New users stucks at password create from welcome email

Server
#1

Hello!

Fresh OwnCloud onstallation (docker-compose mode)

  • Admin can login, can upload/download files
  • User with password set by admin can login, can upload/download files

Problems:
1. Users cannot set password from welcome email (Your ownCloud account was created). After opening link from email, in “Set new password” form, after pressing “set password” button it changes to spinning balls and hang in this state forever.
Different browsers, different plaforms (PC, android) - same result

Clip2net_220808143240
Clip2net_220808143240457×525 11.5 KB

Looks like Owncloud server is not recieving new password from this form

  • Email “Password changed successfully” is not sent
  • User cannot login with new password

Looks like password change form not send any data to owncloud server at all, or truying to send it somewhere else

2. In “I forget my password” form ( request password changeform itself works fine, the mail is sent successfully), after pressing “reset password” button form reloads with empty password fields and active “reset password” button
Owncloud itself did not recieving new password from this form
Email “Password changed successfully” is not sent
User cannot login with new password
Looks like “reset password” form not send any data to owncloud server at all, but not hangs in eternal spin cicle, as in problem #1

Enviroment

  • Owncloud, docker-compose install, debian 10 VM, 4 cores 8 gb mem, 40 gb HDD
  • “Files” volume on external CIFS storage
  • NGINX reverse proxy for certificates and standard port usage

For the first look, its no any errors or unusual behavior in nginx logs

What i doing wrong?

Config.php

<?php
$CONFIG = array (
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/owncloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/owncloud/custom',
      'url' => '/custom',
      'writable' => true,
    ),
  ),
  'trusted_domains' =>
  array (
    0 => '192.168.xxx.xxx',
    1 => 'owncloud.mydomain.com',
  ),
  'datadirectory' => '/mnt/data/files',
  'dbtype' => 'mysql',
  'dbhost' => 'mariadb:3306',
  'dbname' => 'owncloud',
  'dbuser' => 'owncloud',
  'dbpassword' => 'owncloud',
  'dbtableprefix' => 'oc_',
  'log_type' => 'owncloud',
  'supportedDatabases' =>
  array (
    0 => 'sqlite',
    1 => 'mysql',
    2 => 'pgsql',
  ),
  'upgrade.disable-web' => true,
  'default_language' => 'en',
  'overwrite.cli.url' => 'https://owncloud.mydomain.com/',
  'overwritehost' => 'owncloud.mydomain.com',
  'htaccess.RewriteBase' => '/',
  'logfile' => '/mnt/data/files/owncloud.log',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'mysql.utf8mb4' => true,
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis',
    'port' => '6379',
  ),
  'passwordsalt' => '**DELETED**',
  'secret' => '**DELETED**',
  'version' => '10.10.0.3',
  'allow_user_to_change_mail_address' => '',
  'logtimezone' => 'UTC',
  'installed' => true,
  'instanceid' => '**DELETED**',
  'mail_domain' => 'mydomain.com',
  'mail_from_address' => 'sender',
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'mail.mydomain.com',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'sender@mydomain.com',
  'mail_smtppassword' => '**DELETED**',
);

NGINX config

server {
        listen                    443 ssl http2;
        server_name               owncloud.mydomain.com;

        access_log                /var/log/nginx/mydomain.com.OwnCloud.access.log;
        error_log                 /var/log/nginx/mydomain.com.OwnCloud.error.log error;


        location / {
            proxy_pass            http://192.168.xxx.xxx:8080;
        }
    ssl_certificate /etc/letsencrypt/live/owncloud.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/owncloud..mydomain.com/privkey.pem; # managed by Certbot

}

server {
    if ($host = owncloud.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen                    80;
        server_name               owncloud.mydomain.com;
    return 404; # managed by Certbot

}
#2

@JumpinJan Do you any see errors in the browser console? Also check errors in the NGINX logs.

#3

I’m having the same problem. Looking at js console, it is complaining about mixed content - http/https.

My overwrite.cli.url was set to http://owncloud.mydomain.net. This must have been done during docker based initialization – I have OWNCLOUD_DOMAIN just set to a hostname, e.g., owncloud.mydomain.net

I’ve updated the config to https but this might not be the only place this is stored. …still investigating.

#4

No, that doesn’t seem to be the problem. What I get now (in incognito window in chrome to avoid any plugins):

jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4 Refused to connect to 'http://owncloud.mydomain.net/setpassword/687205918548436817551/rich' because it violates the following Content Security Policy directive: "connect-src 'self'".

send @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
ajax @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
n.<computed> @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
onClickSetPassword @ setpassword.js?v=4a2e7523659472fab650e6a4ce9ee523:15
dispatch @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:3
r.handle @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:3
VM118:1 Uncaught SyntaxError: "undefined" is not valid JSON
    at JSON.parse (<anonymous>)
    at Object._onSetPasswordFail (setpassword.js?v=4a2e7523659472fab650e6a4ce9ee523:38:27)
    at Object.<anonymous> (setpassword.js?v=4a2e7523659472fab650e6a4ce9ee523:21:37)
    at j (jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:2:26925)
    at Object.fireWith [as rejectWith] (jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:2:27738)
    at x (jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4:11278)
    at XMLHttpRequest.<anonymous> (jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4:14740)
_onSetPasswordFail @ setpassword.js?v=4a2e7523659472fab650e6a4ce9ee523:38
(anonymous) @ setpassword.js?v=4a2e7523659472fab650e6a4ce9ee523:21
j @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:2
fireWith @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:2
x @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
(anonymous) @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
error (async)
send @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
ajax @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
n.<computed> @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:4
onClickSetPassword @ setpassword.js?v=4a2e7523659472fab650e6a4ce9ee523:15
dispatch @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:3
r.handle @ jquery.min.js?v=4a2e7523659472fab650e6a4ce9ee523:3
#5

For me, this was fix – I am using nginx as reverse proxy for ssl layer. Nginx needed this header set in addition to the others:

proxy_set_header X-Forwarded-Proto $scheme;

location / {
            proxy_pass http://localhost:9123;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            client_max_body_size 0;

            # Websocket
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
        }
#6

@rrauenza , you are lifesaver :smiling_face_with_three_hearts:
Thank you so much for a solution!
Yeah, it’s NGINX headers problem, and everything works right now