No password reset possible after deactivating server side encryption

help

#1

Please help us by providing the following info. Before posting please also check the pinned "Known issues" threads and make sure that you're running the latest available version for your oC release: https://owncloud.org/changelog/

Steps to reproduce
1. Enable Server Encryption
2. Create Users, upload files
3. Disable Server Encryption
4. Login and Logout with user A
5. Try to reset the password for user A (forget password mechanism)
6. Passwort reset Link is sent
7. Enter new Password, press button.

Expected behaviour
Password is reset after entering a new password.

Actual behaviour
Message: "Private Key missing for user: please try to log-out and log-in again"
The json response from the server has a http code of 200 and a content of
{"status":"error","msg":"Private Key missing for user: please try to log-out and log-in again"}
Despite this message, the password is actually reset. So you can login with this new password, but you can not access the files, that have been decrypted in the past. When logged in I alway the the message "Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files". As the user that resets his password does not know his old one, these files are lost?

Server configuration
Operating system: CentOS 7
Web server: Apache
Database: Maria db
PHP version: PHP 5.5.38
ownCloud version (see ownCloud admin page): 9.1.3
Updated from an older ownCloud or fresh install: update from 9.1.1
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): previously enabled Server side encryption

ownCloud log (data/owncloud.log)

Exception: {"Exception":"OCA\\Encryption\\Exceptions\\PrivateKeyMissingException","Message":"Private Key missing for user: please try to log-out and log-in again","Code":0,"Trace":"#0 \/var\/www\/html\/owncloud\/apps\/encryption\/lib\/Hooks\/UserHooks.php(230): OCA\\Encryption\\Session->getPrivateKey()\n#1 [internal function]: OCA\\Encryption\\Hooks\\UserHooks->setPassphrase(Array)\n#2 \/var\/www\/html\/owncloud\/lib\/private\/legacy\/hook.php(105): call_user_func(Array, Array)\n#3 \/var\/www\/html\/owncloud\/lib\/private\/Server.php(261): OC_Hook::emit('OC_User', 'post_setPasswor...', Array)\n#4 [internal function]: OC\\Server->OC\\{closure}(Object(OC\\User\\User), 'Yamsmos#0816', NULL)\n#5 \/var\/www\/html\/owncloud\/lib\/private\/Hooks\/EmitterTrait.php(98): call_user_func_array(Object(Closure), Array)\n#6 \/var\/www\/html\/owncloud\/lib\/private\/Hooks\/PublicEmitter.php(32): OC\\Hooks\\BasicEmitter->emit('\\\\OC\\\\User', 'postSetPassword', Array)\n#7 \/var\/www\/html\/owncloud\/lib\/private\/User\/User.php(236): OC\\Hooks\\PublicEmitter->emit('\\\\OC\\\\User', 'postSetPassword', Array)\n#8 \/var\/www\/html\/owncloud\/core\/Controller\/LostController.php(219): OC\\User\\User->setPassword('Yamsmos#0816')\n#9 [internal function]: OC\\Core\\Controller\\LostController->setPassword('VbaWND4zn9LXAwu...', 'lilli.heyer@war...', 'Yamsmos#0816', false)\n#10 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(159): call_user_func_array(Array, Array)\n#11 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(89): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OC\\Core\\Controller\\LostController), 'setPassword')\n#12 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/App.php(110): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OC\\Core\\Controller\\LostController), 'setPassword')\n#13 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(46): OC\\AppFramework\\App::main('LostController', 'setPassword', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#14 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#15 \/var\/www\/html\/owncloud\/lib\/private\/Route\/Router.php(280): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#16 \/var\/www\/html\/owncloud\/lib\/base.php(891): OC\\Route\\Router->match('\/lostpassword\/s...')\n#17 \/var\/www\/html\/owncloud\/index.php(39): OC::handleRequest()\n#18 {main}","File":"\/var\/www\/html\/owncloud\/apps\/encryption\/lib\/Session.php","Line":78}

Integrity status for oC9+

No errors have been found.

#2

Hi,

from the issue template you have filled out:

Before posting please snip make sure that you're running the latest available version for your oC release: https://owncloud.org/changelog/

In this case the current version is 9.1.3. It might also worth to test the RC of the upcoming 9.1.4 which shows some additional fixes to encryption:


#3

Thanks for your reply.

Although I did not found any hints for bugfixes in the encryption in the release notes between 9.1.1 and 9.1.3, I updated my installation. But the error remains the same.

As i have over 20 users on my owncloud installation, it would be nice if we find a solution for that.


#4

Now I deleted the files_encryption folder for a testuser, and the massage
Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files
does not appear after a password reset.

If we could find out why the message
Private Key missing for user: please try to log-out and log-in again
appears when pressing "reset password" we could mitigate this problem.

Are there any database preferences that could be changed? I did not fond anything helpful when searching in the db.


#5

See:

If that doesn't fix your issue report a new issue at https://github.com/owncloud/core/issues

Reports of such issues in here won't get noticed and are lost in the void.


#6

I found the Problem: The encryption plugin was still activated, although the encryption was deactivated. Deactivating the plugin solved my Problems.