Webdav - Created user tokens for apps vanishing

Server
1

ownCloud 10.12.2 (stable)
PHP Version 7.4.33
Linux 5.15.0-67-generic Ubuntu x86_64
FPM/FastCGI
Redis Version 5.3.7
Filelocking - off
10.6.12-MariaDB-0ubuntu0.22.04.1 - Ubuntu 22.04

Webdav access from Win 10,11

System mostly delete maded user app token after 24 hour only for webdav access. Other tokens like for desktop client or android client stay untached.

But this not happend on my older server with ownCloud 10.8.0 (stable).

Why system can delete user app token? How can by possible?

List of activated apps:

Enabled:
  - activity:
    - Version: 2.7.1
    - Path: /var/www/clients/client1/web2/web/apps/activity
  - announcementcenter:
    - Version: 1.2.2
    - Path: /var/www/clients/client1/web2/web/apps/announcementcenter
  - comments:
    - Version: 0.3.0
    - Path: /var/www/clients/client1/web2/web/apps/comments
  - configreport:
    - Version: 0.2.1
    - Path: /var/www/clients/client1/web2/web/apps/configreport
  - customgroups:
    - Version: 0.7.1
    - Path: /var/www/clients/client1/web2/web/apps/customgroups
  - dav:
    - Version: 0.7.0
    - Path: /var/www/clients/client1/web2/web/apps/dav
  - extract:
    - Version: 1.2.4
    - Path: /var/www/clients/client1/web2/web/apps-external/extract
  - federatedfilesharing:
    - Version: 0.5.0
    - Path: /var/www/clients/client1/web2/web/apps/federatedfilesharing
  - federation:
    - Version: 0.1.0
    - Path: /var/www/clients/client1/web2/web/apps/federation
  - files:
    - Version: 1.5.2
    - Path: /var/www/clients/client1/web2/web/apps/files
  - files_clipboard:
    - Version: 1.0.3
    - Path: /var/www/clients/client1/web2/web/apps-external/files_clipboard
  - files_external:
    - Version: 0.9.0
    - Path: /var/www/clients/client1/web2/web/apps/files_external
  - files_mediaviewer:
    - Version: 1.0.5
    - Path: /var/www/clients/client1/web2/web/apps/files_mediaviewer
  - files_pdfviewer:
    - Version: 1.0.1
    - Path: /var/www/clients/client1/web2/web/apps/files_pdfviewer
  - files_sharing:
    - Version: 0.14.0
    - Path: /var/www/clients/client1/web2/web/apps/files_sharing
  - files_texteditor:
    - Version: 2.5.1
    - Path: /var/www/clients/client1/web2/web/apps-external/files_texteditor
  - files_textviewer:
    - Version: 1.0.3
    - Path: /var/www/clients/client1/web2/web/apps-external/files_textviewer
  - files_trashbin:
    - Version: 0.9.1
    - Path: /var/www/clients/client1/web2/web/apps/files_trashbin
  - files_versions:
    - Version: 1.3.0
    - Path: /var/www/clients/client1/web2/web/apps/files_versions
  - firstrunwizard:
    - Version: 1.2.0
    - Path: /var/www/clients/client1/web2/web/apps/firstrunwizard
  - groupalert:
    - Version: 1.1.5
    - Path: /var/www/clients/client1/web2/web/apps-external/groupalert
  - guests:
    - Version: 0.12.2
    - Path: /var/www/clients/client1/web2/web/apps-external/guests
  - impersonate:
    - Version: 0.5.2
    - Path: /var/www/clients/client1/web2/web/apps-external/impersonate
  - market:
    - Version: 0.7.0
    - Path: /var/www/clients/client1/web2/web/apps/market
  - notifications:
    - Version: 0.5.4
    - Path: /var/www/clients/client1/web2/web/apps/notifications
  - provisioning_api:
    - Version: 0.5.0
    - Path: /var/www/clients/client1/web2/web/apps/provisioning_api
  - sccuot_ng: (admin only)
    - Version: 1.1.0
    - Path: /var/www/clients/client1/web2/web/apps-external/sccuot_ng
  - systemtags:
    - Version: 0.3.0
    - Path: /var/www/clients/client1/web2/web/apps/systemtags
  - tasks:
    - Version: 0.9.7
    - Path: /var/www/clients/client1/web2/web/apps-external/tasks
  - templateeditor:
    - Version: 0.4.0
    - Path: /var/www/clients/client1/web2/web/apps/templateeditor
  - updatenotification:
    - Version: 0.2.1
    - Path: /var/www/clients/client1/web2/web/apps/updatenotification
  - user_external: - IMAP
    - Version: 0.6.0
    - Path: /var/www/clients/client1/web2/web/apps/user_external
Disabled:
  - encryption:
    - Path: /var/www/clients/client1/web2/web/apps/encryption
  - enterprise_key:
    - Path: /var/www/clients/client1/web2/web/apps/enterprise_key
  - external:
    - Path: /var/www/clients/client1/web2/web/apps/external
  - files_external_dropbox:
    - Path: /var/www/clients/client1/web2/web/apps-external/files_external_dropbox
  - files_external_s3:
    - Path: /var/www/clients/client1/web2/web/apps-external/files_external_s3
  - files_primary_s3:
    - Path: /var/www/clients/client1/web2/web/apps-external/files_primary_s3
  - objectstore:
    - Path: /var/www/clients/client1/web2/web/apps-external/objectstore
  - user_ldap:
    - Path: /var/www/clients/client1/web2/web/apps/user_ldap

ownCloud log (data/owncloud.log)

It only one type od record about token. Why invalid if used same login token as before.

{"reqId":"THs144l8dna8sz6StNrv","level":3,"time":"2023-07-31T08:09:53+00:00","remoteAddr":"85.163.235.10","user":"--","app":"OC\\User\\Session::validateToken","method":"PROPFIND","url":"\/remote.php\/webdav","message":"invalid credentials in token 8252e6bc3727ea47e075f8896036e851fe70bcba0ff33b0cdd37189b2400ae4e0d88c200a8680e19e46839aace12fc56dc480f0196a036378e30758a9b8ca7c8 with token id 15228"}
2

Hey,

maybe this is related to the following and not only affecting 2FA:

3

I not sure definitelly, can affect to tokens function ‘token_auth_enforced’ ? I’m remeberd I had this enabled too, so after digging I found same about 2FA everywhere, but. Can ‘token_auth_enforced’ remove token by time? I tought this funtion only force token for all client like thunderbird, desktop etc. And of course I thought this bug was too old to remain untouched

4

Hey,

if you had 2FA enabled then i think you could be still affected. I think it could be the best to discuss further with the ownCloud developers at the GitHub issue as i don’t think that the community users can give support for such problems. :frowning_face:

2 Likes