Internal server error when using same password reset link again after successfull password reset #14146
Description
Steps to reproduce
- Create and open password reset link
- Reset your password successfully by entering a new password and clicking reset button
- Open same password reset link again
Expected behaviour
User sees error message "Couldn't reset password because the token is invalid"
Actual behaviour
User sees error message "Internal server error"
Server configuration detail
Operating system: centos-release-7-6 / Linux 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64
Webserver: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.24 (apache2handler)
Database: mysql 5.5.60
PHP version:
7.1.24
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, smbclient, apcu, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, gmp, iconv, igbinary, imagick, intl, json, ldap, exif, mcrypt, mysqli, PDO, pdo_mysql, pdo_sqlite, Phar, posix, redis, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, xml, wddx, xmlreader, xmlwriter, xsl, memcached, zip, libsmbclient, Zend OPcache
Nextcloud version: 15.0.4 - 15.0.4.0
Updated from an older Nextcloud/ownCloud or fresh install: Update from 15.0.2 updated from 14.0.4
Where did you install Nextcloud from: www.nextcloud.com
Signing status
Array
(
[activity] => Array
(
[INVALID_HASH] => Array
(
[l10n/de.js] => Array
(
[expected] => 448e722e336c2ed00d4179d8d33899024acb29b8ac5c251b1294881aa807fddbc6862abad16fb5dda12832cac3f450b5c023e54096e44c9013d464b608e5fe3c
[current] => d45e59cc06e771139a373d975311beeda2542d4d6fd6e075bef01a031dfc81c0fef8e827edb9ece62b07d88f45b7327bb79f2ea054634192af16c7b6465d6925
)
[l10n/de.json] => Array
(
[expected] => 95288ca49a52c0d4acb0a9006518783d1db6ec20311b607fd9cd39e8bba2c09ba3f3d0d1c7f882894db340ad2014d313e4397c25e64aec512b1ac2714b34665e
[current] => 46f2916e2c56d390da47bbd34aace8caf96db73cade92cc8eaec745476b2c43334c40212f631fa42dd380258aafee5e34cdddbefc7662bf178fa496e01019ecc
)
[l10n/de_DE.js] => Array
(
[expected] => 1078bf5f19e2d39d1aaf019a09680b9485340437f397dadbc974112911a1c0b6a70acb745280729f92164d49a3354fd1f5bf18e89a90b24e9bac3da8864cf72d
[current] => 12c11ff362c5573c8808c93685df0f006f23648ed35a35d0002ccb3a151c45e7dd794f486397e153c0a37ede79187b2830c6a7cd52c1fcc4e68b56c95d593f23
)
[l10n/de_DE.json] => Array
(
[expected] => e39985b92d8fb5cc976d01adbdd7ba53684d9ce8476b8893971f16b86114201574e721e902493a372915fe02651ebccbeb6fdffe83152d623cccc47a676dcaf0
[current] => ddf859cd70214e9a394316994aac8d811848b0cc286b1dce1a269518dea2166ca3c963042e99fd281d8b48a1b0ce4f6fae72625c032054a3d85ce99121a3bb7f
)
[lib/MailQueueHandler.php] => Array
(
[expected] => b48eaba3ea2e4180f689968a8f691de3e49ffbef3412f7ff492149193a3b573ac6b3223e53bffbb36b97eceaf0875a9e7c289c3a805192b35f6a8f76df4be07f
[current] => 463994b8367440500c74fa321ef6c7873f7e14d290fe451606ce18919079c2cee023ecb0988a9303155554fb85916c157f7585ab1dcdf7a28897a1c758bfa44d
)
)
)
[bruteforcesettings] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[calendar] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[circles] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[data_request] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[files_accesscontrol] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[files_antivirus] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[files_automatedtagging] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[files_markdown] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[files_retention] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[files_rightclick] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[groupfolders] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[impersonate] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[issuetemplate] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[polls] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[provisioning_api] => Array
(
[INVALID_HASH] => Array
(
[lib/Controller/UsersController.php] => Array
(
[expected] => 6713a95d8c06b376c6309a7b76f92ae8a5c2bc2df06386af6fb5f37b14b1088ff9741be4d46fe5ee87310a97983c4839a8ea0f70671bfb39ed079a6e89a32d3b
[current] => 2276d360f5cb95c8e74740260d69aacd886a3c7151cbbef4750761c9e67f7a1433ee83f73e43e5537bb8efa96bf6c592e38c9e595e0f3e1cf085639403208f88
)
)
)
[twofactor_admin] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[twofactor_totp] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[twofactor_u2f] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[workflow_pdf_converter] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[caniupdate] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Signature data not found.
)
)
[core] => Array
(
[INVALID_HASH] => Array
(
[core/Command/User/Add.php] => Array
(
[expected] => 412a181e3be31e98a1b7dd63d3b5a1fb29c7ed3c807a81683cb0dd82d3008c2a742b9efe479e288d52b70151e9684ce6d687a6ab7c7392db6d4522f888304f52
[current] => 65595dc7c92dadb7f4c3edbf9f887a0252d915a9c26106267f2a2eec570b733986cb55ad089177f525c705b18d482c401f0d184ab7a0917b837946a63e4c1d2e
)
[lib/private/Mail/EMailTemplate.php] => Array
(
[expected] => 0a1481022aaebdff6660a7c512cdb74dace170f107c7fa4ab504ce6b432ab9f553d4ff66e8910e1c20b6241f1cd8a9fa276cd0123be6486bc914d280d8a85c13
[current] => be3ac45102c12d68aed5914b5541168a9177e72345a2a0f72cae77791afb4d2def78b344b9b517a3cf75557be2bc88b27e0ee8bd40b8c57912db3939a9337f4b
)
[settings/Mailer/NewUserMailHelper.php] => Array
(
[expected] => ecfe82cbeff297563f3a58e3728a7a3e40cafff02afb1b0c1b2d9b62e031b01dec1f95f25c501aa5c75bbc5cebf7abdeafa9f6e585ac4955bfac8f88d2e0613e
[current] => c043eceb3c67140ea861dc014cc5a3a23bea32885f60dd95fa7a5277e607cf35e143737ca9b9aab4ebdfa66d2d9c3c394e05749b69d044d8b7149745b912efc3
)
)
[EXTRA_FILE] => Array
(
[lv-logo-mail.png] => Array
(
[expected] =>
[current] => f285cd23c68904c2089ef5332dbf7959ee383243f00b6e49a7204a884f96c26f10c4e28f5024bd23d2dafe10d823e4a97f54fd40e3e86ffd6d1a6995b885fa59
)
)
)
)
List of activated apps
Enabled:
- accessibility: 1.1.0
- activity: 2.8.2
- admin_audit: 1.5.0
- announcementcenter: 3.4.1
- audioplayer: 2.6.0
- bruteforcesettings: 1.3.0
- calendar: 1.6.4
- circles: 0.16.0
- cloud_federation_api: 0.1.0
- comments: 1.5.0
- contacts: 3.0.3
- data_request: 1.2.0
- dav: 1.8.1
- federatedfilesharing: 1.5.0
- federation: 1.5.0
- files: 1.10.0
- files_accesscontrol: 1.5.0
- files_antivirus: 2.0.0
- files_automatedtagging: 1.5.0
- files_downloadactivity: 1.4.0
- files_external: 1.6.0
- files_markdown: 2.0.5
- files_pdfviewer: 1.4.0
- files_retention: 1.4.0
- files_rightclick: 0.11.0
- files_sharing: 1.7.0
- files_texteditor: 2.7.0
- files_trashbin: 1.5.0
- files_versions: 1.8.0
- files_videoplayer: 1.4.0
- firstrunwizard: 2.4.0
- gallery: 18.2.0
- groupfolders: 2.0.2
- impersonate: 1.2.0
- issuetemplate: 0.5.0
- logreader: 2.0.0
- lookup_server_connector: 1.3.0
- nextcloud_announcements: 1.4.0
- notes: 2.5.1
- notifications: 2.3.0
- oauth2: 1.3.0
- password_policy: 1.5.0
- polls: 0.9.5
- provisioning_api: 1.5.0
- quota_warning: 1.4.0
- richdocuments: 3.2.0
- serverinfo: 1.5.0
- sharebymail: 1.5.0
- support: 1.0.0
- survey_client: 1.3.0
- systemtags: 1.5.0
- tasks: 0.9.8
- theming: 1.6.0
- twofactor_admin: 0.2.0
- twofactor_backupcodes: 1.4.1
- twofactor_totp: 2.1.0
- twofactor_u2f: 2.1.0
- updatenotification: 1.5.0
- workflow_pdf_converter: 1.0.1
- workflowengine: 1.5.0
Disabled:
- caniupdate
- encryption
- spreed
- user_ldap
Configuration (config/config.php)
{
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.***REMOVED SENSITIVE VALUE***.de"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"version": "15.0.4.0",
"dbtype": "mysql",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"dbtableprefix": "oc_",
"installed": true,
"default_language": "de_DE",
"default_locale": "de_DE",
"force_locale": "yes",
"defaultapp": "files",
"knowledgebaseenabled": true,
"enable_avatars": true,
"allow_user_to_change_display_name": true,
"remember_login_cookie_lifetime": 86400,
"session_lifetime": 7200,
"session_keepalive": true,
"token_auth_enforced": false,
"auth.bruteforce.protection.enabled": true,
"skeletondirectory": "\/var\/nextcloud-data\/skeleton",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpdebug": false,
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": 25,
"mail_smtptimeout": 10,
"mail_smtpsecure": "",
"mail_smtpauth": false,
"mail_smtpauthtype": "LOGIN",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"overwritehost": "",
"overwriteprotocol": "",
"overwritewebroot": "",
"overwritecondaddr": "",
"overwrite.cli.url": "https:\/\/nextcloud.***REMOVED SENSITIVE VALUE***.de\/nextcloud",
"htaccess.RewriteBase": "\/nextcloud",
"trashbin_retention_obligation": "auto",
"versions_retention_obligation": "auto",
"appcodechecker": true,
"updatechecker": true,
"updater.server.url": "https:\/\/updates.nextcloud.com\/updater_server\/",
"has_internet_connection": true,
"check_for_working_webdav": true,
"check_for_working_wellknown_setup": true,
"check_for_working_htaccess": true,
"config_is_read_only": false,
"log_type": "owncloud",
"logfile": "\/var\/nextcloud-data\/log\/nextcloud.log",
"loglevel": 0,
"syslog_tag": "Nextcloud",
"logdateformat": "F d, Y H:i:s",
"logtimezone": "Europe\/Berlin",
"log_query": false,
"cron_log": true,
"log_rotate_size": false,
"customclient_desktop": "https:\/\/nextcloud.com\/install\/",
"customclient_android": "https:\/\/play.google.com\/store\/apps\/details?id=com.nextcloud.client",
"customclient_ios": "https:\/\/itunes.apple.com\/us\/app\/nextcloud\/id1125420102?mt=8",
"appstoreenabled": true,
"apps_paths": [
{
"path": "\/var\/www\/html\/nextcloud\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/nextcloud-data\/apps",
"url": "\/apps-custom",
"writable": true
}
],
"enable_previews": true,
"preview_max_x": 2048,
"preview_max_y": 2048,
"preview_max_scale_factor": 10,
"preview_max_filesize_image": 50,
"preview_libreoffice_path": "\/usr\/bin\/libreoffice",
"preview_office_cl_parameters": " --headless --nologo --nofirststartwizard --invisible --norestore --convert-to pdf --outdir ",
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown"
],
"ldapUserCleanupInterval": 51,
"sort_groups_by_name": true,
"comments.managerFactory": "\\OC\\Comments\\ManagerFactory",
"systemtags.managerFactory": "\\OC\\SystemTag\\ManagerFactory",
"maintenance": false,
"singleuser": true,
"enable_certificate_management": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"timeout": 0,
"password": "***REMOVED SENSITIVE VALUE***",
"dbindex": 0
},
"memcached_servers": [
[
"127.0.0.1",
11211
]
],
"memcached_options": {
"14": 50,
"15": 50,
"19": 50,
"20": 50,
"8": 50,
"-1001": true,
"16": true,
"18": true
},
"cache_path": "",
"cache_chunk_gc_ttl": 86400,
"sharing.managerFactory": "\\OC\\Share20\\ProviderFactory",
"sqlite.journal_mode": "DELETE",
"supportedDatabases": [
"sqlite",
"mysql",
"pgsql",
"oci"
],
"hashingCost": 10,
"blacklisted_files": [
".htaccess"
],
"share_folder": "\/",
"theme": "",
"cipher": "AES-256-CFB",
"minimum.supported.desktop.version": "1.7.0",
"quota_include_external_storage": false,
"filesystem_check_changes": 0,
"part_file_in_storage": true,
"mount_file": "\/var\/nextcloud-data\/data\/mount.json",
"filesystem_cache_readonly": false,
"secret": "***REMOVED SENSITIVE VALUE***",
"forwarded_for_headers": [
"HTTP_X_FORWARDED",
"HTTP_FORWARDED_FOR"
],
"max_filesize_animated_gifs_public_sharing": 10,
"filelocking.enabled": true,
"filelocking.ttl": 3600,
"memcache.locking": "\\OC\\Memcache\\Redis",
"upgrade.disable-web": false,
"debug": false,
"data-fingerprint": "",
"simpleSignUpLink.shown": false,
"updater.release.channel": "production",
"twofactor_enforced": "false",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": []
}
Are you using external storage, if yes which one: local/smb
Are you using encryption: false
Are you using an external user-backend, if yes which one:
Client configuration
Browser: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
Operating system: fedora-release-workstation-28-6
Logs
Browser log
Nextcloud log
{"reqId":"XGGg50aoQ5uE-m@6-p7-pQAAAAc","level":3,"time":"February 11, 2019 17:20:55","remoteAddr":"192.168.1.24","user":"--","app":"index","method":"GET","url":"\/nextcloud\/lostpassword\/reset\/form\/whlCJ2XS9GpJqFHlh5V72\/c.kowarzik","message":{"Exception":"TypeError","Message":"Argument 1 passed to OC\\Security\\Crypto::decrypt() must be of the type string, null given, called in \/var\/www\/html\/nextcloud\/core\/Controller\/LostController.php on line 184","Code":0,"Trace":[{"file":"\/var\/www\/html\/nextcloud\/core\/Controller\/LostController.php","line":184,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/nextcloud\/core\/Controller\/LostController.php","line":150,"function":"checkPasswordResetToken","class":"OC\\Core\\Controller\\LostController","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":166,"function":"resetform","class":"OC\\Core\\Controller\\LostController","type":"->","args":["*** sensitive parameter replaced ***","*** sensitive parameter replaced ***"]},{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php","line":99,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LostController"},"resetform"]},{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/App.php","line":118,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[{"__class__":"OC\\Core\\Controller\\LostController"},"resetform"]},{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php","line":47,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OC\\Core\\Controller\\LostController","resetform",{"__class__":"OC\\AppFramework\\DependencyInjection\\DIContainer"},{"token":"*** sensitive parameter replaced ***","userId":"*** sensitive parameter replaced ***","_route":"core.lost.resetform"}]},{"function":"__invoke","class":"OC\\AppFramework\\Routing\\RouteActionHandler","type":"->","args":[{"token":"*** sensitive parameter replaced ***","userId":"*** sensitive parameter replaced ***","_route":"core.lost.resetform"}]},{"file":"\/var\/www\/html\/nextcloud\/lib\/private\/Route\/Router.php","line":297,"function":"call_user_func","args":[{"__class__":"OC\\AppFramework\\Routing\\RouteActionHandler"},{"token":"*** sensitive parameter replaced ***","userId":"*** sensitive parameter replaced ***","_route":"core.lost.resetform"}]},{"file":"\/var\/www\/html\/nextcloud\/lib\/base.php","line":987,"function":"match","class":"OC\\Route\\Router","type":"->","args":["\/lostpassword\/reset\/form\/whlCJ2XS9GpJqFHlh5V72\/c.kowarzik"]},{"file":"\/var\/www\/html\/nextcloud\/index.php","line":42,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"\/var\/www\/html\/nextcloud\/lib\/private\/Security\/Crypto.php","Line":113,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko\/20100101 Firefox\/60.0","version":"15.0.4.0"}