REPRODUCIBILITY: easy
OS VERSION: 4.5.0.25
HARDWARE: Xperia 10II
UI LANGUAGE: English
REGRESSION: Don’t know
DESCRIPTION:
TLDR - After an account is unreachable it is marked as “not signed in” even if it starts working again and it is not possible to somehow prompt the system to recheck.
Recently I had a certificate issue with my nextcloud server which caused SFOS to fail to connect, after resolving the issue my account remains marked “not signed in” and I can’t make settings changes etc.
When checking on my nextcloud install I see that the device password is still actively used and after rebooting my phone I even got a nextcloud notification about updates showing that I am actually connected.
PRECONDITIONS:
Nextcloud account
STEPS TO REPRODUCE:
- Cause an SSL certificate error on your nextcloud server (expired, wrong CN)
- Wait for the SFOS nextcloud plugin to prompt you to login again
- Fix the certificate error.
EXPECTED RESULT:
After the account is later able to connect again it should be marked as active again and settings made available, if this can’t be done automatically some way to prompt nextcloud to retry with the password it currently has should be available (issueing and entering a new device password is a pain in the patoot).
ACTUAL RESULT:
Account remains marked as “not signed in”
MODIFICATIONS:
none
ADDITIONAL INFORMATION:
none
This is still the case in SFOS 4.6.0.11
This is still an issue, I have so far on purpose not updated my login token to follow this bug but I am starting some work on nextcloud calendar e-mail invites and may be forced to do this.
IMHO the best option to resolve this if some code to “undo” the marking can’t be done is to add a button to retry existing credentials.
Because I need to troubleshoot some other nextcloud related things I no longer had time to wait for Jolla to resolve this issue and “resolved” it by running the following query on accounts.db:
update `Settings` set `value` = 'false' where `key` = 'CredentialsNeedUpdate' and `account` = X;
Obviously this should happen without user intervention when an account is working (as it was in my case) and ideally speaking if that did not happen the page that is presented when the value is true should have a button to retry with the current credentials.
@vige sorry I keep tagging you but I don’t know who to tag in usually, I imagine @pvuorela and @rainemak may be relevant since Accounts are “mail adjacent”.
1 Like
I created an internal bug for this. Would need a bit digging and not sure how easily I could myself reproduce this.
3 Likes
As stated in the original post it started for me with a wrong/expired cert, the easiest way to simulate this without messing up your server is probably to adjust your device clock to the future so that your cert is “expired”
My nextcloud account is somehow more or less always in that state in the settings while it is “working” nevertheless (ex notifications). My certificate is issued by let’s encrypt. I guess it gets marked at some point when there is “no network” or a captive portal or whatever and never recovers.
Same is true for some of my mail accounts, btw.
I never understood how this is tolerated for ages and also think a “check again” button would be a relieve from re-entering credentials (especially for nextcloud, as app passwords should be used that are very cryptic and long and a pain to enter.)
Playing with the system clock will probably cause issues with TLS even before cert validation.
I’d set up a webserver with selfmade CA cert and then server cert, import the CA cert in the SFOS device ca store, verify everything works, and then generate a new, expired server cert on the test server.
I.e. what the OP report steps to reproduce describe.