 2.0.1
  - firstrunwizard: 4.0.0
  - flow_notifications: 2.0.0
  - fulltextsearch: 31.0.0
  - fulltextsearch_elasticsearch: 31.0.0
  - gpoddersync: 3.12.0
  - gpxpod: 7.0.4
  - intros: 1.0.2
  - libresign: 11.0.2
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - mail: 4.2.2
  - maps: 1.5.0
  - memories: 7.5.1
  - metadata: 0.21.0
  - nextcloud_announcements: 3.0.0
  - notes: 4.11.0
  - notifications: 4.0.0
  - notify_push: 1.0.0
  - oauth2: 1.19.1
  - occweb: 0.2.2
  - ownershiptransfer: 1.1.0
  - passwords: 2025.2.20
  - photos: 4.0.0-dev.1
  - polls: 7.3.2
  - previewgenerator: 5.8.0
  - privacy: 3.0.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - radio: 1.0.3
  - recommendations: 4.0.0
  - related_resources: 2.0.0
  - repod: 3.5.5
  - richdocuments: 8.6.2
  - riotchat: 0.18.7
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - sharebymail: 1.21.0
  - side_menu: 4.0.1
  - snowflakestheme: 1.1.3
  - spreed: 21.0.0
  - support: 3.0.0
  - survey_client: 3.0.0
  - systemtags: 1.21.1
  - talk_matterbridge: 1.31.1026000
  - tasks: 0.16.1
  - text: 5.0.0
  - theming: 2.6.1
  - thesearchpage: 1.2.8
  - timemanager: 0.3.17
  - twofactor_backupcodes: 1.20.0
  - twofactor_webauthn: 2.1.0
  - unroundedcorners: 1.1.4
  - updatenotification: 1.21.0
  - uppush: 2.2.5
  - user_status: 1.11.0
  - viewer: 4.0.0
  - weather_status: 1.11.0
  - webhook_listeners: 1.2.0
  - welcome: 1.2.1
  - workflow_ocr: 1.31.0
  - workflow_script: 2.0.0
  - workflowengine: 2.13.0
Disabled:
  - admin_audit: 1.21.0 (installed 1.8.0)
  - comments: 1.21.0 (installed 1.3.0)
  - encryption: 2.19.0
  - files_antivirus: 6.0.0 (installed 6.0.0)
  - files_rightclick: 0.15.1 (installed 0.15.1)
  - integration_openai: 3.4.0 (installed 3.4.0)
  - password_policy: 3.0.0 (installed 1.3.0)
  - snappymail: 2.38.2 (installed 2.38.2)
  - suspicious_login: 9.0.1
  - translate: 2.2.0 (installed 2.2.0)
  - twofactor_nextcloud_notification: 5.0.0 (installed 5.0.0)
  - twofactor_totp: 13.0.0-dev.0 (installed 13.0.0-dev.0)
  - user_ldap: 1.22.0

Nextcloud Signing status

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.

Results
=======
- files_mindmap
	- EXCEPTION
		- OC\IntegrityCheck\Exceptions\InvalidSignatureException
		- Certificate is not valid.

Raw output
==========
Array
(
    [files_mindmap] => Array
        (
            [EXCEPTION] => Array
                (
                    [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
                    [message] => Certificate is not valid.
                )

        )

)

Nextcloud Logs

{"reqId":"Z8FRoyF1TPO1rrGTsgZ1CgAAigE","level":0,"time":"2025-02-28T06:03:15+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":false,"app":"PHP","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"Creation of dynamic property OCA\\Extract\\AppInfo\\Application::$appName is deprecated at /var/www/nextcloud/apps/extract/lib/AppInfo/Application.php#35","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","version":"31.0.0.18","data":{"app":"PHP"}}
{"reqId":"Z8FRoyF1TPO1rrGTsgZ1CwAAjQg","level":0,"time":"2025-02-28T06:03:16+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":false,"app":"PHP","method":"GET","url":"/index.php/settings/api/personal/webauthn/registration","message":"Creation of dynamic property OCA\\Extract\\AppInfo\\Application::$appName is deprecated at /var/www/nextcloud/apps/extract/lib/AppInfo/Application.php#35","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","version":"31.0.0.18","data":{"app":"PHP"}}
{"reqId":"Z8FRoyF1TPO1rrGTsgZ1CwAAjQg","level":0,"time":"2025-02-28T06:03:16+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"me","app":"settings","method":"GET","url":"/index.php/settings/api/personal/webauthn/registration","message":"Starting WebAuthn registration","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","version":"31.0.0.18","data":{"app":"settings"}}

Additional info

Browser console error:
Starting WebAuthn registration AddDevice.vue:129
[DEBUG] settings: Fetching webauthn registration data
Object { app: "settings", uid: "daniel", level: 0 }

app: "settings"

level: 0

uid: "me"

: Object { … }
index.mjs:45:16
[DEBUG] settings: Start webauthn registration
Object { app: "settings", uid: "me", level: 0 }
app: "settings"
​level: 0
​uid: "me"

: Object { … }
index.mjs:45:16
[ERROR] settings: Unexpected TypeError "e is undefined"
Object { app: "settings", uid: "me", level: 0, error: TypeError }

app: "settings"
error: TypeError: e is undefined
level: 0
uid: "me"
@davodego davodego added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels Feb 28, 2025
@Bandie Bandie mentioned this issue Mar 2, 2025
Open
@ironicx
Copy link

ironicx commented Mar 5, 2025

I have the same symptom that device login via twofactor_webauthn app stopped working after nextcloud server upgrade from 30 to 31.

Extract from nextcloud log after yubikey registration attempt for 'Passwordless Authentication', which fails with GUI message 'Error: Could not register device':

{"reqId":"DEKMId5Pd4CDPEKsn8HJ","level":0,"time":"2025-03-05T21:19:22+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":"admin","app":"settings","method":"GET","url":"/index.php/settings/api/personal/webauthn/registration","message":"Starting WebAuthn registration","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","data":{"app":"settings"}}
{"reqId":"K3a1CuMra8W93BXLo2zD","level":0,"time":"2025-03-05T21:19:25+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":"admin","app":"core","method":"GET","url":"/index.php/settings/admin/logging","message":"The loading of lazy AppConfig values have been triggered by app \"core\"","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","exception":{"Exception":"RuntimeException","Message":"The loading of lazy AppConfig values have been triggered by app \"core\"","Code":0,"Trace":[{"file":"/srv/nextcloud/lib/private/AppConfig.php","line":442,"function":"loadConfig","class":"OC\\AppConfig","type":"->"},{"file":"/srv/nextcloud/lib/private/AppConfig.php","line":386,"function":"getTypedValue","class":"OC\\AppConfig","type":"->"},{"file":"/srv/nextcloud/apps/cloud_federation_api/lib/Capabilities.php","line":77,"function":"getValueBool","class":"OC\\AppConfig","type":"->"},{"file":"/srv/nextcloud/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OCA\\CloudFederationAPI\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/Template/JSConfigHelper.php","line":137,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/srv/nextcloud/lib/private/TemplateLayout.php","line":239,"function":"getConfig","class":"OC\\Template\\JSConfigHelper","type":"->"},{"file":"/srv/nextcloud/lib/private/legacy/OC_Template.php","line":120,"function":"__construct","class":"OC\\TemplateLayout","type":"->"},{"file":"/srv/nextcloud/lib/public/AppFramework/Http/TemplateResponse.php","line":189,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":159,"function":"render","class":"OCP\\AppFramework\\Http\\TemplateResponse","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/nextcloud/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/nextcloud/lib/base.php","line":1018,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/nextcloud/lib/private/AppConfig.php","Line":1208,"message":"The loading of lazy AppConfig values have been triggered by app \"core\"","exception":{},"CustomMessage":"The loading of lazy AppConfig values have been triggered by app \"core\""}}
{"reqId":"K3a1CuMra8W93BXLo2zD","level":0,"time":"2025-03-05T21:19:25+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":"admin","app":"no app in context","method":"GET","url":"/index.php/settings/admin/logging","message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","exception":{"Exception":"Exception","Message":"No parameters in call to OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder::orX","Code":0,"Trace":[{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1203,"function":"orX","class":"OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1121,"function":"leftJoinInitiator","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/CirclesQueryHelper.php","line":129,"function":"limitToInitiator","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":707,"function":"limitToInheritedMembers","class":"OCA\\Circles\\CirclesQueryHelper","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":949,"function":"getFoldersFromCircleMemberships","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":47,"function":"getFoldersForUser","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":41,"function":"hasFolders","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/Template/JSConfigHelper.php","line":137,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/srv/nextcloud/lib/private/TemplateLayout.php","line":239,"function":"getConfig","class":"OC\\Template\\JSConfigHelper","type":"->"},{"file":"/srv/nextcloud/lib/private/legacy/OC_Template.php","line":120,"function":"__construct","class":"OC\\TemplateLayout","type":"->"},{"file":"/srv/nextcloud/lib/public/AppFramework/Http/TemplateResponse.php","line":189,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":159,"function":"render","class":"OCP\\AppFramework\\Http\\TemplateResponse","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/nextcloud/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/nextcloud/lib/base.php","line":1018,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/nextcloud/lib/private/DB/QueryBuilder/ExpressionBuilder/ExpressionBuilder.php","Line":87,"message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","exception":{},"CustomMessage":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon."}}
{"reqId":"K3a1CuMra8W93BXLo2zD","level":0,"time":"2025-03-05T21:19:25+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":"admin","app":"no app in context","method":"GET","url":"/index.php/settings/admin/logging","message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","exception":{"Exception":"Exception","Message":"No parameters in call to OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder::orX","Code":0,"Trace":[{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1341,"function":"orX","class":"OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1122,"function":"limitInitiatorVisibility","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/CirclesQueryHelper.php","line":129,"function":"limitToInitiator","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":707,"function":"limitToInheritedMembers","class":"OCA\\Circles\\CirclesQueryHelper","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":949,"function":"getFoldersFromCircleMemberships","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":47,"function":"getFoldersForUser","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":41,"function":"hasFolders","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/Template/JSConfigHelper.php","line":137,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/srv/nextcloud/lib/private/TemplateLayout.php","line":239,"function":"getConfig","class":"OC\\Template\\JSConfigHelper","type":"->"},{"file":"/srv/nextcloud/lib/private/legacy/OC_Template.php","line":120,"function":"__construct","class":"OC\\TemplateLayout","type":"->"},{"file":"/srv/nextcloud/lib/public/AppFramework/Http/TemplateResponse.php","line":189,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":159,"function":"render","class":"OCP\\AppFramework\\Http\\TemplateResponse","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/nextcloud/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/nextcloud/lib/base.php","line":1018,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/nextcloud/lib/private/DB/QueryBuilder/ExpressionBuilder/ExpressionBuilder.php","Line":87,"message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","exception":{},"CustomMessage":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon."}}
{"reqId":"K3a1CuMra8W93BXLo2zD","level":0,"time":"2025-03-05T21:19:25+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":"admin","app":"no app in context","method":"GET","url":"/index.php/settings/admin/logging","message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::andX without parameters is deprecated and will throw soon.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","exception":{"Exception":"Exception","Message":"No parameters in call to OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder::andX","Code":0,"Trace":[{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1354,"function":"andX","class":"OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1122,"function":"limitInitiatorVisibility","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/CirclesQueryHelper.php","line":129,"function":"limitToInitiator","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":707,"function":"limitToInheritedMembers","class":"OCA\\Circles\\CirclesQueryHelper","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":949,"function":"getFoldersFromCircleMemberships","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":47,"function":"getFoldersForUser","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":41,"function":"hasFolders","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/Template/JSConfigHelper.php","line":137,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/srv/nextcloud/lib/private/TemplateLayout.php","line":239,"function":"getConfig","class":"OC\\Template\\JSConfigHelper","type":"->"},{"file":"/srv/nextcloud/lib/private/legacy/OC_Template.php","line":120,"function":"__construct","class":"OC\\TemplateLayout","type":"->"},{"file":"/srv/nextcloud/lib/public/AppFramework/Http/TemplateResponse.php","line":189,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":159,"function":"render","class":"OCP\\AppFramework\\Http\\TemplateResponse","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/nextcloud/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/nextcloud/lib/base.php","line":1018,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/nextcloud/lib/private/DB/QueryBuilder/ExpressionBuilder/ExpressionBuilder.php","Line":66,"message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::andX without parameters is deprecated and will throw soon.","exception":{},"CustomMessage":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::andX without parameters is deprecated and will throw soon."}}
{"reqId":"K3a1CuMra8W93BXLo2zD","level":0,"time":"2025-03-05T21:19:25+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":"admin","app":"no app in context","method":"GET","url":"/index.php/settings/admin/logging","message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","exception":{"Exception":"Exception","Message":"No parameters in call to OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder::orX","Code":0,"Trace":[{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1355,"function":"orX","class":"OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/Db/CoreQueryBuilder.php","line":1122,"function":"limitInitiatorVisibility","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/circles/lib/CirclesQueryHelper.php","line":129,"function":"limitToInitiator","class":"OCA\\Circles\\Db\\CoreQueryBuilder","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":707,"function":"limitToInheritedMembers","class":"OCA\\Circles\\CirclesQueryHelper","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/Folder/FolderManager.php","line":949,"function":"getFoldersFromCircleMemberships","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":47,"function":"getFoldersForUser","class":"OCA\\GroupFolders\\Folder\\FolderManager","type":"->"},{"file":"/srv/nextcloud/apps/groupfolders/lib/AppInfo/Capabilities.php","line":41,"function":"hasFolders","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/CapabilitiesManager.php","line":61,"function":"getCapabilities","class":"OCA\\GroupFolders\\AppInfo\\Capabilities","type":"->"},{"file":"/srv/nextcloud/lib/private/Template/JSConfigHelper.php","line":137,"function":"getCapabilities","class":"OC\\CapabilitiesManager","type":"->"},{"file":"/srv/nextcloud/lib/private/TemplateLayout.php","line":239,"function":"getConfig","class":"OC\\Template\\JSConfigHelper","type":"->"},{"file":"/srv/nextcloud/lib/private/legacy/OC_Template.php","line":120,"function":"__construct","class":"OC\\TemplateLayout","type":"->"},{"file":"/srv/nextcloud/lib/public/AppFramework/Http/TemplateResponse.php","line":189,"function":"fetchPage","class":"OC_Template","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":159,"function":"render","class":"OCP\\AppFramework\\Http\\TemplateResponse","type":"->"},{"file":"/srv/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/srv/nextcloud/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/srv/nextcloud/lib/base.php","line":1018,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/srv/nextcloud/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/srv/nextcloud/lib/private/DB/QueryBuilder/ExpressionBuilder/ExpressionBuilder.php","Line":87,"message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","exception":{},"CustomMessage":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon."}}

