-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hundreds of odd oc_authtoken entries for a user slow down performance #27603
Comments
It's actually getting exponentially worse with the number of tokens. |
Yes, definitely. I'd have to delete the tokens every two days. |
I suppose cronjobs are configured correctly and running? |
Yes, running every 5 minutes. But I think I have a new clue: I compared the "name" field of the oc_authtoken lines and the majority of the entries looks like this:
I do have nextcloudcmd running every 15 minutes on an ubuntu server. Could it be that these two devices are creating the multiple new entries? |
Yes, but I did it on purpose by connecting about 800 devices to the same account to see if that was a working option if creation of separate accounts was not possible. |
I can reproduce the problem with nextcloudcmd. Every time I run it a new token is added:
|
Do you use a password or app-token for authentication via nextcloudcmd? |
I use the "-n" switch which looks for the credentials (password) in .netrc |
Does the same happen if you use an app-token for authentication? |
Good idea. I cannot even log into the web UI with this token password. Tried it with different users and different NC servers. |
It should work like this: nextcloud/desktop#1779 (comment) |
Thanks, that's how I did it. :-) But I found the cause why it didn't work: bruteforcesettings kicked in. I had to whitelist the IP of my test computer. So, thanks, this is a good workaround for the problem which I still believe is a bug in NC 21. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Hi, I had the same problem. Hundreds of |
Usually by using an app password for caldav/carddav. |
Seems also be related to #19247 |
some times the cron.php script does not work well, especially if you have an old often upgraded installation. |
Hi everybody, are you sure that your cronjob is running well? |
Yep. That was my issue a while ago, too, but the cronjob is running. |
My cronjob is also working. How to figure it out?
|
Clicking Logging brings up a listing for a fraction of a second and displays a white area. |
@piiskop can you open your browser debugging bar (hit F12 and select the networkstack) before clicking on "Logging". |
i only see what resources are loaded - 108 resources within ! This tells me that the creators of Nextcloud have never put performance as a priority. And every now and then, a resource will be reloaded. |
This bug is pretty severe. The SQL-Updates produce so much load and Logs that you easily get into hundreds of gigabytes worth of Binlogs in just a few hours. We got lucky a few times and reacted seconds before the database dataset run out of space. I do not understand why this workaround #26502 (comment) has not been implemented upstream. It's been over 1 year. Needs to be fixed ASAP, before everybody updates to latest 24.04 (which seem to trigger this bug a lot more than versions before). |
Second that, @kartoffelheinz. The occurrence of the problem here coincides with the installation of the latest Nextcloud update (to 24.0.4). Need to "delete from oc_authtoken where ..." every couple of days to keep the problem in check (and I have only a handful of users). No cron-related messages in the log (https://mydomain/settings/admin/logging). |
24.0.5 now and I just re-applied the workaround and cleaned up authtoken table once again. 🙄 |
Upgrading to Nextcloud 24.0.5 improved it for me temporarily (number of rows in oc_authtoken went down from 609 to 83), but now a few days later it's back up to 224, so it's not fixed yet. |
24.0.5 has the fix to reactive the cleanup of the authtokens table, not the fix to avoid creating them in the first place. |
Though not fixed, 24.0.5 has made it a lot better for me. No need to clean up the oc_authtoken every other day anymore. |
Could we get a button "blast all existing entries to pieces and clean up all relevant tables" or at least an occ command doing so? Just in case... |
@noseshimself I vote +1 for the occ command. |
Hello everyone. Unfortunately, in the end we needed to switch to the community edition of OwnCloud, which is tremendously faster as far as WebDAV is concerned. I strongly encourage the Nextcloud team to work on this problem, which have been there for many major releases now, and it is still currently there on the 25.0.2 version. |
Confirmed present on 25.0.2, please re-open this issue (or #19247) |
I think this is partly also an issue with the desktop client when running nextcloudcmd so opening an issue in the respective repo would be highly appreciated. We have some logic in the server that will create a session token to be returned as a cookie value so that follow up requests of clients can reuse the auth token without the need for using basic auth in follow up requests. This is done by performing a cookie check by setting a cookie on the first request. If any follow up requests contains that cookie a session token will be generated. Now the nextcloudcmd seems to persist cookies but not across multiple calls so every call of nextcloudcmd will generate a new one. curl to reproduce:
From my perspective the client should now either use basic auth for all requests or persist the cookies across multiple calls. A way to avoid this is to not use the user password but generating an app password and using that for authentication. |
Yes, please do that here: https://github.com/nextcloud/desktop/issues/new?assignees=&labels=0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+. Thanks! |
Great way to manage an issue. |
Problem still occuring to some extent. Not as bad as before, but most definitely not solved. |
The PR that fixes this was merged but only into master which will be available with Nc26. @juliushaertl I suppose backporting is too much of a risk? |
Not back ported on purpose because it has some risk of breaking things. Also looking at it with my above debugging comment this might be something that can not be fixed on the server and the PR was actually not targeting the root cause. This should be fixed in the client implementation for the nextcloudcmd parts. Other clients may need to either reuse cookies or not persist cookies at all. |
Hello, The text was automatically translated from German to English. Greetings Translated with DeepL.com (free version) |
Just for the log. I've taken a look on my database table |
This is a summary of https://help.nextcloud.com/t/hundreds-of-odd-oc-authtoken-entries-slow-down-performance-for-a-user-bug-report/117742
Expected behaviour
1 oc_authtoken per user+device
$ curl -s -X PROPFIND "https://SERVER/remote.php/webdav/Handy/DCIM/Camera/IMG_2021-0602_202145.jpg" -u user2
→ 1-2 seconds
Actual behaviour
hundreds of oc_authtoken entries:
$ mysql mycloud -B -e "select count(*) from oc_authtoken where uid='andy'"
count(*)
167
$ curl -X PROPFIND "https://SERVER/remote.php/webdav/Handy/DCIM/Camera/IMG_20210602_223758.jpg" -u andy
→ between 12-17 seconds
After "DELETE * from oc_authtoken where uid=‘andy’"
the server responds quick again. The curl command needs less than a second.
But this was not a permanent solution. 157 new(!) entries were back the next day.
Here is just a short part of it:
Questions/Doubts
Server configuration
Operating system:
4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
Web server:
Apache 2.4.38-3+deb10u4
Database:
mysql Ver 15.1 Distrib 10.3.27-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
PHP version:
PHP version (eg, 7.4): 2:7.3+69
Nextcloud version: (see Nextcloud admin page)
21.0.2.1
Updated from an older Nextcloud/ownCloud or fresh install:
latest v20
Where did you install Nextcloud from:
with the internal NC updater
Signing status:
Signing status
List of activated apps:
App list
Nextcloud configuration:
Config report
Are you using external storage, if yes which one: local/smb/sftp/...
No
Are you using encryption: yes/no
No
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
No
Client configuration
irrelevant
Logs
Web server error log
Web server error log
Nextcloud log (data/nextcloud.log)
Nextcloud log
The output of your Nextcloud log in Admin > Logging:
Error PHP Module 'mbstring' already loaded at Unknown#0
(shows up every time when I call curl)
The text was updated successfully, but these errors were encountered: