Encryption problem after upgrade 10.0.2 to 10.0.3

CliffMitchell · October 1, 2017, 10:42pm

Steps to reproduce

Upgrade from 10.0.2 to 10.0.3
2.
3.

Expected behaviour

Tell us what should happen
Upgrade should complete successfully

Actual behaviour

Tell us what happens instead
Upgrade completes with missing CHANGELOG.md problem. I fixed this and everything now appears to work except for the Files app and this is reporting an error: Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files.

In Settings > Personal > Encryption I try updating the private key password but this hangs on ‘Saving...’
Files cannot be accessed.

Server configuration

Operating system: Ubuntu 16.04

Web server:
Apache2

Database: MariaDB

PHP version:
7.0.22-0ubuntu0.16.04.1

ownCloud version: (see ownCloud admin page)
10.0.3

Updated from an older ownCloud or fresh install:
Updated from 10.0.2
Where did you install ownCloud from:
Upgrade app
Signing status (ownCloud 9.0 and above):
No errors have been found.

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

anonymous/gist:d228cd6f133df9f3b3f269f7759f3cf1

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:
Enabled:
- activity: 2.3.6
- calendar: 1.5.4
- comments: 0.3.0
- configreport: 0.1.1
- contacts: 1.5.3
- dav: 0.3.0
- encryption: 1.3.0
- federatedfilesharing: 0.3.1
- federation: 0.1.0
- files: 1.5.1
- files_external: 0.7.1
- files_pdfviewer: 0.8.2
- files_sharing: 0.10.1
- files_texteditor: 2.2.1
- files_trashbin: 0.9.1
- files_versions: 1.3.0
- files_videoplayer: 0.9.8
- firstrunwizard: 1.1
- market: 0.2.2
- notifications: 0.3.1
- provisioning_api: 0.5.0
- qownnotesapi: 17.7.0
- systemtags: 0.3.0
- templateeditor: 0.1
- updatenotification: 0.2.1
Disabled:
- external
- files_antivirus
- theme-example
- user_external

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption: yes/no
Yes
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Last few entries:

{"reqId":"gmINmdwsLvwVOh6n5RQ2","level":2,"time":"2017-10-01T21:44:57+00:00","remoteAddr":"188.164.31.99","user":"cliff","app":"no app in context","method":"GET","url":"\/owncloud\/ocs\/v1.php\/cloud\/capabilities?format=json","message":"Could not decrypt the private key from user \"master_f2ad378b\"\" during login. Assume password change on the user back-end. Error message: Bad Signature"}
{"reqId":"EfzDYR4NrWkqjGt7mFbb","level":2,"time":"2017-10-01T21:44:58+00:00","remoteAddr":"188.164.31.99","user":"cliff","app":"no app in context","method":"GET","url":"\/owncloud\/ocs\/v1.php\/apps\/files_sharing\/api\/v1\/shares?path=&subfiles=true","message":"Could not decrypt the private key from user \"master_f2ad378b\"\" during login. Assume password change on the user back-end. Error message: Bad Signature"}
{"reqId":"iBi1kGR2zcGZnzLRupWw","level":2,"time":"2017-10-01T21:50:11+00:00","remoteAddr":"104.35.227.195","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"104.35.227.195\" tried to access using \"owncloud.16bit.co\" as host."}
{"reqId":"Mu8AfYOtuZjSPwlPFnA7","level":2,"time":"2017-10-01T22:00:01+00:00","remoteAddr":"188.164.31.99","user":"Jane","app":"no app in context","method":"POST","url":"\/owncloud\/index.php\/login","message":"Could not decrypt the private key from user \"master_f2ad378b\"\" during login. Assume password change on the user back-end. Error message: Bad Signature"}
{"reqId":"JmBgFuowT1l3T604R6os","level":4,"time":"2017-10-01T22:00:54+00:00","remoteAddr":"188.164.31.99","user":"Jane","app":"webdav","method":"GET","url":"\/owncloud\/remote.php\/webdav\/CWM-JAM%20SHARED\/TheCatMadeMeDoIt.pdf","message":"Exception: {\"Message\":\"HTTP\\/1.1 503 Encryption not ready: Private Key missing for user: please try to log-out and log-in again\",\"Exception\":\"Sabre\\DAV\\Exception\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\/var\\/www\\/owncloud\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/CorePlugin.php(85): OCA\\DAV\\Connector\\Sabre\\File->get()\n#1 [internal function]: Sabre\\DAV\\CorePlugin->httpGet(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#2 \\/var\\/www\\/owncloud\\/lib\\/composer\\/sabre\\/event\\/lib\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#3 \\/var\\/www\\/owncloud\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(479): Sabre\\Event\\EventEmitter->emit('method:GET', Array)\n#4 \\/var\\/www\\/owncloud\\/lib\\/composer\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(254): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#5 \\/var\\/www\\/owncloud\\/apps\\/dav\\/appinfo\\/v1\\/webdav.php(63): Sabre\\DAV\\Server->exec()\n#6 \\/var\\/www\\/owncloud\\/remote.php(165): require_once('\\/var\\/www\\/ownclo...')\n#7 {main}\",\"File\":\"\\/var\\/www\\/owncloud\\/apps\\/dav\\/lib\\/Connector\\/Sabre\\/File.php\",\"Line\":344,\"User\":\"Jane\"}"}
{"reqId":"zI9Az68NeVLR9rTae0qY","level":2,"time":"2017-10-01T22:01:10+00:00","remoteAddr":"188.164.31.99","user":"admin","app":"no app in context","method":"POST","url":"\/owncloud\/index.php\/login","message":"Could not decrypt the private key from user \"master_f2ad378b\"\" during login. Assume password change on the user back-end. Error message: Bad Signature"}
{"reqId":"FdC7Ony0tzoStnKMqdwC","level":2,"time":"2017-10-01T22:02:24+00:00","remoteAddr":"188.164.31.99","user":"cliff","app":"no app in context","method":"POST","url":"\/owncloud\/index.php\/login","message":"Could not decrypt the private key from user \"master_f2ad378b\"\" during login. Assume password change on the user back-end. Error message: Bad Signature"}
{"reqId":"IQchpu3NHMoi7fVc1Zld","level":2,"time":"2017-10-01T22:05:18+00:00","remoteAddr":"104.35.227.195","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"104.35.227.195\" tried to access using \"owncloud.16bit.co\" as host."}
{"reqId":"2kcA3Ga764LFjPl3pBZ9","level":2,"time":"2017-10-01T22:20:21+00:00","remoteAddr":"104.35.227.195","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"104.35.227.195\" tried to access using \"owncloud.16bit.co\" as host."}
{"reqId":"VbUVJkPNSWyCHpe6p7YM","level":2,"time":"2017-10-01T22:35:23+00:00","remoteAddr":"104.35.227.195","user":"--","app":"core","method":"POST","url":"\/owncloud\/index.php\/heartbeat","message":"Trusted domain error. \"104.35.227.195\" tried to access using \"owncloud.16bit.co\" as host."}

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

SiFTW · October 1, 2017, 11:59pm

To add when we try updating the private key password in the encryption app the browser console gives the following error:

jquery.js:8630 POST 
https://16bit.co/owncloud/index.php/apps/encryption/ajax/updatePrivateKeyPassword 
503 (Service Unavailable)
send @ jquery.js:8630
ajax @ jquery.js:8166
n.(anonymous function) @ jquery.js:8311
updatePrivateKeyPassword @ settings-personal.js?v=f72facb9xxxxxxxxxxx546de108:12
(anonymous) @ settings-personal.js?v=f72facbxxxxxxxxxxx4546de108:58
dispatch @ jquery.js:4435
r.handle @ jquery.js:4121
VM2873:1 Uncaught SyntaxError: Unexpected token < in JSON at position 0
at JSON.parse (<anonymous>)
at Object.<anonymous> (settings-personal.js?v=f72facbxxxxxxxxxxx4546de108:22)
at j (jquery.js:3099)
at Object.fireWith [as rejectWith] (jquery.js:3211)
at x (jquery.js:8266)
at XMLHttpRequest.<anonymous> (jquery.js:8605)

Does the 503 error for updatePrivateKeyPassword suggest it's looking in the wrong place for this function?

CliffMitchell · October 2, 2017, 11:01pm

We gave up and did a clean install!