Extract from nextcloud log on debug level, after attempting device login:

{"reqId":"VQZAr91YN6r4d2j9x1No","level":0,"time":"2025-03-05T21:51:44+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":false,"app":"core","method":"POST","url":"/index.php/login/webauthn/start","message":"Starting WebAuthn login","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","data":{"app":"core"}}
{"reqId":"VQZAr91YN6r4d2j9x1No","level":0,"time":"2025-03-05T21:51:44+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":false,"app":"core","method":"POST","url":"/index.php/login/webauthn/start","message":"Converting login name to UID","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","data":{"app":"core"}}
{"reqId":"VQZAr91YN6r4d2j9x1No","level":0,"time":"2025-03-05T21:51:44+00:00","remoteAddr":"2a01:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx","user":false,"app":"core","method":"POST","url":"/index.php/login/webauthn/start","message":"Got UID: testuser","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0","version":"31.0.0.18","data":{"app":"core"}}

Note that the same yubikey can be registered as U2F security key and successfully used as second factor, but fails to be registered and used as WebAuthn device.

Server is running with Debian 12, PostgreSQL 15, Apache 2.4.62, PHP 8.2

App list:

Enabled:                                                                                                                                                                                                                          
  - activity: 4.0.0                                                                                                                                                                                                                        
  - admin_audit: 1.21.0                                                                                                                                                                                                                    
  - app_api: 5.0.2                                                                                                                                                                                                                         
  - bookmarks: 15.1.0                                                                                                                                                                                                                      
  - bruteforcesettings: 4.0.0                                                                                                                                                                                                              
  - calendar: 5.1.2                                                                                                                                                                                                                        
  - circles: 31.0.0-dev.0                                                                                                                                                                                                                  
  - cloud_federation_api: 1.14.0                                                                                                                                                                                                           
  - comments: 1.21.0                                                                                                                                                                                                                       
  - contacts: 7.0.3                                                                                                                                                                                                                        
  - contactsinteraction: 1.12.0
  - dashboard: 7.11.0
  - dav: 1.33.0
  - federatedfilesharing: 1.21.0
  - files: 2.3.1
  - files_downloadlimit: 4.0.0
  - files_pdfviewer: 4.0.0
  - files_reminders: 1.4.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - firstrunwizard: 4.0.0
  - groupfolders: 19.0.3
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - memories: 7.5.2
  - nextcloud_announcements: 3.0.0
  - notifications: 4.0.0
  - oauth2: 1.19.1
  - password_policy: 3.0.0
  - photos: 4.0.0-dev.1
  - privacy: 3.0.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - related_resources: 2.0.0
  - richdocuments: 8.6.2
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - sharebymail: 1.21.0
  - spreed: 21.0.0
  - suspicious_login: 9.0.1
  - systemtags: 1.21.1
  - tasks: 0.16.1
  - text: 5.0.0
  - theming: 2.6.1
  - twofactor_backupcodes: 1.20.0
  - twofactor_totp: 13.0.0-dev.0
  - twofactor_webauthn: 2.1.0
  - updatenotification: 1.21.0
  - user_status: 1.11.0
  - viewer: 4.0.0
  - weather_status: 1.11.0
  - webhook_listeners: 1.2.0
  - workflowengine: 2.13.0
Disabled:
  - encryption: 2.19.0
  - federation: 1.21.0 (installed 1.20.0)
  - files_external: 1.23.0
  - maps: 1.5.0 (installed 1.5.0)
  - recommendations: 4.0.0 (installed 3.0.0)
  - support: 3.0.0 (installed 2.0.0)
  - survey_client: 3.0.0 (installed 2.0.0)
  - twofactor_nextcloud_notification: 5.0.0
  - user_ldap: 1.22.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 31-feedback bug feature: authentication high
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joshtrichards @davodego @ironicx @szaimen