[Bug]: Can't authenticate when Nextcloud want to confirm password

[Bevito]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Hi,
The present issue is similar to #49829 (wich is solved).
A lot of people still have issue with the input box that want to confirm your password.
On our Nextcloud instance, the issue is still present.

I'm very sorry If I broke some rules, about creating a new issue for some issues already reported.

If I can help to resolve the issue, please, let me know.

Best regards.

Steps to reproduce

1. Log in to Nextcloud with LDAP account
2. Go to personnal parameters
3. Input a new password in Global Credentials area
4. Save
5. Input your password to confirm

Expected behavior

When Nextcloud asked for password confirmation, the password seems to be wrong.
Nextcloud failed to check password even if your password is correctly input.
Nextcloud send an XHR post to apps/files_external/globalcredentials and Nextcloud report an HTTP error 403.

Nextcloud Server version

31

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated from a MINOR version (ex. 32.0.1 to 32.0.2)

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.2.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "ldapIgnoreNamingRules": false,
        "maxZipInputSize": 1073741824,
        "allowZipDownload": true,
        "theme": "",
        "overwrite.cli.url": "https:\/\/cloud.iut-orsay.fr",
        "htaccess.RewriteBase": "\/",
        "maintenance": false,
        "maintenance_window_start": 2,
        "default_language": "fr",
        "default_phone_region": "FR",
        "defaultapp": "files,dashboard",
        "log_type": "owncloud",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "loglevel": 0,
        "enable_previews": false,
        "trusted_domains": [
            "cloud.iut-orsay.fr"
        ],
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trashbin_retention_obligation": "auto",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "dbindex": 0,
            "timeout": 0
        },
        "onlyoffice": {
            "jwt_secret": "***REMOVED SENSITIVE VALUE***",
            "jwt_header": "AuthorizationJwt"
        },
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "ldapProviderFactory": "\\OCA\\User_LDAP\\LDAPProviderFactory",
        "ldapUserCleanupInterval": "60",
        "updater.release.channel": "stable",
        "mysql.utf8mb4": true,
        "mail_sendmailmode": "smtp",
        "app_install_overwrite": [
            "printer"
        ]
    }
}

List of activated Apps

Enabled:
  - activity: 4.0.0
  - admin_audit: 1.21.0
  - announcementcenter: 7.1.0
  - app_api: 5.0.2
  - bruteforcesettings: 4.0.0
  - circles: 31.0.0
  - cloud_federation_api: 1.14.0
  - comments: 1.21.0
  - contactsinteraction: 1.12.0
  - dashboard: 7.11.0
  - dav: 1.33.0
  - federatedfilesharing: 1.21.0
  - federation: 1.21.0
  - files: 2.3.1
  - files_downloadlimit: 4.0.0
  - files_external: 1.23.0
  - files_pdfviewer: 4.0.0
  - files_reminders: 1.4.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - firstrunwizard: 4.0.0
  - groupfolders: 19.0.4
  - lookup_server_connector: 1.19.0
  - nextcloud_announcements: 3.0.0
  - notifications: 4.0.0
  - oauth2: 1.19.1
  - onlyoffice: 9.7.0
  - password_policy: 3.0.0
  - photos: 4.0.0-dev.1
  - privacy: 3.0.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - recommendations: 4.0.0
  - related_resources: 2.0.0
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - sharebymail: 1.21.0
  - support: 3.0.0
  - survey_client: 3.0.0
  - suspicious_login: 9.0.1
  - systemtags: 1.21.1
  - tasks: 0.16.1
  - text: 5.0.0
  - theming: 2.6.1
  - twofactor_backupcodes: 1.20.0
  - twofactor_totp: 13.0.0-dev.0
  - updatenotification: 1.21.0
  - user_ldap: 1.22.0
  - user_status: 1.11.0
  - viewer: 4.0.0
  - weather_status: 1.11.0
  - webhook_listeners: 1.2.0
  - workflowengine: 2.13.0
Disabled:
  - drawio: 3.0.3 (installed 3.0.3)
  - encryption: 2.19.0
  - logreader: 4.0.0 (installed 2.14.0)
  - twofactor_nextcloud_notification: 5.0.0

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

No specific logs found in nextcloud.log

Additional info

I checked and double checked the password before confirming it :

The firefox console when submitting the password. The error seems to be normal.
For some reason, Nextcloud can't verify the password.
I can log in with my account, but I can't authenticate when changing global credentials password.

[skjnldsv]

Hey, thanks for the additional report :)
Can you describe your setup?
Do you have a reverse proxy? Are you using nginx or apache ?

[Bevito]

Hi @skjnldsv, Thanks for your answer.

Nextcloud is installed on a DELL PowerEdge physical server, with Debian Bookworm (12.10 at the moment).
We have Apache2 as a web server and php8.2-fpm for PHP.
There is no reverse proxy.
Nextcloud is configured with MariaDB, for the database, and LDAP (OpenLDAP) for users authentications.
Redis is installed and configured for memcache distributed and locking and memcache local is configured with APCu.

I don't know what Nextcloud is trying to do, when the input box want to confirm the password.
I guess, It does not do a connection like the login page ?
There is a lot of LDAP traffic, so It's kind of difficult to check what is going on.

If you need any others informations, please let me know.

[v3DJG6GL]

I have the same problem with OpenID Connect (https://github.com/pulsejet/nextcloud-oidc-login):
Previously, until about 30.0.4, the password popup also appeared from time to time when changing some admin settings. I could then log out and log in again, which made the password popup disappear for a while.
At the moment, when changing some External Storage settings, the password popup always appears, even if I have just logged in again.
Entering the password obviously fails because my OpenID Connect provider manages my passwords.

• Nextcloud: v31.0.2
• Nextcloud OIDC Login: v3.2.2
• Reverse Proxy: Traefik: v3.3.4
• OpenID Connect Provider: Authelia: v4.39.1

[skjnldsv]

Thanks for both of your answers.

@Bevito can you confirm you have apache's mod_env enabled ?
@v3DJG6GL you also use apache ?

[Bevito]

Yes. mod_env is enabled.
The command sudo a2enmod env report : Module env already enabled

[cmdrscotty]

I am also experiencing this issue (30.0.8) can no longer add or modify external storage because it keeps requiring me to reauthenticate for any admin changes (despite already being logged in as admin)

(Minor note, upgrade path to next cloud 31 only shows up as a nightly release and not a stable release via update manager)

[gregecslo]

I have nginx, reverse proxy and LDAP auth with MFA plugin.
Also not working.
Nextcloud 31.0.2

[drewzoo02]

Bug also present on 31.0.2 non-Docker setup with Apache, no proxy, and Active Directory for LDAP authentication.

Nextcloud version: 31.0.2 non-Docker
Web server: apache2
PHP version: 8.3.6
PHP extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, random, Reflection, SPL, session, standard, sodium, apache2handler, bz2, ldap, curl, fileinfo, gd, gmp, intl, mbstring, exif, zip, apcu, mysqlnd, PDO, xml, bcmath, calendar, ctype, dom, FFI, ftp, gettext, iconv, igbinary, imagick, msgpack, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, memcached, libsmbclient, Zend OPcache
Database: mysql 10.11.8
Apps: Activity, Antivirus for files, AppAPI, Collaborative tags, Comments, Contacts Interaction, Dashboard, External storage support, Federation, File reminders, File sharing, Files download limit, First run wizard, LDAP user and group backend, Log Reader, Memories, Monitoring, Nextcloud announcements, Nextcloud webhook support, Notifications, Password policy, PDF viewer, Photos, Preview Generator, Privacy, Recommendations, Related Resources, Share by mail, Support, Teams, Text, Two-Factor TOTP Provider, Update notification, Usage survey, User status, Weather status

[v3DJG6GL]

@v3DJG6GL you also use apache ?

No, I use NGINX.

[skjnldsv]

Seems like everyone here is using ldap though, no?

[cmdrscotty]

Seems like everyone here is using ldap though, no?

I'm not, just nextcloud's builtin user authentication system